Malicious
Malicious

a1ddfd2f904651fa9ba5dc86e1609383

PE Executable
MD5: a1ddfd2f904651fa9ba5dc86e1609383
Size: 37.89 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
Hash Value
MD5
a1ddfd2f904651fa9ba5dc86e1609383
Sha1
a082d9a52424f4e7411b7d3abf025de06f0a9121
Sha256
905904c9eba8a60eb560d1d48c62be917ce9c64072a2727cbd6340e438db1cb0
Sha384
ae3bec190087273a59a42e2b65e78e14b0b1dd35d71da1833fd985abe15dea2b4af3ee63a16e2251c3b9875f612935c7
Sha512
eb2a0ef90bce4c6eda854eb2623d19d3364e503887e114d8f81efa4d79fb5ec56a18afc7d26361e4cd31f3d9d24e2706c967b8ff63a2902146c26f7385d7e66d
SSDeep
384:taDvkit2Zf5W9cTYXyc/lPM20zHFmnPushrAF+rMRTyN/0L+EcoinblneHQM3epM:8DqjjTYic/lkEPusrM+rMRa8NuSpt
TLSH
BC032A4D7FE18168C5FD0A7B05B2D41207BAE04B6E23D90E8EF5649A37636C58F50AF2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
Value
packet_size [b]

5121

BD [BD]

False

directory [DR]

TEMP

executable_name [EXE]

server.exe

cnc_host [HH]

155.117.183.181

is_dir_defined [Idr]

False

is_startup_folder [IsF]

False

is_user_reg [Isu]

False

NH [NH]

0

cnc_port [P]

2017

reg_key [RG]

7f17b610b84646a812ffba5fa871e451

reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run

sizk

20

victim_name [VN]

HacKed

version [VR]

im523

splitter [Y]

|'|'|

HD

False

anti [anti]

Exsample.exe

anti2 [anti2]

False

usb [usb]

False

usbx [usbx]

svchost.exe

task [task]

False

Informations
Name
Value
Info

PE Detect: PeReader OK (file layout)

Module Name

w.exe

Full Name

w.exe

EntryPoint

System.Void w.A::main()

Scope Name

w.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

w

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

338

Main Method

System.Void w.A::main()

Main IL Instruction Count

5

Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>

Module Name

w.exe

Full Name

w.exe

EntryPoint

System.Void w.A::main()

Scope Name

w.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

w

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

338

Main Method

System.Void w.A::main()

Main IL Instruction Count

5

Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>

Artefacts
Name
Value
Port

2017

a1ddfd2f904651fa9ba5dc86e1609383 (37.89 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙