88d3792263b23fb5ed2430f5e4b4dea3
PE Executable | MD5: 88d3792263b23fb5ed2430f5e4b4dea3 | Size: 55.81 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 88d3792263b23fb5ed2430f5e4b4dea3
|
| Sha1 | 6cd30acc38b9805cef40319df89aca7b4a49ebdf
|
| Sha256 | 1cf006fa584b222653b8a12bfee6c73a46e6aa38e6d14574cd503873e26f1d28
|
| Sha384 | 9c5ee345e387ca3f7eced6bbdc2b4640076fa00475e5c9c4d50e2cb08f81bcc1cb5167cede2d3bb64b85e1937412089c
|
| Sha512 | 0390ac5582c5e6ac52272a7f618c7088b816b1ae72eaab69a0297934290312573c01fd47f99825e010b801fd51ac038df4bd0b88734b182859a11fb23c99f37f
|
| SSDeep | 1536:AJPCGsDnQwNgkpAAuF2DGwsNMDZXExI3pm2m:MsDnAuo2DGwsNMDZXExI3pm
|
| TLSH | 51432844BFEA5A01E2BD8F3468F645150A34BA63F532EB1E48D668DB17327C58C40FE6
|
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | False |
| directory [DR] | TEMP |
| executable_name [EXE] | dllhost.exe |
| cnc_host [H] | 167.62.27.10 |
| is_dir_defined [Idr] | False |
| Anti_CH | False |
| is_startup_folder [IsF] | False |
| USB_SP | False |
| is_user_reg [Isu] | True |
| cnc_port [P] | 2005 |
| reg_key [RG] | cf98119ac4268af5028c8ddcbb8719cf |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| victim_name [VN] | |
| version [VR] | <- NjRAT 0.7d Horror Edition -> |
| splitter [Y] | Y262SUCZ4UJJ |
| MSGE | Disabled |
| MSGT | COCOs |
| MSGB | hola, has ponido +10 fps a tu compu |
| MSGSYM | vbInformation |
| OBITO | Disabled |
| TSKE | Disabled |
| TSK | Wireshark.exe |
| KAKASHI | Disabled |
| AKATSUKI | Disabled |
| CLEANSWEEP | Disabled |
| PASTEE | Disabled |
| PASTEBIN | https://pastebin.com/raw/??? |
| CLIP | null |
| UAC | Disabled |
| nowifi | off |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 539 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 2 |
| Main IL | call System.Void j.OK::ko() ret <null> |
|
Name0 | Value |
|---|---|
| CnC | 167.62.27.10 |
| Port | 2005 |
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | False |
| directory [DR] | TEMP |
| executable_name [EXE] | dllhost.exe |
| cnc_host [H] | 167.62.27.10 |
| is_dir_defined [Idr] | False |
| Anti_CH | False |
| is_startup_folder [IsF] | False |
| USB_SP | False |
| is_user_reg [Isu] | True |
| cnc_port [P] | 2005 |
| reg_key [RG] | cf98119ac4268af5028c8ddcbb8719cf |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| victim_name [VN] | |
| version [VR] | <- NjRAT 0.7d Horror Edition -> |
| splitter [Y] | Y262SUCZ4UJJ |
| MSGE | Disabled |
| MSGT | COCOs |
| MSGB | hola, has ponido +10 fps a tu compu |
| MSGSYM | vbInformation |
| OBITO | Disabled |
| TSKE | Disabled |
| TSK | Wireshark.exe |
| KAKASHI | Disabled |
| AKATSUKI | Disabled |
| CLEANSWEEP | Disabled |
| PASTEE | Disabled |
| PASTEBIN | https://pastebin.com/raw/??? |
| CLIP | null |
| UAC | Disabled |
| nowifi | off |
|
Name0 | Value | Location |
|---|---|---|
| CnC | 167.62.27.10 Malicious |
88d3792263b23fb5ed2430f5e4b4dea3 |
| Port | 2005 Malicious |
88d3792263b23fb5ed2430f5e4b4dea3 |