12.2.receipt.exe.3f72bc0.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
12.2.receipt.exe.3f72bc0.3.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
12.2.receipt.exe.3f72bc0.3.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
12.2.receipt.exe.3f72bc0.3.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
- 0x12093:$s6: get_ClientSettings
- 0x12637:$s7: get_Connected
|
12.2.receipt.exe.3f72bc0.3.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
12.2.receipt.exe.3f72bc0.3.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1018d:$a1: NanoCore.ClientPluginHost
- 0x1014d:$a2: NanoCore.ClientPlugin
- 0x120a6:$b1: get_BuilderSettings
- 0xffa9:$b2: ClientLoaderForm.resources
- 0x117c6:$b3: PluginCommand
- 0x1017e:$b4: IClientAppHost
- 0x1a5fe:$b5: GetBlockHash
- 0x126fe:$b6: AddHostEntry
- 0x163f1:$b7: LogClientException
- 0x1266b:$b8: PipeExists
- 0x101b7:$b9: IClientLoggingHost
|
14.2.Uewizrlgm.exe.2c6dd3c.0.raw.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
12.2.receipt.exe.3fc2be0.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
12.2.receipt.exe.3fc2be0.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
12.2.receipt.exe.3fc2be0.4.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
12.2.receipt.exe.3fc2be0.4.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe0f5:$x1: NanoCore Client
- 0xe105:$x1: NanoCore Client
- 0xe34d:$x2: NanoCore.ClientPlugin
- 0xe38d:$x3: NanoCore.ClientPluginHost
- 0xe342:$i1: IClientApp
- 0xe363:$i2: IClientData
- 0xe36f:$i3: IClientNetwork
- 0xe37e:$i4: IClientAppHost
- 0xe3a7:$i5: IClientDataHost
- 0xe3b7:$i6: IClientLoggingHost
- 0xe3ca:$i7: IClientNetworkHost
- 0xe3dd:$i8: IClientUIHost
- 0xe3eb:$i9: IClientNameObjectCollection
- 0xe407:$i10: IClientReadOnlyNameObjectCollection
- 0xe154:$s1: ClientPlugin
- 0xe356:$s1: ClientPlugin
- 0xe84a:$s2: EndPoint
- 0xe853:$s3: IPAddress
- 0xe85d:$s4: IPEndPoint
- 0x10293:$s6: get_ClientSettings
- 0x10837:$s7: get_Connected
|
12.2.receipt.exe.3fc2be0.4.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
12.2.receipt.exe.3fc2be0.4.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xe38d:$a1: NanoCore.ClientPluginHost
- 0xe34d:$a2: NanoCore.ClientPlugin
- 0x102a6:$b1: get_BuilderSettings
- 0xe1a9:$b2: ClientLoaderForm.resources
- 0xf9c6:$b3: PluginCommand
- 0xe37e:$b4: IClientAppHost
- 0x187fe:$b5: GetBlockHash
- 0x108fe:$b6: AddHostEntry
- 0x145f1:$b7: LogClientException
- 0x1086b:$b8: PipeExists
- 0xe3b7:$b9: IClientLoggingHost
|
0.2.receipt.exe.5630000.5.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
12.3.receipt.exe.4133bd0.3.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
12.3.receipt.exe.3fb3b90.2.raw.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
0.3.receipt.exe.4206fb0.0.raw.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
12.2.receipt.exe.2f868a0.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
12.2.receipt.exe.2f868a0.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0xe3b7:$s5: IClientLoggingHost
|
12.2.receipt.exe.2f868a0.0.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe0f5:$x1: NanoCore Client
- 0xe105:$x1: NanoCore Client
- 0xe34d:$x2: NanoCore.ClientPlugin
- 0xe38d:$x3: NanoCore.ClientPluginHost
- 0xe342:$i1: IClientApp
- 0xe363:$i2: IClientData
- 0xe36f:$i3: IClientNetwork
- 0xe37e:$i4: IClientAppHost
- 0xe3a7:$i5: IClientDataHost
- 0xe3b7:$i6: IClientLoggingHost
- 0xe3ca:$i7: IClientNetworkHost
- 0xe3dd:$i8: IClientUIHost
- 0xe3eb:$i9: IClientNameObjectCollection
- 0xe407:$i10: IClientReadOnlyNameObjectCollection
- 0xe154:$s1: ClientPlugin
- 0xe356:$s1: ClientPlugin
- 0xe84a:$s2: EndPoint
- 0xe853:$s3: IPAddress
- 0xe85d:$s4: IPEndPoint
- 0x10293:$s6: get_ClientSettings
- 0x10837:$s7: get_Connected
|
12.2.receipt.exe.2f868a0.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
- 0xf0fc:$j: #=q
- 0xf118:$j: #=q
|
12.2.receipt.exe.2f868a0.0.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xe38d:$a1: NanoCore.ClientPluginHost
- 0xe34d:$a2: NanoCore.ClientPlugin
- 0x102a6:$b1: get_BuilderSettings
- 0xe1a9:$b2: ClientLoaderForm.resources
- 0xf9c6:$b3: PluginCommand
- 0xe37e:$b4: IClientAppHost
- 0x108fe:$b6: AddHostEntry
- 0x1086b:$b8: PipeExists
- 0xe3b7:$b9: IClientLoggingHost
|
12.2.receipt.exe.3f4aba0.2.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
12.2.receipt.exe.3f4aba0.2.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0x32b25:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
12.2.receipt.exe.3f4aba0.2.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
12.2.receipt.exe.3f4aba0.2.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe0f5:$x1: NanoCore Client
- 0xe105:$x1: NanoCore Client
- 0x32b15:$x1: NanoCore Client
- 0x32b25:$x1: NanoCore Client
- 0xe34d:$x2: NanoCore.ClientPlugin
- 0xe38d:$x3: NanoCore.ClientPluginHost
- 0xe342:$i1: IClientApp
- 0xe363:$i2: IClientData
- 0xe36f:$i3: IClientNetwork
- 0xe37e:$i4: IClientAppHost
- 0xe3a7:$i5: IClientDataHost
- 0xe3b7:$i6: IClientLoggingHost
- 0xe3ca:$i7: IClientNetworkHost
- 0xe3dd:$i8: IClientUIHost
- 0xe3eb:$i9: IClientNameObjectCollection
- 0xe407:$i10: IClientReadOnlyNameObjectCollection
- 0xe154:$s1: ClientPlugin
- 0xe356:$s1: ClientPlugin
- 0x32b74:$s1: ClientPlugin
- 0xe84a:$s2: EndPoint
- 0xe853:$s3: IPAddress
|
12.2.receipt.exe.3f4aba0.2.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0x32b15:$a: NanoCore
- 0x32b25:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0x32b74:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
|
12.2.receipt.exe.3f4aba0.2.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xe38d:$a1: NanoCore.ClientPluginHost
- 0xe34d:$a2: NanoCore.ClientPlugin
- 0x102a6:$b1: get_BuilderSettings
- 0xe1a9:$b2: ClientLoaderForm.resources
- 0xf9c6:$b3: PluginCommand
- 0xe37e:$b4: IClientAppHost
- 0x187fe:$b5: GetBlockHash
- 0x108fe:$b6: AddHostEntry
- 0x145f1:$b7: LogClientException
- 0x1086b:$b8: PipeExists
- 0xe3b7:$b9: IClientLoggingHost
|
0.2.receipt.exe.5630000.5.raw.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
12.2.receipt.exe.5490000.7.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
12.3.receipt.exe.3f73b70.0.raw.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
26.2.receipt.exe.32294f4.0.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
26.2.receipt.exe.32294f4.0.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
26.2.receipt.exe.32294f4.0.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe38:$x2: NanoCore.ClientPlugin
- 0xe75:$x3: NanoCore.ClientPluginHost
- 0xe5a:$i1: IClientApp
- 0xe4e:$i2: IClientData
- 0xe29:$i3: IClientNetwork
- 0xec3:$i4: IClientAppHost
- 0xe65:$i5: IClientDataHost
- 0xeb0:$i6: IClientLoggingHost
- 0xe8f:$i7: IClientNetworkHost
- 0xea2:$i8: IClientUIHost
- 0xed2:$i9: IClientNameObjectCollection
- 0xef7:$i10: IClientReadOnlyNameObjectCollection
- 0xe41:$s1: ClientPlugin
- 0x177c:$s1: ClientPlugin
- 0x1789:$s1: ClientPlugin
- 0x11f9:$s6: get_ClientSettings
- 0x1249:$s7: get_Connected
|
26.2.receipt.exe.32294f4.0.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xe75:$a1: NanoCore.ClientPluginHost
- 0xe38:$a2: NanoCore.ClientPlugin
- 0x120c:$b1: get_BuilderSettings
- 0xec3:$b4: IClientAppHost
- 0x127d:$b6: AddHostEntry
- 0x12ec:$b7: LogClientException
- 0x1261:$b8: PipeExists
- 0xeb0:$b9: IClientLoggingHost
|
0.3.receipt.exe.4306fd0.1.raw.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
12.2.receipt.exe.3f72bc0.3.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
12.2.receipt.exe.3f72bc0.3.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
12.2.receipt.exe.3f72bc0.3.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
12.2.receipt.exe.3f72bc0.3.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe0f5:$x1: NanoCore Client
- 0xe105:$x1: NanoCore Client
- 0xe34d:$x2: NanoCore.ClientPlugin
- 0xe38d:$x3: NanoCore.ClientPluginHost
- 0xe342:$i1: IClientApp
- 0xe363:$i2: IClientData
- 0xe36f:$i3: IClientNetwork
- 0xe37e:$i4: IClientAppHost
- 0xe3a7:$i5: IClientDataHost
- 0xe3b7:$i6: IClientLoggingHost
- 0xe3ca:$i7: IClientNetworkHost
- 0xe3dd:$i8: IClientUIHost
- 0xe3eb:$i9: IClientNameObjectCollection
- 0xe407:$i10: IClientReadOnlyNameObjectCollection
- 0xe154:$s1: ClientPlugin
- 0xe356:$s1: ClientPlugin
- 0xe84a:$s2: EndPoint
- 0xe853:$s3: IPAddress
- 0xe85d:$s4: IPEndPoint
- 0x10293:$s6: get_ClientSettings
- 0x10837:$s7: get_Connected
|
12.2.receipt.exe.3f72bc0.3.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
12.2.receipt.exe.3f72bc0.3.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xe38d:$a1: NanoCore.ClientPluginHost
- 0xe34d:$a2: NanoCore.ClientPlugin
- 0x102a6:$b1: get_BuilderSettings
- 0xe1a9:$b2: ClientLoaderForm.resources
- 0xf9c6:$b3: PluginCommand
- 0xe37e:$b4: IClientAppHost
- 0x187fe:$b5: GetBlockHash
- 0x108fe:$b6: AddHostEntry
- 0x145f1:$b7: LogClientException
- 0x1086b:$b8: PipeExists
- 0xe3b7:$b9: IClientLoggingHost
|
12.3.receipt.exe.4133bd0.3.raw.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
12.2.receipt.exe.2f868a0.0.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
12.2.receipt.exe.2f868a0.0.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x101b7:$s5: IClientLoggingHost
|
12.2.receipt.exe.2f868a0.0.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
- 0x12093:$s6: get_ClientSettings
- 0x12637:$s7: get_Connected
|
12.2.receipt.exe.2f868a0.0.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
- 0x10efc:$j: #=q
- 0x10f18:$j: #=q
|
12.2.receipt.exe.2f868a0.0.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1018d:$a1: NanoCore.ClientPluginHost
- 0x1014d:$a2: NanoCore.ClientPlugin
- 0x120a6:$b1: get_BuilderSettings
- 0xffa9:$b2: ClientLoaderForm.resources
- 0x117c6:$b3: PluginCommand
- 0x1017e:$b4: IClientAppHost
- 0x126fe:$b6: AddHostEntry
- 0x1266b:$b8: PipeExists
- 0x101b7:$b9: IClientLoggingHost
|
12.2.receipt.exe.3074e04.1.raw.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
26.0.receipt.exe.400000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
26.0.receipt.exe.400000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
26.0.receipt.exe.400000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
26.0.receipt.exe.400000.0.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
- 0x12093:$s6: get_ClientSettings
- 0x12637:$s7: get_Connected
|
26.0.receipt.exe.400000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
26.0.receipt.exe.400000.0.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1018d:$a1: NanoCore.ClientPluginHost
- 0x1014d:$a2: NanoCore.ClientPlugin
- 0x120a6:$b1: get_BuilderSettings
- 0xffa9:$b2: ClientLoaderForm.resources
- 0x117c6:$b3: PluginCommand
- 0x1017e:$b4: IClientAppHost
- 0x1a5fe:$b5: GetBlockHash
- 0x126fe:$b6: AddHostEntry
- 0x163f1:$b7: LogClientException
- 0x1266b:$b8: PipeExists
- 0x101b7:$b9: IClientLoggingHost
|
12.2.receipt.exe.3fc2be0.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
12.2.receipt.exe.3fc2be0.4.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
12.2.receipt.exe.3fc2be0.4.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
12.2.receipt.exe.3fc2be0.4.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
- 0x12093:$s6: get_ClientSettings
- 0x12637:$s7: get_Connected
|
12.2.receipt.exe.3fc2be0.4.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
12.2.receipt.exe.3fc2be0.4.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1018d:$a1: NanoCore.ClientPluginHost
- 0x1014d:$a2: NanoCore.ClientPlugin
- 0x120a6:$b1: get_BuilderSettings
- 0xffa9:$b2: ClientLoaderForm.resources
- 0x117c6:$b3: PluginCommand
- 0x1017e:$b4: IClientAppHost
- 0x1a5fe:$b5: GetBlockHash
- 0x126fe:$b6: AddHostEntry
- 0x163f1:$b7: LogClientException
- 0x1266b:$b8: PipeExists
- 0x101b7:$b9: IClientLoggingHost
|
12.2.receipt.exe.3f4aba0.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x381ad:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x381ea:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x3bd1d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
12.2.receipt.exe.3f4aba0.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x37f25:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x381ad:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x397e6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x397da:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x3a68b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x40442:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
- 0x381d7:$s5: IClientLoggingHost
|
12.2.receipt.exe.3f4aba0.2.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
12.2.receipt.exe.3f4aba0.2.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x37f15:$x1: NanoCore Client
- 0x37f25:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x3816d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x381ad:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x38162:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x38183:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x3818f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x3819e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x381c7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x381d7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
|
12.2.receipt.exe.3f4aba0.2.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0x37f15:$a: NanoCore
- 0x37f25:$a: NanoCore
- 0x38159:$a: NanoCore
- 0x3816d:$a: NanoCore
- 0x381ad:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x37f74:$b: ClientPlugin
- 0x38176:$b: ClientPlugin
- 0x381b6:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x3809b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x38aa2:$d: DESCrypto
- 0x1844e:$e: KeepAlive
|
12.2.receipt.exe.3f4aba0.2.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1018d:$a1: NanoCore.ClientPluginHost
- 0x381ad:$a1: NanoCore.ClientPluginHost
- 0x1014d:$a2: NanoCore.ClientPlugin
- 0x3816d:$a2: NanoCore.ClientPlugin
- 0x120a6:$b1: get_BuilderSettings
- 0x3a0c6:$b1: get_BuilderSettings
- 0xffa9:$b2: ClientLoaderForm.resources
- 0x37fc9:$b2: ClientLoaderForm.resources
- 0x117c6:$b3: PluginCommand
- 0x397e6:$b3: PluginCommand
- 0x1017e:$b4: IClientAppHost
- 0x3819e:$b4: IClientAppHost
- 0x1a5fe:$b5: GetBlockHash
- 0x4261e:$b5: GetBlockHash
- 0x126fe:$b6: AddHostEntry
- 0x3a71e:$b6: AddHostEntry
- 0x163f1:$b7: LogClientException
- 0x3e411:$b7: LogClientException
- 0x1266b:$b8: PipeExists
- 0x3a68b:$b8: PipeExists
- 0x101b7:$b9: IClientLoggingHost
|
0.2.receipt.exe.30df6fc.0.raw.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
12.3.receipt.exe.3f53b50.1.raw.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
13.2.Uewizrlgm.exe.2acc71c.0.raw.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
0.3.receipt.exe.4306fd0.1.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
Click to see the 66 entries |