njrat | 195178bb15e929734b4200b1c1be918259598e6ed623a08b1f850a715cf01dba

General

Target

195178bb15e929734b4200b1c1be918259598e6ed623a08b1f850a715cf01dba
Size

10KB
MD5

bbc8e70aa60dfe20679bc9b477dc5e68
SHA1

df930f285fb06b4b1d71f4c0efa204062462087e
SHA256

195178bb15e929734b4200b1c1be918259598e6ed623a08b1f850a715cf01dba
SHA512

5f6b22bb27e02945974914226f81f5d4b83324bb9b423b3c7dd70636233d5dc639b0b2ceee173f79bf717b5f3a5f1736e05198e8ac24d5a5d014038b6e1f98a1
SSDEEP

192:ChAVy6Wq1f8AKxz1sw6gT3B3q6jBrTqiPnXB9lh7gbZg/TnrrtyNkNE:C+/WSleSgT3B66jwiPnRHh7gbZ0rc7

Score

10^/10

nyan cat njrat

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

firmes777.duckdns.org:5555

Mutex

05bf636f114e4542a

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/928fa2abb515bdef1c998054997b1d16b4030dfeee4640b3bd2508e43bea06a5.exe

195178bb15e929734b4200b1c1be918259598e6ed623a08b1f850a715cf01dba
.zip

Password: infected
928fa2abb515bdef1c998054997b1d16b4030dfeee4640b3bd2508e43bea06a5.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ