Malicious
Malicious

4d02f58b443e52a399c6513345738069

PE Executable
|
MD5: 4d02f58b443e52a399c6513345738069
|
Size: 37.89 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
4d02f58b443e52a399c6513345738069
Sha1
797ce8441550097a804783dfd0998e1708f66d30
Sha256
e71d93f19a3e41004e671b5e107177d6fd0f9a83b6b4791ce4b1853bd6620da3
Sha384
8d673c60c7a1cace68eb50af6e6eee4982e98f507dd47a2dc96840f1e5ec79d12261ad535988a9359a2addb4df06ab23
Sha512
a2b7fa41ef4023ea3a4fec7a9718810f32ec25c8895b429819e7926a02552d232ca8e530adbfac1e9f4fbb39f3b58eb770bf45f33616299c5ef8308b21b955a6
SSDeep
384:WzC4UiDzblmJEpRGyEfVL/7uOCY6oNDrAF+rMRTyN/0L+EcoinblneHQM3epzXVi:SCiHpR9EfVL6OCFoZrM+rMRa8Nu/Wt
TLSH
A603194D7FE18168C5FD167B05B2D41207BBE04B6E23D90ECEE564AA37636C18B50AF2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
4d02f58b443e52a399c6513345738069
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
packet_size [b]

5121
BD [BD]

False
directory [DR]

TEMP
executable_name [EXE]

svchost.exe
cnc_host [HH]

mhzlhhhh378-43006.portmap.host
is_dir_defined [Idr]

True
is_startup_folder [IsF]

False
is_user_reg [Isu]

False
NH [NH]

0
cnc_port [P]

43006
reg_key [RG]

bb289b6c00ce79a3180b1b4a0ba9c943
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
sizk

20
victim_name [VN]

HacKed
version [VR]

im523
splitter [Y]

|'|'|
HD

False
anti [anti]

Exsample.exe
anti2 [anti2]

False
usb [usb]

False
usbx [usbx]

svchost.exe
task [task]

False
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

w.exe
Full Name

w.exe
EntryPoint

System.Void w.A::main()
Scope Name

w.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

w
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

338
Main Method

System.Void w.A::main()
Main IL Instruction Count

5
Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>
Module Name

w.exe
Full Name

w.exe
EntryPoint

System.Void w.A::main()
Scope Name

w.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

w
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

338
Main Method

System.Void w.A::main()
Main IL Instruction Count

5
Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>
Artefacts
Name
 Value
Port

43006
4d02f58b443e52a399c6513345738069 (37.89 KB)
File Structure
4d02f58b443e52a399c6513345738069
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
Config. Field
 Value
packet_size [b]

5121
BD [BD]

False
directory [DR]

TEMP
executable_name [EXE]

svchost.exe
cnc_host [HH]

mhzlhhhh378-43006.portmap.host
is_dir_defined [Idr]

True
is_startup_folder [IsF]

False
is_user_reg [Isu]

False
NH [NH]

0
cnc_port [P]

43006
reg_key [RG]

bb289b6c00ce79a3180b1b4a0ba9c943
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
sizk

20
victim_name [VN]

HacKed
version [VR]

im523
splitter [Y]

|'|'|
HD

False
anti [anti]

Exsample.exe
anti2 [anti2]

False
usb [usb]

False
usbx [usbx]

svchost.exe
task [task]

False
Artefacts
Name
 Value Location
Port

43006

Malicious

4d02f58b443e52a399c6513345738069
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙