njrat | d77d3e0052129839fa43bf004a6e584e33b827bc74a62f9e395ceeeb3a7d1adb

General

Target

d77d3e0052129839fa43bf004a6e584e33b827bc74a62f9e395ceeeb3a7d1adb
Size

10KB
MD5

c741fdb51c679d5491fcbc0f0e06312d
SHA1

f30ac942ad77e5b051a6c74f332caf2cfb106e53
SHA256

d77d3e0052129839fa43bf004a6e584e33b827bc74a62f9e395ceeeb3a7d1adb
SHA512

2183537ee5aa0a9e7f46fb2b052dc980c0f90e0488856e2410acdcdaa8039100fcec967a377a8b45f4b3b9d7f5b169c80ea5f85d59f7520199eb5aa9a21caf71
SSDEEP

192:QJNbISlmEm9TMJm2sFjNVLjH84+cV4Mu46ignljd6XiAFXgbmt6QRyTAB4nfeBwC:Q3ISsIsRLjH8eV4MuJlj8Xrgqt92AB4C

Score

10^/10

nyan cat njrat

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

adminplusnj.duckdns.org:5552

Mutex

f43862e4b8394

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/679f08f99ce0e4c2b29e8fab194b74bb1073212279a8839786bcd037d286b1ba.exe

d77d3e0052129839fa43bf004a6e584e33b827bc74a62f9e395ceeeb3a7d1adb
.zip

Password: infected
679f08f99ce0e4c2b29e8fab194b74bb1073212279a8839786bcd037d286b1ba.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ