njrat | 988ce0178c3ce8586d0784bb5c0fbccf394a01bc06743d578ef42e20c661ed51

General

Target

988ce0178c3ce8586d0784bb5c0fbccf394a01bc06743d578ef42e20c661ed51
Size

10KB
MD5

8cf7e20b2e29561aea3b2251d84f3a87
SHA1

19a702d8b3251f10e1640b43f9a808bc9f8b0648
SHA256

988ce0178c3ce8586d0784bb5c0fbccf394a01bc06743d578ef42e20c661ed51
SHA512

b9202bad198c9b94559d7fe6f8838f9c47ddb976993816b6cab5e07d2a2077330bcad9c8a745c42e043b0c04c6614743e9987816729e4e9f322b70d3762293ad
SSDEEP

192:/909kJ1BSV40mYXZlUSnt2g9rRq0n6d/J+u6kwWSERN9Cnr9WKgs:V09S1BSV498Tntpdq0n676kLSXBWKD

Score

10^/10

nyan cat njrat

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

serverupdated.duckdns.org:5552

Mutex

60f905afa1e84682bb

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4ce97d20fdf83c2fac60b6660a08aaaab2f0e793fe9958cb2ab2c789e13c7a60.exe

988ce0178c3ce8586d0784bb5c0fbccf394a01bc06743d578ef42e20c661ed51
.zip

Password: infected
4ce97d20fdf83c2fac60b6660a08aaaab2f0e793fe9958cb2ab2c789e13c7a60.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ