ScreenShot
Created | 2024.10.17 14:47 | Machine | s1_win7_x6403 |
Filename | nojeira.exe | ||
Type | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : mailcious | ||
VT API (file) | 62 detected (FamVT, binANHb, Windows, Njrat, TRFH5, BackdoorNJRat, Bladabindi, Unsafe, Save, malicious, Ratenjay, FIGN, Disfa, dtznyx, CLASSIC, Gen7, DownLoader23, BLADABI, Real Protect, moderate, score, DotNet, Autoit, Detected, ai score=86, A@566ygc, Eldorado, Zbot, ZemsilF, bmW@ai, AvsMofer, confidence, 100%) | ||
md5 | 47713554f0dcd00ab2c69ca3fea53d3c | ||
sha256 | dec6422bc9ccb3162c6dd992478fa6f0407c742a4bc1fa1215676d419f1c01df | ||
ssdeep | 384:wslUlEvOEJ8xWwYJOMiOBZEdO1567gtwi5Hhb0mRvR6JZlbw8hqIusZzZ19d:peEvwIlL/RpcnuS | ||
imphash | f34d5f2d4577ed6d9ceec516c1f5a744 | ||
impfuzzy | 3:rGsLdAIEK:tf |
Network IP location
Signature (4cnts)
Level | Description |
---|---|
danger | File has been identified by 62 AntiVirus engines on VirusTotal as malicious |
danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
notice | Connects to a Dynamic DNS Domain |
info | Command line console output was observed |
Rules (4cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Win_Backdoor_njRAT_Zero | Win Backdoor njRAT | binaries (upload) |
info | Is_DotNET_EXE | (no description) | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
mscoree.dll
0x402000 _CorExeMain
EAT(Export Address Table) is none
mscoree.dll
0x402000 _CorExeMain
EAT(Export Address Table) is none