Malicious
Malicious

744e1221f6467d0b7e73a10f52e6cd6c

PE Executable
MD5: 744e1221f6467d0b7e73a10f52e6cd6c
Size: 37.89 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
Hash Value
MD5
744e1221f6467d0b7e73a10f52e6cd6c
Sha1
33e85ae9412fa870e5d6de31502e7d48c64ce224
Sha256
31c37ff61aa322192236c9672f09e3d97b6e6e09c5019077df7d0567d4c0b48b
Sha384
149b363a9157d2218222ecb1c12b587ea214fb99252ab1905767a59a7fc8e344b42d4b595d212d617875f443ad4f31c1
Sha512
704389db8c842344a21c4563f1154b57bf208466083b1fded330c4f53b7931fdb216e1e8dada0733729f8ac7aebf1047e77d7c96d2b6950b7bc69872b93a90de
SSDeep
384:6yTMUiDHblmJEpRGyEfBffXuKCYyEAnrAF+rMRTyN/0L+EcoinblneHQM3epzXGd:fTqHpR9EfBfWKClEOrM+rMRa8NuoXt
TLSH
0F03294D7FE18168C5FD057B05B2D41207BBE04B6E23D90E8EF564AA37636C18B94AF2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
Value
packet_size [b]

5121

BD [BD]

True

directory [DR]

AppData

executable_name [EXE]

saads.bat

cnc_host [HH]

5.tcp.eu.ngrok.io

is_dir_defined [Idr]

True

is_startup_folder [IsF]

True

is_user_reg [Isu]

True

NH [NH]

0

cnc_port [P]

19587

reg_key [RG]

d8c514f6c639c3b8951aabb752c3344a

reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run

sizk

20

victim_name [VN]

HacKed

version [VR]

im523

splitter [Y]

|'|'|

HD

True

anti [anti]

Exsample.exe

anti2 [anti2]

False

usb [usb]

True

usbx [usbx]

svchost.exe

task [task]

True

Informations
Name
Value
Info

PE Detect: PeReader OK (file layout)

Module Name

w.exe

Full Name

w.exe

EntryPoint

System.Void w.A::main()

Scope Name

w.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

w

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

338

Main Method

System.Void w.A::main()

Main IL Instruction Count

5

Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>

Module Name

w.exe

Full Name

w.exe

EntryPoint

System.Void w.A::main()

Scope Name

w.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

w

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

338

Main Method

System.Void w.A::main()

Main IL Instruction Count

5

Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>

Artefacts
Name
Value
Port

19587

744e1221f6467d0b7e73a10f52e6cd6c (37.89 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙