njrat | 78aced5d1f00fa1279ebb269461d011a5d0efce236e62cd8a30815283854c417

General

Target

78aced5d1f00fa1279ebb269461d011a5d0efce236e62cd8a30815283854c417
Size

111KB
MD5

f870b1b77406171abdccc5ce3c839a4e
SHA1

256d573874f9af5cff8a7a17453fd7753f02d7f2
SHA256

78aced5d1f00fa1279ebb269461d011a5d0efce236e62cd8a30815283854c417
SHA512

58c113b57334d7f2fef9a561e76e365828457c6f40ce8a3b5697dbd618e2d2c7d9b5632ea18025d5109420b7f2cd7c8cb18b7d42cb84eda096a41b5388ed863f
SSDEEP

3072:YMk3BtyMRymN9XtzTfrqP4IOipmYO7JSSUo56aS:YzBtxyY9PcT3eSSUoUaS

Score

10^/10

njrat

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/45d7bce22cce33ea4504c160818d2dfac9c22637d13ec3a9be8d712d0b90ea0e.exe	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/45d7bce22cce33ea4504c160818d2dfac9c22637d13ec3a9be8d712d0b90ea0e.exe

78aced5d1f00fa1279ebb269461d011a5d0efce236e62cd8a30815283854c417
.zip

Password: infected
45d7bce22cce33ea4504c160818d2dfac9c22637d13ec3a9be8d712d0b90ea0e.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ