» njrat.exe
Overview
Analysis
File Details

njrat.exe

The executable njrat.exe has been detected as malware by 36 anti-virus scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.

File name:

njrat.exe

MD5:

645554c3d0a9145eb65098974d5986e2

SHA-1:

442514abc7fd508d422e1c4334a5ac209b6e9960

SHA-256:

651bca4541865ad9cd4c97ca3487efebcd1e3363f7237d610206251cc8b084a2

Scanner detections:

36 / 68

Status:

Malware

Analysis date:

4/25/2024 1:49:02 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.254703

524

Agnitum Outpost

Trojan.RatJn.Gen.MG

7.1.1

AhnLab V3 Security

Backdoor/Win32.Bladabindi

2015.08.17

Avira AntiVirus

TR/ATRAPS.Gen

8.3.1.6

Arcabit

Trojan.Kazy.D3E2EF

1.0.0.425

avast!

MSIL:GenMalicious-V [Trj]

2014.9-150830

AVG

PSW.ILUSpy

2016.0.3002

Bitdefender

Gen:Variant.Kazy.254703

1.0.20.1210

Clam AntiVirus

Win.Backdoor.Bladabindi-1

0.98/21511

Comodo Security

TrojWare.MSIL.Bladabindi.KX

23021

Emsisoft Anti-Malware

Gen:Variant.Kazy.254703

8.15.08.30.02

ESET NOD32

MSIL/Bladabindi (variant)

9.12103

Fortinet FortiGate

MSIL/Agent.PPV!tr

8/30/2015

F-Prot

W32/MSIL_Bladabindi.I2.ge

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.254703

11.2015-30-08_1

G Data

Gen:Variant.Kazy.254703

15.8.25

herdProtect (fuzzy)

variant of ckilsdpaax.exe

2015.10.26.10

IKARUS anti.virus

Trojan.MSIL.Bladabindi

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.2016902

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.1504

Malwarebytes

Trojan.MSIL

v2015.08.30.02

McAfee

BackDoor-NJRat!645554C3D0A9

5600.6658

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.1.11903.0

MicroWorld eScan

Gen:Variant.Kazy.254703

16.0.0.726

NANO AntiVirus

Trojan.Win32.DownLoader10.dbxzfj

0.30.24.3079

Panda Antivirus

Generic Malware

15.08.30.02

Quick Heal

Backdoor.Bladabindi.AL3

8.15.14.00

Rising Antivirus

PE:Backdoor.Bot!1.6675

23.00.65.15828

Sophos

Mal/Bbindi-C

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Barys

9661

Total Defense

Win32/DotNetDl.A!generic

37.1.62.1

Trend Micro House Call

BKDR_BLADABI.SMC

7.2.242

Trend Micro

BKDR_BLADABI.SMC

10.465.30

Vba32 AntiVirus

Backdoor.MSIL.Agent

3.12.26.4

VIPRE Antivirus

Trojan.MSIL.Bladabindi.agxy

42952

Zillya! Antivirus

Trojan.Bladabindi.Win32.29066

2.0.0.2353

File size:

31 KB (31,744 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\njrat.exe

File PE Metadata

Compilation timestamp:

12/29/2014 1:44:27 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:A7bXEI+Ge1gFaYqwzLeiBKh0p29SgRju:A7bXh7RznKhG29jju

Entry address:

0x8B0E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.5994

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

27 KB (27,648 bytes)

Remove njrat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.