njrat | 01fd2b700583f357de669ec7f301d6efe271c21d71353aa2d7d57870f91c1a41

General

Target

01fd2b700583f357de669ec7f301d6efe271c21d71353aa2d7d57870f91c1a41
Size

10KB
MD5

46ff9f14e16aef7b08d16c33ad2e38dd
SHA1

8d0183ffb2b8f6507031bd989c9334c23c0b9e5f
SHA256

01fd2b700583f357de669ec7f301d6efe271c21d71353aa2d7d57870f91c1a41
SHA512

7a574258e4b640e22e958e12f24388b27984746ebd10abe1d51a44fa28d001e5440d3d6fb9a82c9c97a1aae66a5cb882f4678ab21b7fb40890494ace7f57585f
SSDEEP

192:6GfF0JUcSnTTNxCBcNb4rwij4vawHUdp73upTR9:RF0UcuHAcOj4SwKV3yTR9

Score

10^/10

nyan cat njrat

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

serverupdated.duckdns.org:5552

Mutex

60f905afa1e84682bb

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/4ce97d20fdf83c2fac60b6660a08aaaab2f0e793fe9958cb2ab2c789e13c7a60.exe

01fd2b700583f357de669ec7f301d6efe271c21d71353aa2d7d57870f91c1a41
.zip

Password: infected
4ce97d20fdf83c2fac60b6660a08aaaab2f0e793fe9958cb2ab2c789e13c7a60.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ