Malicious
Malicious

77fd461671e836a6ff77f991cfcb394a

PE Executable
|
MD5: 77fd461671e836a6ff77f991cfcb394a
|
Size: 37.89 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
77fd461671e836a6ff77f991cfcb394a
Sha1
9f8b7682428bab8773e20d63a62ff2be03bc97ec
Sha256
41ca3c2c7a51d75336e053983d5174e50119ef1ea8b4d2ad3b73616b9e5fce11
Sha384
c9aca1fef4411dfba495177f26ca196718adff51f7af0b467c348afef118d5f32ccaac44a3b6412213449ac550a5e9ec
Sha512
c0c8fb79e00b7e0826231e768be9363628c1d6509c520eceb1986913f07b2662427d7dfb9f777edcd418d5501e462108334a3b44c74ecbabf24266a120778ae1
SSDeep
384:qGOIiu/jtD+P3V+y0bFwRktv7ms2cPmrAF+rMRTyN/0L+EcoinblneHQM3epzXkw:TXmV10bFwRktalcOrM+rMRa8NumPYt
TLSH
8D033A4D7FE18168D5FD067B05B2D01207BAE04B6E23DE1E8EE164AA37636C1CB50AF1

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
77fd461671e836a6ff77f991cfcb394a
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
packet_size [b]

5121
BD [BD]

True
directory [DR]

AllUsersProfile
executable_name [EXE]

system32.exe
cnc_host [HH]

194.5.65.9
is_dir_defined [Idr]

True
is_startup_folder [IsF]

True
is_user_reg [Isu]

True
NH [NH]

0
cnc_port [P]

8080
reg_key [RG]

93b51036d4337ec738b89226dca82525
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
sizk

20
victim_name [VN]

HacKed
version [VR]

im523
splitter [Y]

|'|'|
HD

True
anti [anti]

Exsample.exe
anti2 [anti2]

True
usb [usb]

True
usbx [usbx]

svchost.exe
task [task]

True
Informations
Name
 Value
Module Name

w.exe
Full Name

w.exe
EntryPoint

System.Void w.A::main()
Scope Name

w.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

w
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

338
Main Method

System.Void w.A::main()
Main IL Instruction Count

5
Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>
Module Name

w.exe
Full Name

w.exe
EntryPoint

System.Void w.A::main()
Scope Name

w.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

w
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

338
Main Method

System.Void w.A::main()
Main IL Instruction Count

5
Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>
Artefacts
Name
 Value
Port

8080
77fd461671e836a6ff77f991cfcb394a (37.89 KB)
File Structure
77fd461671e836a6ff77f991cfcb394a
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
Config. Field
 Value
packet_size [b]

5121
BD [BD]

True
directory [DR]

AllUsersProfile
executable_name [EXE]

system32.exe
cnc_host [HH]

194.5.65.9
is_dir_defined [Idr]

True
is_startup_folder [IsF]

True
is_user_reg [Isu]

True
NH [NH]

0
cnc_port [P]

8080
reg_key [RG]

93b51036d4337ec738b89226dca82525
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
sizk

20
victim_name [VN]

HacKed
version [VR]

im523
splitter [Y]

|'|'|
HD

True
anti [anti]

Exsample.exe
anti2 [anti2]

True
usb [usb]

True
usbx [usbx]

svchost.exe
task [task]

True
Artefacts
Name
 Value Location
Port

8080

Malicious

77fd461671e836a6ff77f991cfcb394a
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙