njrat | windows[.]exe | Triage

Sharing

General

Target

windows.exe
Size

28KB
MD5

edc4f10a5e164db64bf79eca207f2749
SHA1

d08eb761a5446a4409a72f3af3fb8dd60eec7c92
SHA256

ce6421107031175f39e61d3bcc5a98d1d94190e250034e27cdbebbadcba084a4
SHA512

e974a32096cc58c1a78c7aa8714b8b8b7a202859905a28d5ce61fd9a563382a7577825e8c9ee612d7ba708f3efef01a43d07df03e7c1e3e52d0cb32240d5d15d
SSDEEP

384:uPmtY72YtcV2/5rAiqxXshlgNsukXx/6KcPK7EJJzATLlr0LE2K1+jSbiQZIo3LE:o772w1I8hCNszXkEIJtATxr0L8rbdE

Score

10^/10

njrat

Malware Config

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
windows.exe

Files

windows.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ