Malicious
Malicious

7ef877cd98ca0f11c728042f09b564e0

PE Executable
|
MD5: 7ef877cd98ca0f11c728042f09b564e0
|
Size: 24.06 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
7ef877cd98ca0f11c728042f09b564e0
Sha1
6ff8299b2b81d4bd88b942570d587ed4b30c5202
Sha256
5cb2794b1b0b05831190d770aac19c32d33599365ddf2a0f3ff50ed2ecc22a6b
Sha384
b75798ea238d741c4c0e8d2b2d2a188bc2e5f9e37b9fb303e2527400a18453fb0e8933bd5d815ef5e7a60ed0f43218a9
Sha512
2147a6e0f5e768ef9263b42442b95f1a6e0af2c66ca48ee79fc73bbe050df9d7ca374580fcb787e1ae5e2a5ddd5bdfa1934d9b009dd2130b2ac8449e8b8132b1
SSDeep
384:dzm4pW/bJUQ74TO8GS2CY1r46JgfCciYdimRvR6JZlbw8hqIusZzZP3U:fMd4Bt2iRpcnuok
TLSH
8BB2290E3FA88856D5BC177486A59A1003B591870413FE2F8DC550CBAFB3AD92D4CEF9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
7ef877cd98ca0f11c728042f09b564e0
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
victim_name [VN]

GHAWY HACKER EGYPT NjRat 0.7D v.2
version [VR]

0.7d
executable_name [EXE]

server.exe
directory [DR]

TEMP
reg_key [RG]

2aa040fc7be30eb0bba46fde4a1a5560
cnc_host [H]

programming-variation.gl.at.ply.gg
cnc_port [P]

1177
splitter [Y]

|'|'|
BD [BD]

False
is_dir_defined [Idr]

False
is_startup_folder [IsF]

False
is_user_reg [Isu]

True
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
packet_size [b]

5121
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Artefacts
Name
 Value
CnC

programming-variation.gl.at.ply.gg
Port

1177
7ef877cd98ca0f11c728042f09b564e0 (24.06 KB)
File Structure
7ef877cd98ca0f11c728042f09b564e0
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
Config. Field
 Value
victim_name [VN]

GHAWY HACKER EGYPT NjRat 0.7D v.2
version [VR]

0.7d
executable_name [EXE]

server.exe
directory [DR]

TEMP
reg_key [RG]

2aa040fc7be30eb0bba46fde4a1a5560
cnc_host [H]

programming-variation.gl.at.ply.gg
cnc_port [P]

1177
splitter [Y]

|'|'|
BD [BD]

False
is_dir_defined [Idr]

False
is_startup_folder [IsF]

False
is_user_reg [Isu]

True
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
packet_size [b]

5121
Artefacts
Name
 Value Location
CnC

programming-variation.gl.at.ply.gg

Malicious

7ef877cd98ca0f11c728042f09b564e0
Port

1177

Malicious

7ef877cd98ca0f11c728042f09b564e0
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙