njrat | 49e2aa806c7546405443911340835b1002f5c65876a24231aa37899a16fd8337

General

Target

49e2aa806c7546405443911340835b1002f5c65876a24231aa37899a16fd8337
Size

10KB
MD5

1a8d5e1824450d1d012290530e5e4d07
SHA1

5309b49a8aca57f7a36e46f6b4e42476de75ac2f
SHA256

49e2aa806c7546405443911340835b1002f5c65876a24231aa37899a16fd8337
SHA512

e4e0ccc6315eb4cdc76c82d8c4a60fab54804f2b98677e591cb31efe19f732ca4e1a1a24f3b763623dd5e70f2be90815c3f0943a4ea8b724566cf7ed53881914
SSDEEP

192:S5qb0fzMHrMCV2llHemV8s3PbSjbSz6tIR6r7O1iEe7cLv2oG91tORxPMi6y+Soa:vb078IcAFV8iab1tIR0Ua7cLv2oLUbDa

Score

10^/10

nyan cat njrat

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

patria.duckdns.org:1995

Mutex

37dec69be2ab4e078

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d19a335a5b9e85775b76a691e2dbbdd4c85c2cc20e848a63575fbdcc18c17827.exe

49e2aa806c7546405443911340835b1002f5c65876a24231aa37899a16fd8337
.zip

Password: infected
d19a335a5b9e85775b76a691e2dbbdd4c85c2cc20e848a63575fbdcc18c17827.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ