Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | d96e6eb0cfde1981cabfea7838519172
|
| Sha1 | f19283d31b395a749d8e68c3e74d7d3a7d67828a
|
| Sha256 | af80edf0536d9d83dbad66c0086edc3cb839c63617e8a629db8fa30fb682fa66
|
| Sha384 | 0e959516f5bc12016f8585041806f4ef983e4660efaa6c109c0e9f98e761fc19a54e8941231d73f1264b16a5d1f1dbe2
|
| Sha512 | 355ac5cdd6a6d05f275cf3f4529a9150857d423022f66baea6e585f8f06215a2bf0f7b64e972354818f305d09c6f1505fecc88ffb5b931cbe0c0a231d1c1e9bc
|
| SSDeep | 384:zZyCdElQ5GoyyBrlr0DiEuEe83H/zIIij+ZsNO3PlpJKkkjh/TzF7pWnQ/greT0k:9UmolyBr907NRuXQ/od/+L
|
| TLSH | 4C13D74CB694E174D5FF8BF1B4A2B2890B71A01BA806D30F99F154D94B73EC09A11EE7
|
PeID
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | AppData |
| executable_name [EXE] | Dllhost.exe |
| cnc_host [H] | विनीi50Y3मेuबीपीXUubmdyb2suaW8! |
| icn | #ic |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| RegistrySt | True |
| cnc_port [P] | 粹ताU3NjE= |
| xDlol1 | Java update |
| Sleep | False |
| Sleep1 | 1 |
| reg_key [RG] | Windows Update |
| task [Task] | False |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| Hide | False |
| HP | True |
| SPR | false |
| victim_name [VN] | HacKed |
| version [VR] | Njrat 0.7 Golden By Hassan Amiri |
| splitter [Y] | |Hassan| |
|
Name | Value |
|---|---|
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void Stub.OK.j.A::main() |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 436 |
| Main Method | System.Void Stub.OK.j.A::main() |
| Main IL Instruction Count | 20 |
| Main IL | ldc.i4.1 <null> stsfld System.Boolean Stub.OK.j.A::runx ldnull <null> ldftn System.Void Stub.OK.j.A::timx_run() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stsfld System.Threading.Thread Stub.OK.j.A::thx ldsfld System.Threading.Thread Stub.OK.j.A::thx callvirt System.Void System.Threading.Thread::Start() ldc.i4.1 <null> stsfld System.Boolean Stub.OK.j.A::runy ldnull <null> ldftn System.Void Stub.OK.j.A::timy_run() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stsfld System.Threading.Thread Stub.OK.j.A::thy ldsfld System.Threading.Thread Stub.OK.j.A::thy callvirt System.Void System.Threading.Thread::Start() call System.Void Stub.OK.j.OK::ko() ret <null> |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void Stub.OK.j.A::main() |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 436 |
| Main Method | System.Void Stub.OK.j.A::main() |
| Main IL Instruction Count | 20 |
| Main IL | ldc.i4.1 <null> stsfld System.Boolean Stub.OK.j.A::runx ldnull <null> ldftn System.Void Stub.OK.j.A::timx_run() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stsfld System.Threading.Thread Stub.OK.j.A::thx ldsfld System.Threading.Thread Stub.OK.j.A::thx callvirt System.Void System.Threading.Thread::Start() ldc.i4.1 <null> stsfld System.Boolean Stub.OK.j.A::runy ldnull <null> ldftn System.Void Stub.OK.j.A::timy_run() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stsfld System.Threading.Thread Stub.OK.j.A::thy ldsfld System.Threading.Thread Stub.OK.j.A::thy callvirt System.Void System.Threading.Thread::Start() call System.Void Stub.OK.j.OK::ko() ret <null> |
|
Name | Value |
|---|---|
| CnC | विनीi50Y3मेuबीपीXUubmdyb2suaW8! |
| Port | 粹ताU3NjE= |
| Embedded Resources | 1 |
| Suspicious Type Names (1-2 chars) | 2 |
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | AppData |
| executable_name [EXE] | Dllhost.exe |
| cnc_host [H] | विनीi50Y3मेuबीपीXUubmdyb2suaW8! |
| icn | #ic |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| RegistrySt | True |
| cnc_port [P] | 粹ताU3NjE= |
| xDlol1 | Java update |
| Sleep | False |
| Sleep1 | 1 |
| reg_key [RG] | Windows Update |
| task [Task] | False |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| Hide | False |
| HP | True |
| SPR | false |
| victim_name [VN] | HacKed |
| version [VR] | Njrat 0.7 Golden By Hassan Amiri |
| splitter [Y] | |Hassan| |
|
Name | Value | Location |
|---|---|---|
| CnC | विनीi50Y3मेuबीपीXUubmdyb2suaW8! Malicious |
d96e6eb0cfde1981cabfea7838519172 |
| Port | 粹ताU3NjE= Malicious |
d96e6eb0cfde1981cabfea7838519172 |
| Embedded Resources | 1 |
d96e6eb0cfde1981cabfea7838519172 |
| Suspicious Type Names (1-2 chars) | 2 |
d96e6eb0cfde1981cabfea7838519172 |