njrat | fbef397f7b9e59defe5c9dda20598ea1e61c50b515c067f16fb353765beb8516[.]zip

General

Target

fbef397f7b9e59defe5c9dda20598ea1e61c50b515c067f16fb353765beb8516.zip
Size

11.7MB
MD5

8ec7644b9f1cd06aa2d9bd7a3ea77c6c
SHA1

db159b46543b044cb018a75d31e3852883b0ae0e
SHA256

b6c6fb881fb37b9f3b55a0471cb844ad2001ceb8ddd82aebf24074309ccd795d
SHA512

81766dfb9360783d373df8c2e73f148f3e44fa06035033f314da455f2c4c693d1ac0b98374aa5a63df6c9be29260abeb9b3393e922f27f34dd5194f556e273f9
SSDEEP

196608:DsgzutpVodmsy17g2fujIRuDO0baickpbRYzmBx8nV/83GJrs6glYwLADc5Oz+n:OqWh2sRuD1GcpUG6rs6RDc5Oz+n

Score

10^/10

njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fbef397f7b9e59defe5c9dda20598ea1e61c50b515c067f16fb353765beb8516

fbef397f7b9e59defe5c9dda20598ea1e61c50b515c067f16fb353765beb8516.zip
.zip

Password: infected
fbef397f7b9e59defe5c9dda20598ea1e61c50b515c067f16fb353765beb8516
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20.6MB - Virtual size: 20.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ