7.2.jqenyeo.exe.414058.1.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.jqenyeo.exe.414058.1.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.414058.1.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.414058.1.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe0f5:$x1: NanoCore Client
- 0xe105:$x1: NanoCore Client
- 0xe34d:$x2: NanoCore.ClientPlugin
- 0xe38d:$x3: NanoCore.ClientPluginHost
- 0xe342:$i1: IClientApp
- 0xe363:$i2: IClientData
- 0xe36f:$i3: IClientNetwork
- 0xe37e:$i4: IClientAppHost
- 0xe3a7:$i5: IClientDataHost
- 0xe3b7:$i6: IClientLoggingHost
- 0xe3ca:$i7: IClientNetworkHost
- 0xe3dd:$i8: IClientUIHost
- 0xe3eb:$i9: IClientNameObjectCollection
- 0xe407:$i10: IClientReadOnlyNameObjectCollection
- 0xe154:$s1: ClientPlugin
- 0xe356:$s1: ClientPlugin
- 0xe84a:$s2: EndPoint
- 0xe853:$s3: IPAddress
- 0xe85d:$s4: IPEndPoint
- 0x10293:$s6: get_ClientSettings
- 0x10837:$s7: get_Connected
|
7.2.jqenyeo.exe.414058.1.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
7.0.jqenyeo.exe.400000.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x217e5:$x1: NanoCore.ClientPluginHost
- 0x21822:$x2: IClientNetworkHost
- 0x25355:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.0.jqenyeo.exe.400000.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2155d:$x1: NanoCore Client.exe
- 0x217e5:$x2: NanoCore.ClientPluginHost
- 0x22e1e:$s1: PluginCommand
- 0x22e12:$s2: FileCommand
- 0x23cc3:$s3: PipeExists
- 0x29a7a:$s4: PipeCreated
- 0x2180f:$s5: IClientLoggingHost
|
7.0.jqenyeo.exe.400000.5.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.0.jqenyeo.exe.400000.5.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x2154d:$x1: NanoCore Client
- 0x2155d:$x1: NanoCore Client
- 0x217a5:$x2: NanoCore.ClientPlugin
- 0x217e5:$x3: NanoCore.ClientPluginHost
- 0x2179a:$i1: IClientApp
- 0x217bb:$i2: IClientData
- 0x217c7:$i3: IClientNetwork
- 0x217d6:$i4: IClientAppHost
- 0x217ff:$i5: IClientDataHost
- 0x2180f:$i6: IClientLoggingHost
- 0x21822:$i7: IClientNetworkHost
- 0x21835:$i8: IClientUIHost
- 0x21843:$i9: IClientNameObjectCollection
- 0x2185f:$i10: IClientReadOnlyNameObjectCollection
- 0x215ac:$s1: ClientPlugin
- 0x217ae:$s1: ClientPlugin
- 0x21ca2:$s2: EndPoint
- 0x21cab:$s3: IPAddress
- 0x21cb5:$s4: IPEndPoint
- 0x236eb:$s6: get_ClientSettings
- 0x23c8f:$s7: get_Connected
|
7.0.jqenyeo.exe.400000.5.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2154d:$a: NanoCore
- 0x2155d:$a: NanoCore
- 0x21791:$a: NanoCore
- 0x217a5:$a: NanoCore
- 0x217e5:$a: NanoCore
- 0x215ac:$b: ClientPlugin
- 0x217ae:$b: ClientPlugin
- 0x217ee:$b: ClientPlugin
- 0x216d3:$c: ProjectData
- 0x220da:$d: DESCrypto
- 0x29aa6:$e: KeepAlive
- 0x27a94:$g: LogClientMessage
- 0x23c8f:$i: get_Connected
- 0x22410:$j: #=q
- 0x22440:$j: #=q
- 0x2245c:$j: #=q
- 0x2248c:$j: #=q
- 0x224a8:$j: #=q
- 0x224c4:$j: #=q
- 0x224f4:$j: #=q
- 0x22510:$j: #=q
|
7.2.jqenyeo.exe.4ae4629.12.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
|
7.2.jqenyeo.exe.4ae4629.12.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.4ae4629.12.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.4ae4629.12.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xb14f:$x2: NanoCore.ClientPlugin
- 0xb184:$x3: NanoCore.ClientPluginHost
- 0xb143:$i2: IClientData
- 0xb165:$i3: IClientNetwork
- 0xb174:$i5: IClientDataHost
- 0xb19e:$i6: IClientLoggingHost
- 0xb1b1:$i7: IClientNetworkHost
- 0xb1c4:$i8: IClientUIHost
- 0xb1d2:$i9: IClientNameObjectCollection
- 0xb1ee:$i10: IClientReadOnlyNameObjectCollection
- 0xaf41:$s1: ClientPlugin
- 0xb158:$s1: ClientPlugin
- 0x10179:$s6: get_ClientSettings
|
7.0.jqenyeo.exe.400000.8.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x217e5:$x1: NanoCore.ClientPluginHost
- 0x21822:$x2: IClientNetworkHost
- 0x25355:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.0.jqenyeo.exe.400000.8.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2155d:$x1: NanoCore Client.exe
- 0x217e5:$x2: NanoCore.ClientPluginHost
- 0x22e1e:$s1: PluginCommand
- 0x22e12:$s2: FileCommand
- 0x23cc3:$s3: PipeExists
- 0x29a7a:$s4: PipeCreated
- 0x2180f:$s5: IClientLoggingHost
|
7.0.jqenyeo.exe.400000.8.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.0.jqenyeo.exe.400000.8.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x2154d:$x1: NanoCore Client
- 0x2155d:$x1: NanoCore Client
- 0x217a5:$x2: NanoCore.ClientPlugin
- 0x217e5:$x3: NanoCore.ClientPluginHost
- 0x2179a:$i1: IClientApp
- 0x217bb:$i2: IClientData
- 0x217c7:$i3: IClientNetwork
- 0x217d6:$i4: IClientAppHost
- 0x217ff:$i5: IClientDataHost
- 0x2180f:$i6: IClientLoggingHost
- 0x21822:$i7: IClientNetworkHost
- 0x21835:$i8: IClientUIHost
- 0x21843:$i9: IClientNameObjectCollection
- 0x2185f:$i10: IClientReadOnlyNameObjectCollection
- 0x215ac:$s1: ClientPlugin
- 0x217ae:$s1: ClientPlugin
- 0x21ca2:$s2: EndPoint
- 0x21cab:$s3: IPAddress
- 0x21cb5:$s4: IPEndPoint
- 0x236eb:$s6: get_ClientSettings
- 0x23c8f:$s7: get_Connected
|
7.0.jqenyeo.exe.400000.8.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2154d:$a: NanoCore
- 0x2155d:$a: NanoCore
- 0x21791:$a: NanoCore
- 0x217a5:$a: NanoCore
- 0x217e5:$a: NanoCore
- 0x215ac:$b: ClientPlugin
- 0x217ae:$b: ClientPlugin
- 0x217ee:$b: ClientPlugin
- 0x216d3:$c: ProjectData
- 0x220da:$d: DESCrypto
- 0x29aa6:$e: KeepAlive
- 0x27a94:$g: LogClientMessage
- 0x23c8f:$i: get_Connected
- 0x22410:$j: #=q
- 0x22440:$j: #=q
- 0x2245c:$j: #=q
- 0x2248c:$j: #=q
- 0x224a8:$j: #=q
- 0x224c4:$j: #=q
- 0x224f4:$j: #=q
- 0x22510:$j: #=q
|
7.2.jqenyeo.exe.32f4415.8.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0x23c40:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
- 0x23c6d:$x2: IClientNetworkHost
|
7.2.jqenyeo.exe.32f4415.8.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0x23c40:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0x24d1b:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
- 0x23c5a:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.32f4415.8.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.32f4415.8.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xb14f:$x2: NanoCore.ClientPlugin
- 0x23c0b:$x2: NanoCore.ClientPlugin
- 0xb184:$x3: NanoCore.ClientPluginHost
- 0x23c40:$x3: NanoCore.ClientPluginHost
- 0xb143:$i2: IClientData
- 0x23bff:$i2: IClientData
- 0xb165:$i3: IClientNetwork
- 0x23c21:$i3: IClientNetwork
- 0xb174:$i5: IClientDataHost
- 0x23c30:$i5: IClientDataHost
- 0xb19e:$i6: IClientLoggingHost
- 0x23c5a:$i6: IClientLoggingHost
- 0xb1b1:$i7: IClientNetworkHost
- 0x23c6d:$i7: IClientNetworkHost
- 0xb1c4:$i8: IClientUIHost
- 0x23c80:$i8: IClientUIHost
- 0xb1d2:$i9: IClientNameObjectCollection
- 0x23c8e:$i9: IClientNameObjectCollection
- 0xb1ee:$i10: IClientReadOnlyNameObjectCollection
- 0x23caa:$i10: IClientReadOnlyNameObjectCollection
- 0xaf41:$s1: ClientPlugin
|
7.0.jqenyeo.exe.400000.7.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x217e5:$x1: NanoCore.ClientPluginHost
- 0x21822:$x2: IClientNetworkHost
- 0x25355:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.0.jqenyeo.exe.400000.7.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2155d:$x1: NanoCore Client.exe
- 0x217e5:$x2: NanoCore.ClientPluginHost
- 0x22e1e:$s1: PluginCommand
- 0x22e12:$s2: FileCommand
- 0x23cc3:$s3: PipeExists
- 0x29a7a:$s4: PipeCreated
- 0x2180f:$s5: IClientLoggingHost
|
7.0.jqenyeo.exe.400000.7.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.0.jqenyeo.exe.400000.7.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x2154d:$x1: NanoCore Client
- 0x2155d:$x1: NanoCore Client
- 0x217a5:$x2: NanoCore.ClientPlugin
- 0x217e5:$x3: NanoCore.ClientPluginHost
- 0x2179a:$i1: IClientApp
- 0x217bb:$i2: IClientData
- 0x217c7:$i3: IClientNetwork
- 0x217d6:$i4: IClientAppHost
- 0x217ff:$i5: IClientDataHost
- 0x2180f:$i6: IClientLoggingHost
- 0x21822:$i7: IClientNetworkHost
- 0x21835:$i8: IClientUIHost
- 0x21843:$i9: IClientNameObjectCollection
- 0x2185f:$i10: IClientReadOnlyNameObjectCollection
- 0x215ac:$s1: ClientPlugin
- 0x217ae:$s1: ClientPlugin
- 0x21ca2:$s2: EndPoint
- 0x21cab:$s3: IPAddress
- 0x21cb5:$s4: IPEndPoint
- 0x236eb:$s6: get_ClientSettings
- 0x23c8f:$s7: get_Connected
|
7.0.jqenyeo.exe.400000.7.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2154d:$a: NanoCore
- 0x2155d:$a: NanoCore
- 0x21791:$a: NanoCore
- 0x217a5:$a: NanoCore
- 0x217e5:$a: NanoCore
- 0x215ac:$b: ClientPlugin
- 0x217ae:$b: ClientPlugin
- 0x217ee:$b: ClientPlugin
- 0x216d3:$c: ProjectData
- 0x220da:$d: DESCrypto
- 0x29aa6:$e: KeepAlive
- 0x27a94:$g: LogClientMessage
- 0x23c8f:$i: get_Connected
- 0x22410:$j: #=q
- 0x22440:$j: #=q
- 0x2245c:$j: #=q
- 0x2248c:$j: #=q
- 0x224a8:$j: #=q
- 0x224c4:$j: #=q
- 0x224f4:$j: #=q
- 0x22510:$j: #=q
|
7.2.jqenyeo.exe.5fb140.3.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.jqenyeo.exe.5fb140.3.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.5fb140.3.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.5fb140.3.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe0f5:$x1: NanoCore Client
- 0xe105:$x1: NanoCore Client
- 0xe34d:$x2: NanoCore.ClientPlugin
- 0xe38d:$x3: NanoCore.ClientPluginHost
- 0xe342:$i1: IClientApp
- 0xe363:$i2: IClientData
- 0xe36f:$i3: IClientNetwork
- 0xe37e:$i4: IClientAppHost
- 0xe3a7:$i5: IClientDataHost
- 0xe3b7:$i6: IClientLoggingHost
- 0xe3ca:$i7: IClientNetworkHost
- 0xe3dd:$i8: IClientUIHost
- 0xe3eb:$i9: IClientNameObjectCollection
- 0xe407:$i10: IClientReadOnlyNameObjectCollection
- 0xe154:$s1: ClientPlugin
- 0xe356:$s1: ClientPlugin
- 0xe84a:$s2: EndPoint
- 0xe853:$s3: IPAddress
- 0xe85d:$s4: IPEndPoint
- 0x10293:$s6: get_ClientSettings
- 0x10837:$s7: get_Connected
|
7.2.jqenyeo.exe.5fb140.3.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
7.2.jqenyeo.exe.400000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x217e5:$x1: NanoCore.ClientPluginHost
- 0x21822:$x2: IClientNetworkHost
- 0x25355:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.jqenyeo.exe.400000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2155d:$x1: NanoCore Client.exe
- 0x217e5:$x2: NanoCore.ClientPluginHost
- 0x22e1e:$s1: PluginCommand
- 0x22e12:$s2: FileCommand
- 0x23cc3:$s3: PipeExists
- 0x29a7a:$s4: PipeCreated
- 0x2180f:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.400000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.400000.0.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x2154d:$x1: NanoCore Client
- 0x2155d:$x1: NanoCore Client
- 0x217a5:$x2: NanoCore.ClientPlugin
- 0x217e5:$x3: NanoCore.ClientPluginHost
- 0x2179a:$i1: IClientApp
- 0x217bb:$i2: IClientData
- 0x217c7:$i3: IClientNetwork
- 0x217d6:$i4: IClientAppHost
- 0x217ff:$i5: IClientDataHost
- 0x2180f:$i6: IClientLoggingHost
- 0x21822:$i7: IClientNetworkHost
- 0x21835:$i8: IClientUIHost
- 0x21843:$i9: IClientNameObjectCollection
- 0x2185f:$i10: IClientReadOnlyNameObjectCollection
- 0x215ac:$s1: ClientPlugin
- 0x217ae:$s1: ClientPlugin
- 0x21ca2:$s2: EndPoint
- 0x21cab:$s3: IPAddress
- 0x21cb5:$s4: IPEndPoint
- 0x236eb:$s6: get_ClientSettings
- 0x23c8f:$s7: get_Connected
|
7.2.jqenyeo.exe.400000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2154d:$a: NanoCore
- 0x2155d:$a: NanoCore
- 0x21791:$a: NanoCore
- 0x217a5:$a: NanoCore
- 0x217e5:$a: NanoCore
- 0x215ac:$b: ClientPlugin
- 0x217ae:$b: ClientPlugin
- 0x217ee:$b: ClientPlugin
- 0x216d3:$c: ProjectData
- 0x220da:$d: DESCrypto
- 0x29aa6:$e: KeepAlive
- 0x27a94:$g: LogClientMessage
- 0x23c8f:$i: get_Connected
- 0x22410:$j: #=q
- 0x22440:$j: #=q
- 0x2245c:$j: #=q
- 0x2248c:$j: #=q
- 0x224a8:$j: #=q
- 0x224c4:$j: #=q
- 0x224f4:$j: #=q
- 0x22510:$j: #=q
|
7.2.jqenyeo.exe.22819d4.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
7.2.jqenyeo.exe.22819d4.5.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.22819d4.5.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe38:$x2: NanoCore.ClientPlugin
- 0xe75:$x3: NanoCore.ClientPluginHost
- 0xe5a:$i1: IClientApp
- 0xe4e:$i2: IClientData
- 0xe29:$i3: IClientNetwork
- 0xec3:$i4: IClientAppHost
- 0xe65:$i5: IClientDataHost
- 0xeb0:$i6: IClientLoggingHost
- 0xe8f:$i7: IClientNetworkHost
- 0xea2:$i8: IClientUIHost
- 0xed2:$i9: IClientNameObjectCollection
- 0xef7:$i10: IClientReadOnlyNameObjectCollection
- 0xe41:$s1: ClientPlugin
- 0x177c:$s1: ClientPlugin
- 0x1789:$s1: ClientPlugin
- 0x11f9:$s6: get_ClientSettings
- 0x1249:$s7: get_Connected
|
7.2.jqenyeo.exe.550000.2.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.jqenyeo.exe.550000.2.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.550000.2.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.550000.2.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe0f5:$x1: NanoCore Client
- 0xe105:$x1: NanoCore Client
- 0xe34d:$x2: NanoCore.ClientPlugin
- 0xe38d:$x3: NanoCore.ClientPluginHost
- 0xe342:$i1: IClientApp
- 0xe363:$i2: IClientData
- 0xe36f:$i3: IClientNetwork
- 0xe37e:$i4: IClientAppHost
- 0xe3a7:$i5: IClientDataHost
- 0xe3b7:$i6: IClientLoggingHost
- 0xe3ca:$i7: IClientNetworkHost
- 0xe3dd:$i8: IClientUIHost
- 0xe3eb:$i9: IClientNameObjectCollection
- 0xe407:$i10: IClientReadOnlyNameObjectCollection
- 0xe154:$s1: ClientPlugin
- 0xe356:$s1: ClientPlugin
- 0xe84a:$s2: EndPoint
- 0xe853:$s3: IPAddress
- 0xe85d:$s4: IPEndPoint
- 0x10293:$s6: get_ClientSettings
- 0x10837:$s7: get_Connected
|
7.2.jqenyeo.exe.550000.2.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
7.2.jqenyeo.exe.550000.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.jqenyeo.exe.550000.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.550000.2.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.550000.2.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
- 0x12093:$s6: get_ClientSettings
- 0x12637:$s7: get_Connected
|
7.2.jqenyeo.exe.550000.2.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
7.2.jqenyeo.exe.5fb140.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.jqenyeo.exe.5fb140.3.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.5fb140.3.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.5fb140.3.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x506b0:$s1: ClientPlugin
- 0x58858:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
|
7.2.jqenyeo.exe.5fb140.3.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x506b0:$b: ClientPlugin
- 0x50dfe:$b: ClientPlugin
- 0x58858:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
|
7.0.jqenyeo.exe.400000.10.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x217e5:$x1: NanoCore.ClientPluginHost
- 0x21822:$x2: IClientNetworkHost
- 0x25355:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.0.jqenyeo.exe.400000.10.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2155d:$x1: NanoCore Client.exe
- 0x217e5:$x2: NanoCore.ClientPluginHost
- 0x22e1e:$s1: PluginCommand
- 0x22e12:$s2: FileCommand
- 0x23cc3:$s3: PipeExists
- 0x29a7a:$s4: PipeCreated
- 0x2180f:$s5: IClientLoggingHost
|
7.0.jqenyeo.exe.400000.10.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.0.jqenyeo.exe.400000.10.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x2154d:$x1: NanoCore Client
- 0x2155d:$x1: NanoCore Client
- 0x217a5:$x2: NanoCore.ClientPlugin
- 0x217e5:$x3: NanoCore.ClientPluginHost
- 0x2179a:$i1: IClientApp
- 0x217bb:$i2: IClientData
- 0x217c7:$i3: IClientNetwork
- 0x217d6:$i4: IClientAppHost
- 0x217ff:$i5: IClientDataHost
- 0x2180f:$i6: IClientLoggingHost
- 0x21822:$i7: IClientNetworkHost
- 0x21835:$i8: IClientUIHost
- 0x21843:$i9: IClientNameObjectCollection
- 0x2185f:$i10: IClientReadOnlyNameObjectCollection
- 0x215ac:$s1: ClientPlugin
- 0x217ae:$s1: ClientPlugin
- 0x21ca2:$s2: EndPoint
- 0x21cab:$s3: IPAddress
- 0x21cb5:$s4: IPEndPoint
- 0x236eb:$s6: get_ClientSettings
- 0x23c8f:$s7: get_Connected
|
7.0.jqenyeo.exe.400000.10.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2154d:$a: NanoCore
- 0x2155d:$a: NanoCore
- 0x21791:$a: NanoCore
- 0x217a5:$a: NanoCore
- 0x217e5:$a: NanoCore
- 0x215ac:$b: ClientPlugin
- 0x217ae:$b: ClientPlugin
- 0x217ee:$b: ClientPlugin
- 0x216d3:$c: ProjectData
- 0x220da:$d: DESCrypto
- 0x29aa6:$e: KeepAlive
- 0x27a94:$g: LogClientMessage
- 0x23c8f:$i: get_Connected
- 0x22410:$j: #=q
- 0x22440:$j: #=q
- 0x2245c:$j: #=q
- 0x2248c:$j: #=q
- 0x224a8:$j: #=q
- 0x224c4:$j: #=q
- 0x224f4:$j: #=q
- 0x22510:$j: #=q
|
5.2.jqenyeo.exe.330000.1.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x217e5:$x1: NanoCore.ClientPluginHost
- 0x21822:$x2: IClientNetworkHost
- 0x25355:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.2.jqenyeo.exe.330000.1.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2155d:$x1: NanoCore Client.exe
- 0x217e5:$x2: NanoCore.ClientPluginHost
- 0x22e1e:$s1: PluginCommand
- 0x22e12:$s2: FileCommand
- 0x23cc3:$s3: PipeExists
- 0x29a7a:$s4: PipeCreated
- 0x2180f:$s5: IClientLoggingHost
|
5.2.jqenyeo.exe.330000.1.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.jqenyeo.exe.330000.1.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x2154d:$x1: NanoCore Client
- 0x2155d:$x1: NanoCore Client
- 0x217a5:$x2: NanoCore.ClientPlugin
- 0x217e5:$x3: NanoCore.ClientPluginHost
- 0x2179a:$i1: IClientApp
- 0x217bb:$i2: IClientData
- 0x217c7:$i3: IClientNetwork
- 0x217d6:$i4: IClientAppHost
- 0x217ff:$i5: IClientDataHost
- 0x2180f:$i6: IClientLoggingHost
- 0x21822:$i7: IClientNetworkHost
- 0x21835:$i8: IClientUIHost
- 0x21843:$i9: IClientNameObjectCollection
- 0x2185f:$i10: IClientReadOnlyNameObjectCollection
- 0x215ac:$s1: ClientPlugin
- 0x217ae:$s1: ClientPlugin
- 0x21ca2:$s2: EndPoint
- 0x21cab:$s3: IPAddress
- 0x21cb5:$s4: IPEndPoint
- 0x236eb:$s6: get_ClientSettings
- 0x23c8f:$s7: get_Connected
|
5.2.jqenyeo.exe.330000.1.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2154d:$a: NanoCore
- 0x2155d:$a: NanoCore
- 0x21791:$a: NanoCore
- 0x217a5:$a: NanoCore
- 0x217e5:$a: NanoCore
- 0x215ac:$b: ClientPlugin
- 0x217ae:$b: ClientPlugin
- 0x217ee:$b: ClientPlugin
- 0x216d3:$c: ProjectData
- 0x220da:$d: DESCrypto
- 0x29aa6:$e: KeepAlive
- 0x27a94:$g: LogClientMessage
- 0x23c8f:$i: get_Connected
- 0x22410:$j: #=q
- 0x22440:$j: #=q
- 0x2245c:$j: #=q
- 0x2248c:$j: #=q
- 0x224a8:$j: #=q
- 0x224c4:$j: #=q
- 0x224f4:$j: #=q
- 0x22510:$j: #=q
|
5.2.jqenyeo.exe.330000.1.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1ede5:$x1: NanoCore.ClientPluginHost
- 0x1ee22:$x2: IClientNetworkHost
- 0x22955:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.2.jqenyeo.exe.330000.1.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1eb5d:$x1: NanoCore Client.exe
- 0x1ede5:$x2: NanoCore.ClientPluginHost
- 0x2041e:$s1: PluginCommand
- 0x20412:$s2: FileCommand
- 0x212c3:$s3: PipeExists
- 0x2707a:$s4: PipeCreated
- 0x1ee0f:$s5: IClientLoggingHost
|
5.2.jqenyeo.exe.330000.1.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.jqenyeo.exe.330000.1.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1eb4d:$x1: NanoCore Client
- 0x1eb5d:$x1: NanoCore Client
- 0x1eda5:$x2: NanoCore.ClientPlugin
- 0x1ede5:$x3: NanoCore.ClientPluginHost
- 0x1ed9a:$i1: IClientApp
- 0x1edbb:$i2: IClientData
- 0x1edc7:$i3: IClientNetwork
- 0x1edd6:$i4: IClientAppHost
- 0x1edff:$i5: IClientDataHost
- 0x1ee0f:$i6: IClientLoggingHost
- 0x1ee22:$i7: IClientNetworkHost
- 0x1ee35:$i8: IClientUIHost
- 0x1ee43:$i9: IClientNameObjectCollection
- 0x1ee5f:$i10: IClientReadOnlyNameObjectCollection
- 0x1ebac:$s1: ClientPlugin
- 0x1edae:$s1: ClientPlugin
- 0x1f2a2:$s2: EndPoint
- 0x1f2ab:$s3: IPAddress
- 0x1f2b5:$s4: IPEndPoint
- 0x20ceb:$s6: get_ClientSettings
- 0x2128f:$s7: get_Connected
|
5.2.jqenyeo.exe.330000.1.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x1eb4d:$a: NanoCore
- 0x1eb5d:$a: NanoCore
- 0x1ed91:$a: NanoCore
- 0x1eda5:$a: NanoCore
- 0x1ede5:$a: NanoCore
- 0x1ebac:$b: ClientPlugin
- 0x1edae:$b: ClientPlugin
- 0x1edee:$b: ClientPlugin
- 0x1ecd3:$c: ProjectData
- 0x1f6da:$d: DESCrypto
- 0x270a6:$e: KeepAlive
- 0x25094:$g: LogClientMessage
- 0x2128f:$i: get_Connected
- 0x1fa10:$j: #=q
- 0x1fa40:$j: #=q
- 0x1fa5c:$j: #=q
- 0x1fa8c:$j: #=q
- 0x1faa8:$j: #=q
- 0x1fac4:$j: #=q
- 0x1faf4:$j: #=q
- 0x1fb10:$j: #=q
|
7.2.jqenyeo.exe.32efdec.7.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
7.2.jqenyeo.exe.32efdec.7.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.32efdec.7.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.32efdec.7.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xd978:$x2: NanoCore.ClientPlugin
- 0xd9ad:$x3: NanoCore.ClientPluginHost
- 0xd96c:$i2: IClientData
- 0xd98e:$i3: IClientNetwork
- 0xd99d:$i5: IClientDataHost
- 0xd9c7:$i6: IClientLoggingHost
- 0xd9da:$i7: IClientNetworkHost
- 0xd9ed:$i8: IClientUIHost
- 0xd9fb:$i9: IClientNameObjectCollection
- 0xda17:$i10: IClientReadOnlyNameObjectCollection
- 0xd76a:$s1: ClientPlugin
- 0xd981:$s1: ClientPlugin
- 0x129a2:$s6: get_ClientSettings
|
7.2.jqenyeo.exe.4ae0000.11.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
7.2.jqenyeo.exe.4ae0000.11.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.4ae0000.11.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.4ae0000.11.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xd978:$x2: NanoCore.ClientPlugin
- 0xd9ad:$x3: NanoCore.ClientPluginHost
- 0xd96c:$i2: IClientData
- 0xd98e:$i3: IClientNetwork
- 0xd99d:$i5: IClientDataHost
- 0xd9c7:$i6: IClientLoggingHost
- 0xd9da:$i7: IClientNetworkHost
- 0xd9ed:$i8: IClientUIHost
- 0xd9fb:$i9: IClientNameObjectCollection
- 0xda17:$i10: IClientReadOnlyNameObjectCollection
- 0xd76a:$s1: ClientPlugin
- 0xd981:$s1: ClientPlugin
- 0x129a2:$s6: get_ClientSettings
|
5.2.jqenyeo.exe.341658.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.2.jqenyeo.exe.341658.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
5.2.jqenyeo.exe.341658.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.jqenyeo.exe.341658.0.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe0f5:$x1: NanoCore Client
- 0xe105:$x1: NanoCore Client
- 0xe34d:$x2: NanoCore.ClientPlugin
- 0xe38d:$x3: NanoCore.ClientPluginHost
- 0xe342:$i1: IClientApp
- 0xe363:$i2: IClientData
- 0xe36f:$i3: IClientNetwork
- 0xe37e:$i4: IClientAppHost
- 0xe3a7:$i5: IClientDataHost
- 0xe3b7:$i6: IClientLoggingHost
- 0xe3ca:$i7: IClientNetworkHost
- 0xe3dd:$i8: IClientUIHost
- 0xe3eb:$i9: IClientNameObjectCollection
- 0xe407:$i10: IClientReadOnlyNameObjectCollection
- 0xe154:$s1: ClientPlugin
- 0xe356:$s1: ClientPlugin
- 0xe84a:$s2: EndPoint
- 0xe853:$s3: IPAddress
- 0xe85d:$s4: IPEndPoint
- 0x10293:$s6: get_ClientSettings
- 0x10837:$s7: get_Connected
|
5.2.jqenyeo.exe.341658.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
7.2.jqenyeo.exe.32efdec.7.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0x28269:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
- 0x28296:$x2: IClientNetworkHost
|
7.2.jqenyeo.exe.32efdec.7.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x28269:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0x29344:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
- 0x28283:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.32efdec.7.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.32efdec.7.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xf778:$x2: NanoCore.ClientPlugin
- 0x28234:$x2: NanoCore.ClientPlugin
- 0xf7ad:$x3: NanoCore.ClientPluginHost
- 0x28269:$x3: NanoCore.ClientPluginHost
- 0xf76c:$i2: IClientData
- 0x28228:$i2: IClientData
- 0xf78e:$i3: IClientNetwork
- 0x2824a:$i3: IClientNetwork
- 0xf79d:$i5: IClientDataHost
- 0x28259:$i5: IClientDataHost
- 0xf7c7:$i6: IClientLoggingHost
- 0x28283:$i6: IClientLoggingHost
- 0xf7da:$i7: IClientNetworkHost
- 0x28296:$i7: IClientNetworkHost
- 0xf7ed:$i8: IClientUIHost
- 0x282a9:$i8: IClientUIHost
- 0xf7fb:$i9: IClientNameObjectCollection
- 0x282b7:$i9: IClientNameObjectCollection
- 0xf817:$i10: IClientReadOnlyNameObjectCollection
- 0x282d3:$i10: IClientReadOnlyNameObjectCollection
- 0xf56a:$s1: ClientPlugin
|
7.2.jqenyeo.exe.414058.1.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.jqenyeo.exe.414058.1.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.414058.1.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.414058.1.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
- 0x12093:$s6: get_ClientSettings
- 0x12637:$s7: get_Connected
|
7.2.jqenyeo.exe.414058.1.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
7.2.jqenyeo.exe.1ed0000.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.jqenyeo.exe.1ed0000.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.1ed0000.4.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.1ed0000.4.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
- 0x12093:$s6: get_ClientSettings
- 0x12637:$s7: get_Connected
|
7.2.jqenyeo.exe.1ed0000.4.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.jqenyeo.exe.341658.0.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.2.jqenyeo.exe.341658.0.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
5.2.jqenyeo.exe.341658.0.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.jqenyeo.exe.341658.0.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
- 0x12093:$s6: get_ClientSettings
- 0x12637:$s7: get_Connected
|
5.2.jqenyeo.exe.341658.0.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
7.2.jqenyeo.exe.32eafb6.6.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x145e3:$x1: NanoCore.ClientPluginHost
- 0x2d09f:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x14610:$x2: IClientNetworkHost
- 0x2d0cc:$x2: IClientNetworkHost
|
7.2.jqenyeo.exe.32eafb6.6.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x145e3:$x2: NanoCore.ClientPluginHost
- 0x2d09f:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0x156be:$s4: PipeCreated
- 0x2e17a:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
- 0x145fd:$s5: IClientLoggingHost
- 0x2d0b9:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.32eafb6.6.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.32eafb6.6.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe38:$x2: NanoCore.ClientPlugin
- 0x145ae:$x2: NanoCore.ClientPlugin
- 0x2d06a:$x2: NanoCore.ClientPlugin
- 0xe75:$x3: NanoCore.ClientPluginHost
- 0x145e3:$x3: NanoCore.ClientPluginHost
- 0x2d09f:$x3: NanoCore.ClientPluginHost
- 0xe5a:$i1: IClientApp
- 0xe4e:$i2: IClientData
- 0x145a2:$i2: IClientData
- 0x2d05e:$i2: IClientData
- 0xe29:$i3: IClientNetwork
- 0x145c4:$i3: IClientNetwork
- 0x2d080:$i3: IClientNetwork
- 0xec3:$i4: IClientAppHost
- 0xe65:$i5: IClientDataHost
- 0x145d3:$i5: IClientDataHost
- 0x2d08f:$i5: IClientDataHost
- 0xeb0:$i6: IClientLoggingHost
- 0x145fd:$i6: IClientLoggingHost
- 0x2d0b9:$i6: IClientLoggingHost
- 0xe8f:$i7: IClientNetworkHost
|
7.2.jqenyeo.exe.32eafb6.6.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x14599:$a: NanoCore
- 0x145ae:$a: NanoCore
- 0x145e3:$a: NanoCore
- 0x2d055:$a: NanoCore
- 0x2d06a:$a: NanoCore
- 0x2d09f:$a: NanoCore
- 0xe41:$b: ClientPlugin
- 0xe7e:$b: ClientPlugin
- 0x177c:$b: ClientPlugin
- 0x1789:$b: ClientPlugin
- 0x14355:$b: ClientPlugin
- 0x14370:$b: ClientPlugin
- 0x143a0:$b: ClientPlugin
- 0x145b7:$b: ClientPlugin
- 0x145ec:$b: ClientPlugin
- 0x2ce11:$b: ClientPlugin
- 0x2ce2c:$b: ClientPlugin
|
7.2.jqenyeo.exe.47b0000.9.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
7.2.jqenyeo.exe.47b0000.9.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.47b0000.9.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe38:$x2: NanoCore.ClientPlugin
- 0xe75:$x3: NanoCore.ClientPluginHost
- 0xe5a:$i1: IClientApp
- 0xe4e:$i2: IClientData
- 0xe29:$i3: IClientNetwork
- 0xec3:$i4: IClientAppHost
- 0xe65:$i5: IClientDataHost
- 0xeb0:$i6: IClientLoggingHost
- 0xe8f:$i7: IClientNetworkHost
- 0xea2:$i8: IClientUIHost
- 0xed2:$i9: IClientNameObjectCollection
- 0xef7:$i10: IClientReadOnlyNameObjectCollection
- 0xe41:$s1: ClientPlugin
- 0x177c:$s1: ClientPlugin
- 0x1789:$s1: ClientPlugin
- 0x11f9:$s6: get_ClientSettings
- 0x1249:$s7: get_Connected
|
7.0.jqenyeo.exe.400000.9.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x217e5:$x1: NanoCore.ClientPluginHost
- 0x21822:$x2: IClientNetworkHost
- 0x25355:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.0.jqenyeo.exe.400000.9.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2155d:$x1: NanoCore Client.exe
- 0x217e5:$x2: NanoCore.ClientPluginHost
- 0x22e1e:$s1: PluginCommand
- 0x22e12:$s2: FileCommand
- 0x23cc3:$s3: PipeExists
- 0x29a7a:$s4: PipeCreated
- 0x2180f:$s5: IClientLoggingHost
|
7.0.jqenyeo.exe.400000.9.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.0.jqenyeo.exe.400000.9.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x2154d:$x1: NanoCore Client
- 0x2155d:$x1: NanoCore Client
- 0x217a5:$x2: NanoCore.ClientPlugin
- 0x217e5:$x3: NanoCore.ClientPluginHost
- 0x2179a:$i1: IClientApp
- 0x217bb:$i2: IClientData
- 0x217c7:$i3: IClientNetwork
- 0x217d6:$i4: IClientAppHost
- 0x217ff:$i5: IClientDataHost
- 0x2180f:$i6: IClientLoggingHost
- 0x21822:$i7: IClientNetworkHost
- 0x21835:$i8: IClientUIHost
- 0x21843:$i9: IClientNameObjectCollection
- 0x2185f:$i10: IClientReadOnlyNameObjectCollection
- 0x215ac:$s1: ClientPlugin
- 0x217ae:$s1: ClientPlugin
- 0x21ca2:$s2: EndPoint
- 0x21cab:$s3: IPAddress
- 0x21cb5:$s4: IPEndPoint
- 0x236eb:$s6: get_ClientSettings
- 0x23c8f:$s7: get_Connected
|
7.0.jqenyeo.exe.400000.9.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2154d:$a: NanoCore
- 0x2155d:$a: NanoCore
- 0x21791:$a: NanoCore
- 0x217a5:$a: NanoCore
- 0x217e5:$a: NanoCore
- 0x215ac:$b: ClientPlugin
- 0x217ae:$b: ClientPlugin
- 0x217ee:$b: ClientPlugin
- 0x216d3:$c: ProjectData
- 0x220da:$d: DESCrypto
- 0x29aa6:$e: KeepAlive
- 0x27a94:$g: LogClientMessage
- 0x23c8f:$i: get_Connected
- 0x22410:$j: #=q
- 0x22440:$j: #=q
- 0x2245c:$j: #=q
- 0x2248c:$j: #=q
- 0x224a8:$j: #=q
- 0x224c4:$j: #=q
- 0x224f4:$j: #=q
- 0x22510:$j: #=q
|
7.0.jqenyeo.exe.400000.6.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x217e5:$x1: NanoCore.ClientPluginHost
- 0x21822:$x2: IClientNetworkHost
- 0x25355:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.0.jqenyeo.exe.400000.6.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2155d:$x1: NanoCore Client.exe
- 0x217e5:$x2: NanoCore.ClientPluginHost
- 0x22e1e:$s1: PluginCommand
- 0x22e12:$s2: FileCommand
- 0x23cc3:$s3: PipeExists
- 0x29a7a:$s4: PipeCreated
- 0x2180f:$s5: IClientLoggingHost
|
7.0.jqenyeo.exe.400000.6.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.0.jqenyeo.exe.400000.6.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x2154d:$x1: NanoCore Client
- 0x2155d:$x1: NanoCore Client
- 0x217a5:$x2: NanoCore.ClientPlugin
- 0x217e5:$x3: NanoCore.ClientPluginHost
- 0x2179a:$i1: IClientApp
- 0x217bb:$i2: IClientData
- 0x217c7:$i3: IClientNetwork
- 0x217d6:$i4: IClientAppHost
- 0x217ff:$i5: IClientDataHost
- 0x2180f:$i6: IClientLoggingHost
- 0x21822:$i7: IClientNetworkHost
- 0x21835:$i8: IClientUIHost
- 0x21843:$i9: IClientNameObjectCollection
- 0x2185f:$i10: IClientReadOnlyNameObjectCollection
- 0x215ac:$s1: ClientPlugin
- 0x217ae:$s1: ClientPlugin
- 0x21ca2:$s2: EndPoint
- 0x21cab:$s3: IPAddress
- 0x21cb5:$s4: IPEndPoint
- 0x236eb:$s6: get_ClientSettings
- 0x23c8f:$s7: get_Connected
|
7.0.jqenyeo.exe.400000.6.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2154d:$a: NanoCore
- 0x2155d:$a: NanoCore
- 0x21791:$a: NanoCore
- 0x217a5:$a: NanoCore
- 0x217e5:$a: NanoCore
- 0x215ac:$b: ClientPlugin
- 0x217ae:$b: ClientPlugin
- 0x217ee:$b: ClientPlugin
- 0x216d3:$c: ProjectData
- 0x220da:$d: DESCrypto
- 0x29aa6:$e: KeepAlive
- 0x27a94:$g: LogClientMessage
- 0x23c8f:$i: get_Connected
- 0x22410:$j: #=q
- 0x22440:$j: #=q
- 0x2245c:$j: #=q
- 0x2248c:$j: #=q
- 0x224a8:$j: #=q
- 0x224c4:$j: #=q
- 0x224f4:$j: #=q
- 0x22510:$j: #=q
|
7.2.jqenyeo.exe.4ae0000.11.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
|
7.2.jqenyeo.exe.4ae0000.11.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.4ae0000.11.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.4ae0000.11.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xf778:$x2: NanoCore.ClientPlugin
- 0xf7ad:$x3: NanoCore.ClientPluginHost
- 0xf76c:$i2: IClientData
- 0xf78e:$i3: IClientNetwork
- 0xf79d:$i5: IClientDataHost
- 0xf7c7:$i6: IClientLoggingHost
- 0xf7da:$i7: IClientNetworkHost
- 0xf7ed:$i8: IClientUIHost
- 0xf7fb:$i9: IClientNameObjectCollection
- 0xf817:$i10: IClientReadOnlyNameObjectCollection
- 0xf56a:$s1: ClientPlugin
- 0xf781:$s1: ClientPlugin
- 0x147a2:$s6: get_ClientSettings
|
7.2.jqenyeo.exe.400000.0.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x241e5:$x1: NanoCore.ClientPluginHost
- 0x24222:$x2: IClientNetworkHost
- 0x27d55:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.jqenyeo.exe.400000.0.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x23f5d:$x1: NanoCore Client.exe
- 0x241e5:$x2: NanoCore.ClientPluginHost
- 0x2581e:$s1: PluginCommand
- 0x25812:$s2: FileCommand
- 0x266c3:$s3: PipeExists
- 0x2c47a:$s4: PipeCreated
- 0x2420f:$s5: IClientLoggingHost
|
7.2.jqenyeo.exe.400000.0.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.jqenyeo.exe.400000.0.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x23f4d:$x1: NanoCore Client
- 0x23f5d:$x1: NanoCore Client
- 0x241a5:$x2: NanoCore.ClientPlugin
- 0x241e5:$x3: NanoCore.ClientPluginHost
- 0x2419a:$i1: IClientApp
- 0x241bb:$i2: IClientData
- 0x241c7:$i3: IClientNetwork
- 0x241d6:$i4: IClientAppHost
- 0x241ff:$i5: IClientDataHost
- 0x2420f:$i6: IClientLoggingHost
- 0x24222:$i7: IClientNetworkHost
- 0x24235:$i8: IClientUIHost
- 0x24243:$i9: IClientNameObjectCollection
- 0x2425f:$i10: IClientReadOnlyNameObjectCollection
- 0x23fac:$s1: ClientPlugin
- 0x241ae:$s1: ClientPlugin
- 0x246a2:$s2: EndPoint
- 0x246ab:$s3: IPAddress
- 0x246b5:$s4: IPEndPoint
- 0x260eb:$s6: get_ClientSettings
- 0x2668f:$s7: get_Connected
|
7.2.jqenyeo.exe.400000.0.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x23f4d:$a: NanoCore
- 0x23f5d:$a: NanoCore
- 0x24191:$a: NanoCore
- 0x241a5:$a: NanoCore
- 0x241e5:$a: NanoCore
- 0x23fac:$b: ClientPlugin
- 0x241ae:$b: ClientPlugin
- 0x241ee:$b: ClientPlugin
- 0x240d3:$c: ProjectData
- 0x24ada:$d: DESCrypto
- 0x2c4a6:$e: KeepAlive
- 0x2a494:$g: LogClientMessage
- 0x2668f:$i: get_Connected
- 0x24e10:$j: #=q
- 0x24e40:$j: #=q
- 0x24e5c:$j: #=q
- 0x24e8c:$j: #=q
- 0x24ea8:$j: #=q
- 0x24ec4:$j: #=q
- 0x24ef4:$j: #=q
- 0x24f10:$j: #=q
|
Click to see the 125 entries |