Malicious
Classifications
Backdoor Keylogger
Threat Names
njRAT njRAT.07Green
Dynamic Analysis Report
Created on 2024-04-27T09:41:02+00:00
777.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\777.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x0040ABBE |
Size Of Code | 0x00008C00 |
Size Of Initialized Data | 0x00000600 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2024-04-27 07:17 (UTC) |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x00008BC4 | 0x00008C00 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.61 |
.rsrc | 0x0040C000 | 0x00000240 | 0x00000400 | 0x00008E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.97 |
.reloc | 0x0040E000 | 0x0000000C | 0x00000200 | 0x00009200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.08 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x0000AB8C | 0x00008D8C | 0x00000000 |
Memory Dumps (7)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
777.exe | 1 | 0x00060000 | 0x0006FFFF | Relevant Image | 32-bit | - |
...
|
||
buffer | 1 | 0x048E8000 | 0x048EFFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x0486A000 | 0x0486FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x0457E000 | 0x0457FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x001B6000 | 0x001BFFFF | First Network Behavior | 32-bit | - |
...
|
||
777.exe | 1 | 0x00060000 | 0x0006FFFF | First Network Behavior | 32-bit | - |
...
|
||
777.exe | 1 | 0x00060000 | 0x0006FFFF | Final Dump | 32-bit | - |
...
|
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
njRAT | njRAT | Backdoor |
5/5
|
...
|