Malicious
Malicious

PE Executable
MD5: 3315f37af72ee9ecf9107199ceadb7eb
Size: 448.51 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
Hash Value
MD5
3315f37af72ee9ecf9107199ceadb7eb
Sha1
fc8991060917b64fb0ed95e955870a9d8efc2515
Sha256
36f6c3ba39bba88fbb949f9ac6956016bca8301fecc846ebe8f798639e1d8bf6
Sha384
62f0d984bcd4639d44fd6517b7d0a9f7de5e73d267b09b9b97de5be5e76ff36b59e84edc9942f1cf56b385e905cdd717
Sha512
82b5001afb72fd710f641e1f6224af59c31eaf692c4ee0451c10c85f4e60a469e28e19b76ab528252034ee5268e9ead4fb0622775d2fd4c202ea6c5ab8d4e7a7
SSDeep
3072:pBYojwv+yJzGzdSYvALuFxBaJ0NhSTTIAak+E4WDlrC:XYof3z8YvfFxBaJq4TPDWWDd
TLSH
8594E4B0BE93C76DF4380D3FF05689041AE6AC5F1B129146E680FE1D3AE36F58A4469D

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
Value
packet_size [b]
5huhuhuhu
BD [BD]
Thuhuhuhu
directory [DR]
Aphuhuhuhu
executable_name [EXE]
SERhuhuhuhu
cnc_host [HH]
192.huhuhuhuhuhuhu
is_dir_defined [Idr]
Thuhuhuhu
is_startup_folder [IsF]
Thuhuhuhu
is_user_reg [Isu]
Thuhuhuhu
NH [NH]
0huhuhuhu
cnc_port [P]
4huhuhuhu
reg_key [RG]
494e01huhuhuhuhuhuhuhuhuhuhu
reg_path [sf]
Softwahuhuhuhuhuhuhuhuhuhuhu
sizk
2huhuhuhu
victim_name [VN]
achuhuhuhu
version [VR]
ihuhuhuhu
splitter [Y]
|huhuhuhu
HD
Thuhuhuhu
anti [anti]
Exsahuhuhuhu
anti2 [anti2]
Fhuhuhuhu
usb [usb]
Fhuhuhuhu
usbx [usbx]
svchuhuhuhu
task [task]
Thuhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Informations
Name
Value
Info

PE Detect: PeReader OK (file layout)

Module Name

w.exe

Full Name

w.exe

EntryPoint

System.Void w.A::main()

Scope Name

w.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

w

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

338

Main Method

System.Void w.A::main()

Main IL Instruction Count

5

Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>

Module Name

w.exe

Full Name

w.exe

EntryPoint

System.Void w.A::main()

Scope Name

w.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

w

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

338

Main Method

System.Void w.A::main()

Main IL Instruction Count

5

Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>

Artefacts
Name
Value
Port
4huhuhuhu
Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
3315f37af72ee9ecf9107199ceadb7eb (448.51 KB)
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
Config. Field
Value
packet_size [b]
5huhuhuhu
BD [BD]
Thuhuhuhu
directory [DR]
Aphuhuhuhu
executable_name [EXE]
SERhuhuhuhu
cnc_host [HH]
192.huhuhuhuhuhuhu
is_dir_defined [Idr]
Thuhuhuhu
is_startup_folder [IsF]
Thuhuhuhu
is_user_reg [Isu]
Thuhuhuhu
NH [NH]
0huhuhuhu
cnc_port [P]
4huhuhuhu
reg_key [RG]
494e01huhuhuhuhuhuhuhuhuhuhu
reg_path [sf]
Softwahuhuhuhuhuhuhuhuhuhuhu
sizk
2huhuhuhu
victim_name [VN]
achuhuhuhu
version [VR]
ihuhuhuhu
splitter [Y]
|huhuhuhu
HD
Thuhuhuhu
anti [anti]
Exsahuhuhuhu
anti2 [anti2]
Fhuhuhuhu
usb [usb]
Fhuhuhuhu
usbx [usbx]
svchuhuhuhu
task [task]
Thuhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Artefacts
Name
Value Location
Port
4huhuhuhu
Malicious

3315f37af72ee9ecf9107199ceadb7eb

Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙