Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 8c38a9ee9d3c5de46aa4f4c4a05d0e50
|
| Sha1 | c43111ef957e8271473c7d638ebb699da57f3363
|
| Sha256 | 2a80ede2d1ea3f24df731423bc474a1a5d35ebae8d6ec90c9dc8fddca71ce0f6
|
| Sha384 | c955955d05c81514c74772fd403f51b8d4cfaa8a20b98a325f16e63fef86f25a60bc782838da427efa947370370e3253
|
| Sha512 | 7fbe0d7e82e9ac869b2ac724d9f057859b1bb0a5824e166f693a382e09abbeadbe7cb779570587c1227d7b98b6c5022cc47f04a273bc7c719a22fd4013864a53
|
| SSDeep | 1536:3CcGJZvnG6uXQQvaMOCcGJZvnG6uXQQvaM:SVLGH3VVLGH3
|
| TLSH | F683F88CB794E174D5FF8BF1B4A2B2890B70A057A902930F99F154D94BB3EC09611EE7
|
PeID
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | False |
| directory [DR] | TEMP |
| executable_name [EXE] | Install MullvadVPN.exe |
| cnc_host [H] | Ni50Y3मेuबीपीXUubmdyb2suaW8! |
| icn | #ic |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| RegistrySt | True |
| xDlol1 | Java update |
| Sleep | False |
| Sleep1 | 1 |
| reg_key [RG] | Windows Update |
| task [Task] | True |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| Hide | True |
| HP | True |
| SPR | false |
| victim_name [VN] | stepan |
| version [VR] | Njrat 0.7 Golden By Hassan Amiri |
| splitter [Y] | |Hassan| |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Overlay extracted: Overlay_ab860bd2.bin (44032 bytes) |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void Stub.OK.j.A::main() |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 436 |
| Main Method | System.Void Stub.OK.j.A::main() |
| Main IL Instruction Count | 20 |
| Main IL | ldc.i4.1 <null> stsfld System.Boolean Stub.OK.j.A::runx ldnull <null> ldftn System.Void Stub.OK.j.A::timx_run() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stsfld System.Threading.Thread Stub.OK.j.A::thx ldsfld System.Threading.Thread Stub.OK.j.A::thx callvirt System.Void System.Threading.Thread::Start() ldc.i4.1 <null> stsfld System.Boolean Stub.OK.j.A::runy ldnull <null> ldftn System.Void Stub.OK.j.A::timy_run() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stsfld System.Threading.Thread Stub.OK.j.A::thy ldsfld System.Threading.Thread Stub.OK.j.A::thy callvirt System.Void System.Threading.Thread::Start() call System.Void Stub.OK.j.OK::ko() ret <null> |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void Stub.OK.j.A::main() |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 436 |
| Main Method | System.Void Stub.OK.j.A::main() |
| Main IL Instruction Count | 20 |
| Main IL | ldc.i4.1 <null> stsfld System.Boolean Stub.OK.j.A::runx ldnull <null> ldftn System.Void Stub.OK.j.A::timx_run() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stsfld System.Threading.Thread Stub.OK.j.A::thx ldsfld System.Threading.Thread Stub.OK.j.A::thx callvirt System.Void System.Threading.Thread::Start() ldc.i4.1 <null> stsfld System.Boolean Stub.OK.j.A::runy ldnull <null> ldftn System.Void Stub.OK.j.A::timy_run() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stsfld System.Threading.Thread Stub.OK.j.A::thy ldsfld System.Threading.Thread Stub.OK.j.A::thy callvirt System.Void System.Threading.Thread::Start() call System.Void Stub.OK.j.OK::ko() ret <null> |
|
Name0 | Value |
|---|---|
| CnC | Ni50Y3मेuबीपीXUubmdyb2suaW8! |
| CnC | Ni50Y3मेuबीपीXUubmdyb2suaW8! |
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | False |
| directory [DR] | TEMP |
| executable_name [EXE] | Install MullvadVPN.exe |
| cnc_host [H] | Ni50Y3मेuबीपीXUubmdyb2suaW8! |
| icn | #ic |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| RegistrySt | True |
| xDlol1 | Java update |
| Sleep | False |
| Sleep1 | 1 |
| reg_key [RG] | Windows Update |
| task [Task] | True |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| Hide | True |
| HP | True |
| SPR | false |
| victim_name [VN] | stepan |
| version [VR] | Njrat 0.7 Golden By Hassan Amiri |
| splitter [Y] | |Hassan| |
|
Name0 | Value | Location |
|---|---|---|
| CnC | Ni50Y3मेuबीपीXUubmdyb2suaW8! Malicious |
8c38a9ee9d3c5de46aa4f4c4a05d0e50 |
| CnC | Ni50Y3मेuबीपीXUubmdyb2suaW8! Malicious |
8c38a9ee9d3c5de46aa4f4c4a05d0e50 > Overlay_ab860bd2.bin |