Malicious
Malicious

95a210601ceec350c4e0c11b05964d8b

PE Executable
|
MD5: 95a210601ceec350c4e0c11b05964d8b
|
Size: 24.06 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
95a210601ceec350c4e0c11b05964d8b
Sha1
0b752f9c8c37d40e30e6311a87372e6379b111df
Sha256
d34e5303fc26aa9717e1cf74af1be51b527eea796e066a7c049866e9126b4172
Sha384
59d7b6c2a8c81a8f879abd38addfae9fc06ec12a76ddaa677dc063f8f21c106d835bc93ee912559684680dc90c961a46
Sha512
0d78fe982138e1718ad23e4a4511d087d638b5875e17c22ab9625d986c7ffa4d752217b55e50203ca38b4f08329db33d7475fa35bb19d5413b71de9f3b815551
SSDeep
384:WluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZxe:ZOmhtIiRpcnu/
TLSH
9EB2094E3FA98866C5AC17748AB5965003B091470423EF2FCCC554CBAFB3BD92D48AF9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
95a210601ceec350c4e0c11b05964d8b
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
victim_name [VN]

version [VR]

0.7d
executable_name [EXE]

centrum.exe
directory [DR]

TEMP
reg_key [RG]

4872ee0bc84bc6fd4768f0ac6291fde0
cnc_host [H]

ronymahmoud.casacam.net
cnc_port [P]

1177
splitter [Y]

|'|'|
BD [BD]

True
is_dir_defined [Idr]

True
is_startup_folder [IsF]

True
is_user_reg [Isu]

True
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
packet_size [b]

5121
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Artefacts
Name
 Value
CnC

ronymahmoud.casacam.net
Port

1177
95a210601ceec350c4e0c11b05964d8b (24.06 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙