njrat | Realtek HDDDDD[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Realtek HDDDDD.exe
Size

164KB
MD5

61ffdaa39e10b2b3d2f0ad15eb41ec62
SHA1

bee77fd92a2af2b6add682c3d09c45f78809d086
SHA256

ae5d50aa9740e55dcf2da5c0f301788f2a676217d92b32c08f598d22150a568f
SHA512

3f12d585efde54a896baa33f662067e5b12e1051289edb8b00186f65cefeeb551eda0c40b9c62c641733e3a07a5de22dae87d70f2b4fef1d7edd80f3a67b51ca
SSDEEP

3072:kibw/CRmP0nv6s3+wVkedMm8jxFIuE7XLSbHbYjcDSym2:kigs3+w1nyIt/STbpD

Score

10^/10

njrat

Malware Config

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Realtek HDDDDD.exe

Files

Realtek HDDDDD.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ