dbc402e92f2e0d4253a05da795c7d189
PE Executable | MD5: dbc402e92f2e0d4253a05da795c7d189 | Size: 44.03 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | dbc402e92f2e0d4253a05da795c7d189
|
| Sha1 | fbec36e84f0e1875e9e9088b96a360b31af6e8d9
|
| Sha256 | 7a77a20ba754541141b20e39f88bbbba4b57af757c6906db5f1d8bb62126f262
|
| Sha384 | 8b7232ce8c1967faf004f6d7946783e860a2aeb4752cf603e0983f328985b3c0ded7132f6a26ce3bd80d5793dbd50ca2
|
| Sha512 | c454fd7536686713fb3034a7b9b54d1d32a2585b06af531140ff2ff69d12df4b6111c7388f0dc531f7b7b04c6af3ee6bcff67085ba610041b7285e595e45a2c9
|
| SSDeep | 384:dZyQCFIB+oyiFN7cWMEHavIuZzQIij+ZsNO3PlpJKkkjh/TzF7pWnXugreT0pqf7:Xi+Ilir7zOHuXQ/oKa+L
|
| TLSH | BE13C68CB694E174D5FF8BF1F4A2B2890B71A027A806930F99F154D94B73EC09611EE7
|
PeID
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | WinDir |
| executable_name [EXE] | svchost.exe |
| cnc_host [H] | विनी蒂Q3LjE4NS4yविनीjEuविनीzE! |
| icn | #ic |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| RegistrySt | True |
| cnc_port [P] | 粹jIz粹g== |
| xDlol1 | Java update |
| Sleep | False |
| Sleep1 | 1 |
| reg_key [RG] | Windows Update |
| task [Task] | True |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| Hide | True |
| HP | True |
| SPR | false |
| victim_name [VN] | System |
| version [VR] | Njrat 0.7 Golden By Hassan Amiri |
| splitter [Y] | |Hassan| |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void Stub.OK.j.A::main() |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 436 |
| Main Method | System.Void Stub.OK.j.A::main() |
| Main IL Instruction Count | 20 |
| Main IL | ldc.i4.1 <null> stsfld System.Boolean Stub.OK.j.A::runx ldnull <null> ldftn System.Void Stub.OK.j.A::timx_run() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stsfld System.Threading.Thread Stub.OK.j.A::thx ldsfld System.Threading.Thread Stub.OK.j.A::thx callvirt System.Void System.Threading.Thread::Start() ldc.i4.1 <null> stsfld System.Boolean Stub.OK.j.A::runy ldnull <null> ldftn System.Void Stub.OK.j.A::timy_run() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stsfld System.Threading.Thread Stub.OK.j.A::thy ldsfld System.Threading.Thread Stub.OK.j.A::thy callvirt System.Void System.Threading.Thread::Start() call System.Void Stub.OK.j.OK::ko() ret <null> |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void Stub.OK.j.A::main() |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 436 |
| Main Method | System.Void Stub.OK.j.A::main() |
| Main IL Instruction Count | 20 |
| Main IL | ldc.i4.1 <null> stsfld System.Boolean Stub.OK.j.A::runx ldnull <null> ldftn System.Void Stub.OK.j.A::timx_run() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stsfld System.Threading.Thread Stub.OK.j.A::thx ldsfld System.Threading.Thread Stub.OK.j.A::thx callvirt System.Void System.Threading.Thread::Start() ldc.i4.1 <null> stsfld System.Boolean Stub.OK.j.A::runy ldnull <null> ldftn System.Void Stub.OK.j.A::timy_run() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stsfld System.Threading.Thread Stub.OK.j.A::thy ldsfld System.Threading.Thread Stub.OK.j.A::thy callvirt System.Void System.Threading.Thread::Start() call System.Void Stub.OK.j.OK::ko() ret <null> |
|
Name0 | Value |
|---|---|
| CnC | विनी蒂Q3LjE4NS4yविनीjEuविनीzE! |
| Port | 粹jIz粹g== |
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | WinDir |
| executable_name [EXE] | svchost.exe |
| cnc_host [H] | विनी蒂Q3LjE4NS4yविनीjEuविनीzE! |
| icn | #ic |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| RegistrySt | True |
| cnc_port [P] | 粹jIz粹g== |
| xDlol1 | Java update |
| Sleep | False |
| Sleep1 | 1 |
| reg_key [RG] | Windows Update |
| task [Task] | True |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| Hide | True |
| HP | True |
| SPR | false |
| victim_name [VN] | System |
| version [VR] | Njrat 0.7 Golden By Hassan Amiri |
| splitter [Y] | |Hassan| |
|
Name0 | Value | Location |
|---|---|---|
| CnC | विनी蒂Q3LjE4NS4yविनीjEuविनीzE! Malicious |
dbc402e92f2e0d4253a05da795c7d189 |
| Port | 粹jIz粹g== Malicious |
dbc402e92f2e0d4253a05da795c7d189 |