njrat | e02e5802bacccd459b9891b49146b4c24703da9397d49a16ada35c329651252bN[.]exe | Triage

Sharing

General

Target

e02e5802bacccd459b9891b49146b4c24703da9397d49a16ada35c329651252bN.exe
Size

9.2MB
MD5

b6abda2d4b24cef28f9c2b62731fcfd0
SHA1

fdf3ae0bec83c2ec7d4e2883fc770e553b782a3d
SHA256

e02e5802bacccd459b9891b49146b4c24703da9397d49a16ada35c329651252b
SHA512

7e0f0835f7ce0d5fddfcd785ece05aff91f87fd6b95fce1b73c3464102af644a8e500338f5f1e75c648ee2b666089ab19350932a990f3cb9b2009bbcbfd721c2
SSDEEP

196608:z6/u1LqqyReuuQt8k9BAXbdV9qWLk/YrNcONQl4Ik+B8I4GA81G+LNaK:z6/58EBOXQ/YrN+l4IY5G19a

Score

10^/10

themida pyinstaller njrat

Malware Config

Signatures

Njrat family
njrat

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Detects Pyinstaller 1 IoCs

resource	yara_rule
sample	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e02e5802bacccd459b9891b49146b4c24703da9397d49a16ada35c329651252bN.exe

Files

e02e5802bacccd459b9891b49146b4c24703da9397d49a16ada35c329651252bN.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Puuty.py.pyc