Malicious
Malicious

b8d8eb38b833ef2f195838e5cb7dc569

PE Executable
|
MD5: b8d8eb38b833ef2f195838e5cb7dc569
|
Size: 189.44 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
b8d8eb38b833ef2f195838e5cb7dc569
Sha1
9c15ff14ec7eb6db69541cae91387060c2f383a7
Sha256
89e0de31f607dee0870ca12d4b460b46877dfb9f6118db546d7e77a789d18b46
Sha384
a5281a5793ff49da05f8dd9070977077df36128103385811d61d61d9ecd8146371361372bbd0f32a7ae8adda8d400126
Sha512
43f5f8d695976bc1fd811c9150855d615224c8d1d07590db8ddb9a821f1488dfe83d1d2d10fddf28e36f60e170efbdef3e90b4f8a3cce516f6a677ff76c317e0
SSDeep
3072:UO8I0d2weZYahlWZrYxxaHCFGGmH+lpJ:vZhurk9LmH+lp
TLSH
FD0491350AE1849FCF451B3CF9D1733891BC97E1E862EAC4BE756895EE26E482CC1D84

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b8d8eb38b833ef2f195838e5cb7dc569
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0032
ID:0
RT_GROUP_CURSOR4
ID:0032
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
victim_name [VN]

HacKed
version [VR]

0.7d
executable_name [EXE]

discord.exe
directory [DR]

TEMP
reg_key [RG]

1bb44d8b1f98a12eb9a115464a294bfd
cnc_host [H]

utils.myvnc.com
cnc_port [P]

5552
splitter [Y]

|'|'|
BD [BD]

True
is_dir_defined [Idr]

True
is_startup_folder [IsF]

True
is_user_reg [Isu]

True
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
packet_size [b]

5121
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Artefacts
Name
 Value
CnC

utils.myvnc.com
Port

5552
b8d8eb38b833ef2f195838e5cb7dc569 (189.44 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙