Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 7ef877cd98ca0f11c728042f09b564e0
|
| Sha1 | 6ff8299b2b81d4bd88b942570d587ed4b30c5202
|
| Sha256 | 5cb2794b1b0b05831190d770aac19c32d33599365ddf2a0f3ff50ed2ecc22a6b
|
| Sha384 | b75798ea238d741c4c0e8d2b2d2a188bc2e5f9e37b9fb303e2527400a18453fb0e8933bd5d815ef5e7a60ed0f43218a9
|
| Sha512 | 2147a6e0f5e768ef9263b42442b95f1a6e0af2c66ca48ee79fc73bbe050df9d7ca374580fcb787e1ae5e2a5ddd5bdfa1934d9b009dd2130b2ac8449e8b8132b1
|
| SSDeep | 384:dzm4pW/bJUQ74TO8GS2CY1r46JgfCciYdimRvR6JZlbw8hqIusZzZP3U:fMd4Bt2iRpcnuok
|
| TLSH | 8BB2290E3FA88856D5BC177486A59A1003B591870413FE2F8DC550CBAFB3AD92D4CEF9
|
PeID
|
Config. Field0 | Value |
|---|---|
| victim_name [VN] | GHAWY HACKER EGYPT NjRat 0.7D v.2 |
| version [VR] | 0.7d |
| executable_name [EXE] | server.exe |
| directory [DR] | TEMP |
| reg_key [RG] | 2aa040fc7be30eb0bba46fde4a1a5560 |
| cnc_host [H] | programming-variation.gl.at.ply.gg |
| cnc_port [P] | 1177 |
| splitter [Y] | |'|'| |
| BD [BD] | False |
| is_dir_defined [Idr] | False |
| is_startup_folder [IsF] | False |
| is_user_reg [Isu] | True |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| packet_size [b] | 5121 |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | j.exe |
| Full Name | j.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | j.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | j |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 214 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 2 |
| Main IL | call System.Void j.OK::ko() ret <null> |
| Module Name | j.exe |
| Full Name | j.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | j.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | j |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 214 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 2 |
| Main IL | call System.Void j.OK::ko() ret <null> |
|
Name0 | Value |
|---|---|
| CnC | programming-variation.gl.at.ply.gg |
| Port | 1177 |
|
Config. Field0 | Value |
|---|---|
| victim_name [VN] | GHAWY HACKER EGYPT NjRat 0.7D v.2 |
| version [VR] | 0.7d |
| executable_name [EXE] | server.exe |
| directory [DR] | TEMP |
| reg_key [RG] | 2aa040fc7be30eb0bba46fde4a1a5560 |
| cnc_host [H] | programming-variation.gl.at.ply.gg |
| cnc_port [P] | 1177 |
| splitter [Y] | |'|'| |
| BD [BD] | False |
| is_dir_defined [Idr] | False |
| is_startup_folder [IsF] | False |
| is_user_reg [Isu] | True |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| packet_size [b] | 5121 |
|
Name0 | Value | Location |
|---|---|---|
| CnC | programming-variation.gl.at.ply.gg Malicious |
7ef877cd98ca0f11c728042f09b564e0 |
| Port | 1177 Malicious |
7ef877cd98ca0f11c728042f09b564e0 |