General
-
Target
Dota2Installer.exe
-
Size
93KB
-
MD5
30f2c1fd21d4ee475abcadd0fb38260f
-
SHA1
f847b0e9eb51dbbb251b93f962235c581bc90407
-
SHA256
a3ef7f9cb1ab58cb16014450864a5523fdf1235b04dfc9f5be60ce4ea8a0b62d
-
SHA512
bb83e01329a2fd544908fc9c808a5934af99b00d7eced1b8b29d3f861603d6bd94e5485371e5cc45b0e355ad377c4f0706e30f96ddac4ce8af37ee704b0b11fe
-
SSDEEP
1536:aUwC+xhUa9urgOBPRNvM4jEwzGi1dD7DIgS:aUmUa9urgObdGi1dzx
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
192.168.0.105:5552
11a56c07838afc2d332a2fe97b371deb
-
reg_key
11a56c07838afc2d332a2fe97b371deb
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Dota2Installer.exe
Files
-
Dota2Installer.exe.exe windows:4 windows x86 arch:x86
Password: 1228
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ