Malicious
Malicious

5e9c21e3a5540f54fe5da69948859089

PE Executable
|
MD5: 5e9c21e3a5540f54fe5da69948859089
|
Size: 32.26 KB
|
application/x-dosexec

Print
General
Structural Analysis
Config.1
Yara Rules39
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
5e9c21e3a5540f54fe5da69948859089
Sha1
4febd2c340bc6b6b572e48c2c57846ddbe88c59e
Sha256
85054678344fc1788233d45cb5e882d8442191481107f2114bb73eda1ce6257d
Sha384
054496ec386a0aff018ba088006ab1869cf344e5f1ed81ac4cac1700e982f85d2f3bb1b6cb4781476b94faa124a380fe
Sha512
a1fb795194dc78dbcf78090ffd093cec335589d38b2e7d27465f533896f23bec9f32db1cf7a908b46d1856b4df4f8ad69451283f251b6322b0129b69483838f6
SSDeep
768:8XbEHBZhjzOzx5+RuuLVu5637A9ihinv4dQmIDUu0tiGgj:HD6Yu+A9ih68QVkmj
TLSH
34E22CADFBEA4466D1BC1AB50571950013B4D103E523FB7E4ECB24A62B6B3D84B84DF2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
5e9c21e3a5540f54fe5da69948859089
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
packet_size [b]

5121
BD [BD]

False
directory [DR]

TEMP
executable_name [EXE]

WindowsServices.exe
cnc_host [H]

8scom.link
is_dir_defined [Idr]

False
Anti_CH

False
is_startup_folder [IsF]

True
USB_SP

True
is_user_reg [Isu]

True
cnc_port [P]

443
reg_key [RG]

9540f0fe1cd2f635023b5036b8c36ebd
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
victim_name [VN]

version [VR]

0.7d
splitter [Y]

Y262SUCZ4UJJ
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void j.A::main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

241
Main Method

System.Void j.A::main()
Main IL Instruction Count

4
Main IL

nop <null> call System.Void j.OK::ko() nop <null> ret <null>
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void j.A::main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

241
Main Method

System.Void j.A::main()
Main IL Instruction Count

4
Main IL

nop <null> call System.Void j.OK::ko() nop <null> ret <null>
Artefacts
Name
 Value
CnC

8scom.link
Port

443
5e9c21e3a5540f54fe5da69948859089 (32.26 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙