General
-
Target
Server.exe
-
Size
106KB
-
MD5
d6addec5309d5ef7b3b4c608faab36b0
-
SHA1
ad4d767e0d1eea218a59d6515c4d19b126c51833
-
SHA256
9dd756e66c8eb04d57ed5b16b724b046a011094b1f24a91d1e102513241045f8
-
SHA512
c370365de5eb1165fb2262f5b78c71bfdc54ba9fbdc4af5c1bb7f28a7b6f807511a1e7e3f9c42dee131d86744dcc326308825984bd4eda8605159bd227476704
-
SSDEEP
1536:/0S+NhCmuhYwvXFmvM/n0Q1vOyHP1aed/y4ksv:/02muhR8OlvAed/nk
Malware Config
Extracted
njrat
0.7d
HacKed
NS50Y3AuZXUubmdyb2suaW8Strik:MTM3MjA=
d8d5c9fbb89e48110d8c10886319d083
-
reg_key
d8d5c9fbb89e48110d8c10886319d083
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Server.exe
Files
-
Server.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 105KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ