Malicious
Malicious

PE Executable
MD5: 77fd461671e836a6ff77f991cfcb394a
Size: 37.89 KB
application/x-dosexec
Infection Chain
Infection chain Ctrl + scroll to zoom · drag to pan
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
Hash Value
MD5
77fd461671e836a6ff77f991cfcb394a
Sha1
9f8b7682428bab8773e20d63a62ff2be03bc97ec
Sha256
41ca3c2c7a51d75336e053983d5174e50119ef1ea8b4d2ad3b73616b9e5fce11
Sha384
c9aca1fef4411dfba495177f26ca196718adff51f7af0b467c348afef118d5f32ccaac44a3b6412213449ac550a5e9ec
Sha512
c0c8fb79e00b7e0826231e768be9363628c1d6509c520eceb1986913f07b2662427d7dfb9f777edcd418d5501e462108334a3b44c74ecbabf24266a120778ae1
SSDeep
384:qGOIiu/jtD+P3V+y0bFwRktv7ms2cPmrAF+rMRTyN/0L+EcoinblneHQM3epzXkw:TXmV10bFwRktalcOrM+rMRa8NumPYt
TLSH
8D033A4D7FE18168D5FD067B05B2D01207BAE04B6E23DE1E8EE164AA37636C1CB50AF1

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
Value
packet_size [b]
5huhuhuhu
BD [BD]
Thuhuhuhu
directory [DR]
AllUshuhuhuhuhuhuhu
executable_name [EXE]
systhuhuhuhu
cnc_host [HH]
194huhuhuhu
is_dir_defined [Idr]
Thuhuhuhu
is_startup_folder [IsF]
Thuhuhuhu
is_user_reg [Isu]
Thuhuhuhu
NH [NH]
0huhuhuhu
cnc_port [P]
8huhuhuhu
reg_key [RG]
93b510huhuhuhuhuhuhuhuhuhuhu
reg_path [sf]
Softwahuhuhuhuhuhuhuhuhuhuhu
sizk
2huhuhuhu
victim_name [VN]
Hahuhuhuhu
version [VR]
ihuhuhuhu
splitter [Y]
|huhuhuhu
HD
Thuhuhuhu
anti [anti]
Exsahuhuhuhu
anti2 [anti2]
Thuhuhuhu
usb [usb]
Thuhuhuhu
usbx [usbx]
svchuhuhuhu
task [task]
Thuhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Informations
Name
Value
Module Name

w.exe

Full Name

w.exe

EntryPoint

System.Void w.A::main()

Scope Name

w.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

w

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

338

Main Method

System.Void w.A::main()

Main IL Instruction Count

5

Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>

Module Name

w.exe

Full Name

w.exe

EntryPoint

System.Void w.A::main()

Scope Name

w.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

w

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

338

Main Method

System.Void w.A::main()

Main IL Instruction Count

5

Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>

Artefacts
Name
Value
Port
8huhuhuhu
Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
77fd461671e836a6ff77f991cfcb394a (37.89 KB)
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
Config. Field
Value
packet_size [b]
5huhuhuhu
BD [BD]
Thuhuhuhu
directory [DR]
AllUshuhuhuhuhuhuhu
executable_name [EXE]
systhuhuhuhu
cnc_host [HH]
194huhuhuhu
is_dir_defined [Idr]
Thuhuhuhu
is_startup_folder [IsF]
Thuhuhuhu
is_user_reg [Isu]
Thuhuhuhu
NH [NH]
0huhuhuhu
cnc_port [P]
8huhuhuhu
reg_key [RG]
93b510huhuhuhuhuhuhuhuhuhuhu
reg_path [sf]
Softwahuhuhuhuhuhuhuhuhuhuhu
sizk
2huhuhuhu
victim_name [VN]
Hahuhuhuhu
version [VR]
ihuhuhuhu
splitter [Y]
|huhuhuhu
HD
Thuhuhuhu
anti [anti]
Exsahuhuhuhu
anti2 [anti2]
Thuhuhuhu
usb [usb]
Thuhuhuhu
usbx [usbx]
svchuhuhuhu
task [task]
Thuhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Artefacts
Name
Value Location
Port
8huhuhuhu
Malicious

77fd461671e836a6ff77f991cfcb394a

Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙