njrat | 218b126a4a156a49a4e08f964303e8126b57c569873f1fe860f10b6d42f5571c

General

Target

218b126a4a156a49a4e08f964303e8126b57c569873f1fe860f10b6d42f5571c
Size

10KB
MD5

875e7b37ce8fd4842dfe3fb7bbffaf16
SHA1

971e3a4a40b305b80c977b353584fbb0f3411d64
SHA256

218b126a4a156a49a4e08f964303e8126b57c569873f1fe860f10b6d42f5571c
SHA512

fbfb548a30a74bf69b1d7ec5b7b138044e0251e92d292a4a200f205a62bc63d0913b24fb9a0cb0ac9293992e906f0083389572200fa7b433311182c36716d6a0
SSDEEP

192:rs0bTk/vLi6ePGJ7CPEgo99QY4HZU3D30om4K+JtuwAZrO/m3xCEJVbp5zy:rs0XQi6qG5CPv3HZYb0omqJtuwIT34Eu

Score

10^/10

nyan cat njrat

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

auyametemplanza.duckdns.org:5050

Mutex

3cd2047d5b454de

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d5287df696839eaff465b707962ff9ca0b5235a4890dc19465e3e4afde84013e.exe

218b126a4a156a49a4e08f964303e8126b57c569873f1fe860f10b6d42f5571c
.zip

Password: infected
d5287df696839eaff465b707962ff9ca0b5235a4890dc19465e3e4afde84013e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ