Try VMRay Platform
Malicious
Classifications

Keylogger Backdoor

Threat Names

njRAT njRAT.07NyanCat Mal/Generic-S

Dynamic Analysis Report

Created on 2022-08-05T09:25:07+00:00

f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 754.50 KB
MD5 1f85c12fcd3232c577e5e8cc07fbf1e1 Copy to Clipboard
SHA1 3741755f8a11638209821a3cd7c01104acac184d Copy to Clipboard
SHA256 f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4 Copy to Clipboard
SSDeep 12288:WqShIfQIKMR4LClwugCEzE3qA2nv1gfckf:4hIYIKMCigCEzE312nKck Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x004933EE
Size Of Code 0x00091400
Size Of Initialized Data 0x000BC600
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2022-08-02 12:27 (UTC+2)
Version Information (8)
»
FileDescription Google webmaster
FileVersion 1.0.0.0
InternalName Google webmaster.exe
LegalCopyright Copyright © 2022
OriginalFilename Google webmaster.exe
ProductName Google webmaster
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x000913F4 0x00091400 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.47
.reloc 0x00494000 0x0000000C 0x00000200 0x00091600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
.rsrc 0x00496000 0x0002B198 0x0002B200 0x00091800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.68
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x000933BC 0x000915BC 0x00000000
Memory Dumps (8)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4.exe 1 0x00400000 0x004C1FFF Relevant Image False 32-bit - False
...
buffer 1 0x047D0000 0x047D7FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x066CC000 0x066CFFFF First Network Behavior False 32-bit - False
...
buffer 1 0x0654A000 0x0654FFFF First Network Behavior False 32-bit - False
...
buffer 1 0x042CE000 0x042CFFFF First Network Behavior False 32-bit - False
...
buffer 1 0x00197000 0x0019FFFF First Network Behavior False 32-bit - False
...
f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4.exe 1 0x00400000 0x004C1FFF First Network Behavior False 32-bit - False
...
f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4.exe 1 0x00400000 0x004C1FFF Final Dump False 32-bit - False
...
e2a3bd0ad84baab2d23dfbfcf8e2b6bcbf4853d9b79aa29fa778b5a523960303 Extracted File Image
Clean
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4.exe
MIME Type image/png
File Size 12.45 KB
MD5 592d874e97ecccdfbfeac4898ba8dd80 Copy to Clipboard
SHA1 f03a20ab2ec9fcc9f1d0e53cc7aac2a322e8ae79 Copy to Clipboard
SHA256 e2a3bd0ad84baab2d23dfbfcf8e2b6bcbf4853d9b79aa29fa778b5a523960303 Copy to Clipboard
SSDeep 192:k70W5ARHxHk9CksPmn8bt0HC/J1xxB9KEhTFkWBlgX2KpHG3038K0Ex:rHS43bt0HSHxxC8fBlIv138jEx Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image