| 在线病毒检测器 | v.1.0.168.174 |
| 数据库版本: | 2024-03-01 19:00:18 |
NjRat,也称为Bladabindi,是一种远程访问木马(RAT),允许网络犯罪分子未经授权地访问和控制受感染的计算机。它是由一个名为M38dHhM的跨国黑客组织制作的,经常用于中东地区的目标。
| File | Electron Executor.exe |
| 已检查 | 2024-03-01 17:11:02 |
| MD5 | c6f7a127db974121111ad7b3a185f044 |
| SHA1 | 7ef7cd905a3d74f179a7d63b7acea9a085ff4c74 |
| SHA256 | b6f177cdd38d20ad341656b85076bc4015369bd9c97753665c014ebc1e5fd4c8 |
| SHA512 | a78287493573f9eff0250aa52e2af6a08af4dc88b7a3d2657ed3b67d044fd64d3b4ccf196c6f421af15e48de6d728d101fb0e79ed1ce970ae47451e9bae5cb32 |
| Imphash | 319b1edcc4538be377f43066c635ffef |
| File Size | 12745535 bytes |
Gridinsoft能够识别并消除Trojan.Win32.NjRat.tr,无需进一步的用户干预。
 |
e8722c548890318e4b9e2a5ec1dc3aa5 6779bf959ed497a7f621ba3ddbad0454 00b28e8e86868600 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x00416f40 |
| Compilation: | 2023-10-03 07:51:24 |
| Checksum: | 0x00000000 (Actual: 0x00c2caa4) |
| OS Version: | 5.1 |
| PDB Path: | D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 6 |
| Imports: | KERNEL32, OLEAUT32, gdiplus, |
| Exports: | 0 |
| Resources: | 28 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00028f0c | 0x00029000 | caca2b2b58a83dbaf15f3f1c6108b427 | 6.69 |
| .rdata | 0x0002a000 | 0x0000a73e | 0x0000a800 | 82c4c666f29d1a9037c062cec3ffdc43 | 5.25 |
| .data | 0x00035000 | 0x00035cb8 | 0x00001000 | e38db51a737a34e70ff98ca4cc764645 | 4.16 |
| .didat | 0x0006b000 | 0x00000178 | 0x00000200 | 36bd41b5d4d3e4514d19a139e6f8cb8f | 3.22 |
| .rsrc | 0x0006c000 | 0x0000fc04 | 0x0000fe00 | 283b29b1e9c4aecdebd816a593d3c0a0 | 5.05 |
| .reloc | 0x0007c000 | 0x00002a70 | 0x00002c00 | ab9c4a66270333af806665da0a975287 | 6.66 |
