Malicious
Malicious

3c1c70d5248614028ca55df968bab141

PE Executable
|
MD5: 3c1c70d5248614028ca55df968bab141
|
Size: 32.26 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
3c1c70d5248614028ca55df968bab141
Sha1
a58040f835cf06da128d9832a84657cac5739954
Sha256
a2397f806d6dcb70772f436afd0a18c8cc83825de44541f99ed53f37563c12ce
Sha384
b12037ce8267167010d18a097172cc296a727e616ed12263890f754077af56bbfe2286c4d92b75edd42cafcaaa2f0ec4
Sha512
44adcdd0a19be9e147fd068efe082ef2299ffa8488e457bac4dbfec612b0acc79f3e411d760199ac8b82f9767ea9f59139ac2c91dba84cfc99d369ed8566abb8
SSDeep
768:LTBHIZBDTuzxZ+K18z/SpHvMIQmIDUu0tiShj:Rc6HhdQVkbj
TLSH
4FE22CADFBE64465D1BD0AB50571950053B4D103E523F77E4ECA24E62B3B2D84B88DF2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
3c1c70d5248614028ca55df968bab141
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
packet_size [b]

5121
BD [BD]

False
directory [DR]

TEMP
executable_name [EXE]

WindowsServices.exe
cnc_host [H]

center-kate.gl.at.ply.gg
is_dir_defined [Idr]

False
Anti_CH

False
is_startup_folder [IsF]

True
USB_SP

False
is_user_reg [Isu]

True
cnc_port [P]

42419
reg_key [RG]

9b19da24af550401e95e1846b5765a28
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
victim_name [VN]

version [VR]

0.7d
splitter [Y]

Y262SUCZ4UJJ
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void j.A::main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

241
Main Method

System.Void j.A::main()
Main IL Instruction Count

4
Main IL

nop <null> call System.Void j.OK::ko() nop <null> ret <null>
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void j.A::main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

241
Main Method

System.Void j.A::main()
Main IL Instruction Count

4
Main IL

nop <null> call System.Void j.OK::ko() nop <null> ret <null>
Artefacts
Name
 Value
CnC

center-kate.gl.at.ply.gg
Port

42419
3c1c70d5248614028ca55df968bab141 (32.26 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙