njrat | 882c93ae598405b86eb8e8029613030dd50fc88f80984e0a43304851c1689755

General

Target

882c93ae598405b86eb8e8029613030dd50fc88f80984e0a43304851c1689755
Size

10KB
MD5

aafc2b17c34a1e7ccaa04f5800c1cc98
SHA1

b63605628fe3a3473de814fc188524c370674535
SHA256

882c93ae598405b86eb8e8029613030dd50fc88f80984e0a43304851c1689755
SHA512

20b995191f3de7d5f9398cb0cc74a11a1a4592776579bb9b10992ae00a212ba10e0778212bdac2002777edf8b34740d0af023cf0ced36717c607b3bdb9044d62
SSDEEP

192:KkKgxIEIJz4XwD4FwZB/RoApDCl6q5VqdsWzEPeQ:KREcMg9B5oApul5VqXIeQ

Score

10^/10

nyan cat njrat

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

promesasalvaro1.duckdns.org:5553

Mutex

b18c5b4032c046e

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/323b929dfecc1ad83c951e2ade801749abeebca666e77ec11672930a6e44d4d6.exe

882c93ae598405b86eb8e8029613030dd50fc88f80984e0a43304851c1689755
.zip

Password: infected
323b929dfecc1ad83c951e2ade801749abeebca666e77ec11672930a6e44d4d6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ