njrat | 318f70d2ef39fcef335df05ed5854d4609a87886febd91f67a49df1c10e00603

General

Target

318f70d2ef39fcef335df05ed5854d4609a87886febd91f67a49df1c10e00603
Size

10KB
MD5

21a47cea51214c6798817bf01cc9b570
SHA1

c9557cb13cd87edcb101163f360ec7d802e8b85e
SHA256

318f70d2ef39fcef335df05ed5854d4609a87886febd91f67a49df1c10e00603
SHA512

a852ce8c2087ce9162d92d101d35a113cac7fdcb6d8740839f671c8d9ad325faf370f6328a5a733f44256a171e76b10244ac89f25f379d31132ddc8001a818f9
SSDEEP

192:30Zwbr/bZEpvicWfDc7zMmi0LaNhqPYnsa6ftK0M9qWxJHihLMdy4BBXO:30CuRiXfuXuNh8wsaMU0w2ipBBe

Score

10^/10

nyan cat njrat

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

patria.duckdns.org:1994

Mutex

2b32c2286ad5

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7acbd9fd416ccbb96bb636e615ea26548107b37deb2c99d39a77165764fe4850.exe

318f70d2ef39fcef335df05ed5854d4609a87886febd91f67a49df1c10e00603
.zip

Password: infected
7acbd9fd416ccbb96bb636e615ea26548107b37deb2c99d39a77165764fe4850.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ