Malicious
Classifications
Keylogger Backdoor
Threat Names
njRAT njRAT.07NyanCat Mal/Generic-S
Dynamic Analysis Report
Created on 2022-08-05T09:25:07+00:00
f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x004933EE |
Size Of Code | 0x00091400 |
Size Of Initialized Data | 0x000BC600 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2022-08-02 12:27 (UTC+2) |
Version Information (8)
»
FileDescription | Google webmaster |
FileVersion | 1.0.0.0 |
InternalName | Google webmaster.exe |
LegalCopyright | Copyright © 2022 |
OriginalFilename | Google webmaster.exe |
ProductName | Google webmaster |
ProductVersion | 1.0.0.0 |
Assembly Version | 1.0.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x000913F4 | 0x00091400 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.47 |
.reloc | 0x00494000 | 0x0000000C | 0x00000200 | 0x00091600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
.rsrc | 0x00496000 | 0x0002B198 | 0x0002B200 | 0x00091800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.68 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x000933BC | 0x000915BC | 0x00000000 |
Memory Dumps (8)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4.exe | 1 | 0x00400000 | 0x004C1FFF | Relevant Image | 32-bit | - |
...
|
||
buffer | 1 | 0x047D0000 | 0x047D7FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 1 | 0x066CC000 | 0x066CFFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x0654A000 | 0x0654FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x042CE000 | 0x042CFFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x00197000 | 0x0019FFFF | First Network Behavior | 32-bit | - |
...
|
||
f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4.exe | 1 | 0x00400000 | 0x004C1FFF | First Network Behavior | 32-bit | - |
...
|
||
f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4.exe | 1 | 0x00400000 | 0x004C1FFF | Final Dump | 32-bit | - |
...
|
e2a3bd0ad84baab2d23dfbfcf8e2b6bcbf4853d9b79aa29fa778b5a523960303 | Extracted File | Image |
Clean
|
...
|
»