Behavioral task
behavioral1
Sample
35d4264774c89f07b6014992729dc645.exe
Resource
win7-20231215-en
General
-
Target
35d4264774c89f07b6014992729dc645
-
Size
18KB
-
MD5
35d4264774c89f07b6014992729dc645
-
SHA1
b8038a42765f9687b2cc8d292b5483b524757c8f
-
SHA256
ab6d0ee3bcfd4acbe64e0674eb224dff267ff52b5457fd8392674e86963925d3
-
SHA512
5e23129c3c9431dcbf9805138bb5e5e828f545887016d0499b3a9d75edb587cb8b09506b2755f5450f088e8fd4b3873b4356e6d0dbf93545a4f9cb723c802136
-
SSDEEP
384:mzIIQ2aGQ1urOcffv4gZxMNyTbFeaF2U:Us2TOm395lFP
Malware Config
Extracted
njrat
anony.linkpc.nrt:4040
system
-
reg_key
system
-
splitter
|S400|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 35d4264774c89f07b6014992729dc645
Files
-
35d4264774c89f07b6014992729dc645.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ