7.2.rnixgfly.exe.46b0000.18.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.46b0000.18.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.46b0000.18.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe38:$x2: NanoCore.ClientPlugin
- 0xe75:$x3: NanoCore.ClientPluginHost
- 0xe5a:$i1: IClientApp
- 0xe4e:$i2: IClientData
- 0xe29:$i3: IClientNetwork
- 0xec3:$i4: IClientAppHost
- 0xe65:$i5: IClientDataHost
- 0xeb0:$i6: IClientLoggingHost
- 0xe8f:$i7: IClientNetworkHost
- 0xea2:$i8: IClientUIHost
- 0xed2:$i9: IClientNameObjectCollection
- 0xef7:$i10: IClientReadOnlyNameObjectCollection
- 0xe41:$s1: ClientPlugin
- 0x177c:$s1: ClientPlugin
- 0x1789:$s1: ClientPlugin
- 0x11f9:$s6: get_ClientSettings
- 0x1249:$s7: get_Connected
|
7.2.rnixgfly.exe.46b0000.18.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xe75:$a1: NanoCore.ClientPluginHost
- 0xe38:$a2: NanoCore.ClientPlugin
- 0x120c:$b1: get_BuilderSettings
- 0xec3:$b4: IClientAppHost
- 0x127d:$b6: AddHostEntry
- 0x12ec:$b7: LogClientException
- 0x1261:$b8: PipeExists
- 0xeb0:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.56f0000.24.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x16e3:$x1: NanoCore.ClientPluginHost
- 0x171c:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.56f0000.24.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x16e3:$x2: NanoCore.ClientPluginHost
- 0x1800:$s4: PipeCreated
- 0x16fd:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.56f0000.24.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x175f:$x2: NanoCore.ClientPlugin
- 0x16e3:$x3: NanoCore.ClientPluginHost
- 0x1775:$i3: IClientNetwork
- 0x16fd:$i6: IClientLoggingHost
- 0x171c:$i7: IClientNetworkHost
- 0x1491:$s1: ClientPlugin
- 0x1768:$s1: ClientPlugin
|
7.2.rnixgfly.exe.56f0000.24.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x16e3:$a1: NanoCore.ClientPluginHost
- 0x175f:$a2: NanoCore.ClientPlugin
- 0x16fd:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.6610000.35.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x5fee:$x1: NanoCore.ClientPluginHost
- 0x602b:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.6610000.35.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x5fee:$x2: NanoCore.ClientPluginHost
- 0x9441:$s4: PipeCreated
- 0x6018:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.6610000.35.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x5fc9:$x2: NanoCore.ClientPlugin
- 0x5fee:$x3: NanoCore.ClientPluginHost
- 0x5fba:$i3: IClientNetwork
- 0x5fdf:$i4: IClientAppHost
- 0x6008:$i5: IClientDataHost
- 0x6018:$i6: IClientLoggingHost
- 0x602b:$i7: IClientNetworkHost
- 0x603e:$i8: IClientUIHost
- 0x604c:$i9: IClientNameObjectCollection
- 0x5d70:$s1: ClientPlugin
- 0x5fd2:$s1: ClientPlugin
|
7.2.rnixgfly.exe.6610000.35.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x5fee:$a1: NanoCore.ClientPluginHost
- 0x5fc9:$a2: NanoCore.ClientPlugin
- 0x5fdf:$b4: IClientAppHost
- 0xa4ce:$b7: LogClientException
- 0x6018:$b9: IClientLoggingHost
|
6.2.rnixgfly.exe.393658.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
6.2.rnixgfly.exe.393658.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
6.2.rnixgfly.exe.393658.2.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
6.2.rnixgfly.exe.393658.2.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
- 0x12093:$s6: get_ClientSettings
- 0x12637:$s7: get_Connected
|
6.2.rnixgfly.exe.393658.2.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
6.2.rnixgfly.exe.393658.2.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1018d:$a1: NanoCore.ClientPluginHost
- 0x1014d:$a2: NanoCore.ClientPlugin
- 0x120a6:$b1: get_BuilderSettings
- 0xffa9:$b2: ClientLoaderForm.resources
- 0x117c6:$b3: PluginCommand
- 0x1017e:$b4: IClientAppHost
- 0x1a5fe:$b5: GetBlockHash
- 0x126fe:$b6: AddHostEntry
- 0x163f1:$b7: LogClientException
- 0x1266b:$b8: PipeExists
- 0x101b7:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.321a18f.13.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1a53c:$x1: NanoCore.ClientPluginHost
- 0x1a556:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.321a18f.13.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1a53c:$x2: NanoCore.ClientPluginHost
- 0x1d879:$s4: PipeCreated
- 0x1a529:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.321a18f.13.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1a513:$x2: NanoCore.ClientPlugin
- 0x1a53c:$x3: NanoCore.ClientPluginHost
- 0x1a504:$i3: IClientNetwork
- 0x1a529:$i6: IClientLoggingHost
- 0x1a556:$i7: IClientNetworkHost
- 0x1a569:$i8: IClientUIHost
- 0x1a273:$s1: ClientPlugin
- 0x1a51c:$s1: ClientPlugin
|
7.2.rnixgfly.exe.321a18f.13.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1a53c:$a1: NanoCore.ClientPluginHost
- 0x1a513:$a2: NanoCore.ClientPlugin
- 0x1f567:$b7: LogClientException
- 0x1a529:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.222c884.8.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.222c884.8.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.222c884.8.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe38:$x2: NanoCore.ClientPlugin
- 0xe75:$x3: NanoCore.ClientPluginHost
- 0xe5a:$i1: IClientApp
- 0xe4e:$i2: IClientData
- 0xe29:$i3: IClientNetwork
- 0xec3:$i4: IClientAppHost
- 0xe65:$i5: IClientDataHost
- 0xeb0:$i6: IClientLoggingHost
- 0xe8f:$i7: IClientNetworkHost
- 0xea2:$i8: IClientUIHost
- 0xed2:$i9: IClientNameObjectCollection
- 0xef7:$i10: IClientReadOnlyNameObjectCollection
- 0xe41:$s1: ClientPlugin
- 0x177c:$s1: ClientPlugin
- 0x1789:$s1: ClientPlugin
- 0x11f9:$s6: get_ClientSettings
- 0x1249:$s7: get_Connected
|
7.2.rnixgfly.exe.222c884.8.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xe75:$a1: NanoCore.ClientPluginHost
- 0xe38:$a2: NanoCore.ClientPlugin
- 0x120c:$b1: get_BuilderSettings
- 0xec3:$b4: IClientAppHost
- 0x127d:$b6: AddHostEntry
- 0x12ec:$b7: LogClientException
- 0x1261:$b8: PipeExists
- 0xeb0:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.32924dc.11.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0x28269:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
- 0x28296:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.32924dc.11.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x28269:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0x29344:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
- 0x28283:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.32924dc.11.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.32924dc.11.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xf778:$x2: NanoCore.ClientPlugin
- 0x28234:$x2: NanoCore.ClientPlugin
- 0xf7ad:$x3: NanoCore.ClientPluginHost
- 0x28269:$x3: NanoCore.ClientPluginHost
- 0xf76c:$i2: IClientData
- 0x28228:$i2: IClientData
- 0xf78e:$i3: IClientNetwork
- 0x2824a:$i3: IClientNetwork
- 0xf79d:$i5: IClientDataHost
- 0x28259:$i5: IClientDataHost
- 0xf7c7:$i6: IClientLoggingHost
- 0x28283:$i6: IClientLoggingHost
- 0xf7da:$i7: IClientNetworkHost
- 0x28296:$i7: IClientNetworkHost
- 0xf7ed:$i8: IClientUIHost
- 0x282a9:$i8: IClientUIHost
- 0xf7fb:$i9: IClientNameObjectCollection
- 0x282b7:$i9: IClientNameObjectCollection
- 0xf817:$i10: IClientReadOnlyNameObjectCollection
- 0x282d3:$i10: IClientReadOnlyNameObjectCollection
- 0xf56a:$s1: ClientPlugin
|
7.2.rnixgfly.exe.32924dc.11.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xf7ad:$a1: NanoCore.ClientPluginHost
- 0x28269:$a1: NanoCore.ClientPluginHost
- 0xf778:$a2: NanoCore.ClientPlugin
- 0x28234:$a2: NanoCore.ClientPlugin
- 0x146f3:$b1: get_BuilderSettings
- 0x2d1af:$b1: get_BuilderSettings
- 0x14662:$b7: LogClientException
- 0x2d11e:$b7: LogClientException
- 0xf7c7:$b9: IClientLoggingHost
- 0x28283:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.400000.1.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x271e5:$x1: NanoCore.ClientPluginHost
- 0x27222:$x2: IClientNetworkHost
- 0x2ad55:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.rnixgfly.exe.400000.1.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x26f5d:$x1: NanoCore Client.exe
- 0x271e5:$x2: NanoCore.ClientPluginHost
- 0x2881e:$s1: PluginCommand
- 0x28812:$s2: FileCommand
- 0x296c3:$s3: PipeExists
- 0x2f47a:$s4: PipeCreated
- 0x2720f:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.400000.1.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.400000.1.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x26f4d:$x1: NanoCore Client
- 0x26f5d:$x1: NanoCore Client
- 0x271a5:$x2: NanoCore.ClientPlugin
- 0x271e5:$x3: NanoCore.ClientPluginHost
- 0x2719a:$i1: IClientApp
- 0x271bb:$i2: IClientData
- 0x271c7:$i3: IClientNetwork
- 0x271d6:$i4: IClientAppHost
- 0x271ff:$i5: IClientDataHost
- 0x2720f:$i6: IClientLoggingHost
- 0x27222:$i7: IClientNetworkHost
- 0x27235:$i8: IClientUIHost
- 0x27243:$i9: IClientNameObjectCollection
- 0x2725f:$i10: IClientReadOnlyNameObjectCollection
- 0x26fac:$s1: ClientPlugin
- 0x271ae:$s1: ClientPlugin
- 0x276a2:$s2: EndPoint
- 0x276ab:$s3: IPAddress
- 0x276b5:$s4: IPEndPoint
- 0x290eb:$s6: get_ClientSettings
- 0x2968f:$s7: get_Connected
|
7.2.rnixgfly.exe.400000.1.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x26f4d:$a: NanoCore
- 0x26f5d:$a: NanoCore
- 0x27191:$a: NanoCore
- 0x271a5:$a: NanoCore
- 0x271e5:$a: NanoCore
- 0x26fac:$b: ClientPlugin
- 0x271ae:$b: ClientPlugin
- 0x271ee:$b: ClientPlugin
- 0x270d3:$c: ProjectData
- 0x27ada:$d: DESCrypto
- 0x2f4a6:$e: KeepAlive
- 0x2d494:$g: LogClientMessage
- 0x2968f:$i: get_Connected
- 0x27e10:$j: #=q
- 0x27e40:$j: #=q
- 0x27e5c:$j: #=q
- 0x27e8c:$j: #=q
- 0x27ea8:$j: #=q
- 0x27ec4:$j: #=q
- 0x27ef4:$j: #=q
- 0x27f10:$j: #=q
|
7.2.rnixgfly.exe.400000.1.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x271e5:$a1: NanoCore.ClientPluginHost
- 0x271a5:$a2: NanoCore.ClientPlugin
- 0x290fe:$b1: get_BuilderSettings
- 0x27001:$b2: ClientLoaderForm.resources
- 0x2881e:$b3: PluginCommand
- 0x271d6:$b4: IClientAppHost
- 0x31656:$b5: GetBlockHash
- 0x29756:$b6: AddHostEntry
- 0x2d449:$b7: LogClientException
- 0x296c3:$b8: PipeExists
- 0x2720f:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.328d6a6.12.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x145e3:$x1: NanoCore.ClientPluginHost
- 0x2d09f:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x14610:$x2: IClientNetworkHost
- 0x2d0cc:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.328d6a6.12.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x145e3:$x2: NanoCore.ClientPluginHost
- 0x2d09f:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0x156be:$s4: PipeCreated
- 0x2e17a:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
- 0x145fd:$s5: IClientLoggingHost
- 0x2d0b9:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.328d6a6.12.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.328d6a6.12.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe38:$x2: NanoCore.ClientPlugin
- 0x145ae:$x2: NanoCore.ClientPlugin
- 0x2d06a:$x2: NanoCore.ClientPlugin
- 0xe75:$x3: NanoCore.ClientPluginHost
- 0x145e3:$x3: NanoCore.ClientPluginHost
- 0x2d09f:$x3: NanoCore.ClientPluginHost
- 0xe5a:$i1: IClientApp
- 0xe4e:$i2: IClientData
- 0x145a2:$i2: IClientData
- 0x2d05e:$i2: IClientData
- 0xe29:$i3: IClientNetwork
- 0x145c4:$i3: IClientNetwork
- 0x2d080:$i3: IClientNetwork
- 0xec3:$i4: IClientAppHost
- 0xe65:$i5: IClientDataHost
- 0x145d3:$i5: IClientDataHost
- 0x2d08f:$i5: IClientDataHost
- 0xeb0:$i6: IClientLoggingHost
- 0x145fd:$i6: IClientLoggingHost
- 0x2d0b9:$i6: IClientLoggingHost
- 0xe8f:$i7: IClientNetworkHost
|
7.2.rnixgfly.exe.328d6a6.12.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x14599:$a: NanoCore
- 0x145ae:$a: NanoCore
- 0x145e3:$a: NanoCore
- 0x2d055:$a: NanoCore
- 0x2d06a:$a: NanoCore
- 0x2d09f:$a: NanoCore
- 0xe41:$b: ClientPlugin
- 0xe7e:$b: ClientPlugin
- 0x177c:$b: ClientPlugin
- 0x1789:$b: ClientPlugin
- 0x14355:$b: ClientPlugin
- 0x14370:$b: ClientPlugin
- 0x143a0:$b: ClientPlugin
- 0x145b7:$b: ClientPlugin
- 0x145ec:$b: ClientPlugin
- 0x2ce11:$b: ClientPlugin
- 0x2ce2c:$b: ClientPlugin
|
7.2.rnixgfly.exe.328d6a6.12.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xe75:$a1: NanoCore.ClientPluginHost
- 0x145e3:$a1: NanoCore.ClientPluginHost
- 0x2d09f:$a1: NanoCore.ClientPluginHost
- 0xe38:$a2: NanoCore.ClientPlugin
- 0x145ae:$a2: NanoCore.ClientPlugin
- 0x2d06a:$a2: NanoCore.ClientPlugin
- 0x120c:$b1: get_BuilderSettings
- 0x19529:$b1: get_BuilderSettings
- 0x31fe5:$b1: get_BuilderSettings
- 0xec3:$b4: IClientAppHost
- 0x127d:$b6: AddHostEntry
- 0x12ec:$b7: LogClientException
- 0x19498:$b7: LogClientException
- 0x31f54:$b7: LogClientException
- 0x1261:$b8: PipeExists
- 0xeb0:$b9: IClientLoggingHost
- 0x145fd:$b9: IClientLoggingHost
- 0x2d0b9:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.65a0000.29.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1deb:$x1: NanoCore.ClientPluginHost
- 0x1e24:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.65a0000.29.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1deb:$x2: NanoCore.ClientPluginHost
- 0x1f36:$s4: PipeCreated
- 0x1e05:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.65a0000.29.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1e8b:$x2: NanoCore.ClientPlugin
- 0x1deb:$x3: NanoCore.ClientPluginHost
- 0x1ea1:$i3: IClientNetwork
- 0x1e43:$i5: IClientDataHost
- 0x1e05:$i6: IClientLoggingHost
- 0x1e24:$i7: IClientNetworkHost
- 0x266c:$i9: IClientNameObjectCollection
- 0x1b41:$s1: ClientPlugin
- 0x1e94:$s1: ClientPlugin
- 0x2a80:$s2: EndPoint
- 0x2771:$s3: IPAddress
- 0x2083:$s4: IPEndPoint
- 0x27a3:$s7: get_Connected
|
7.2.rnixgfly.exe.65a0000.29.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1deb:$a1: NanoCore.ClientPluginHost
- 0x1e8b:$a2: NanoCore.ClientPlugin
- 0x2be1:$b7: LogClientException
- 0x1e05:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.65d4c9f.34.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1a53c:$x1: NanoCore.ClientPluginHost
- 0x1a556:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.65d4c9f.34.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1a53c:$x2: NanoCore.ClientPluginHost
- 0x1d879:$s4: PipeCreated
- 0x1a529:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.65d4c9f.34.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1a513:$x2: NanoCore.ClientPlugin
- 0x1a53c:$x3: NanoCore.ClientPluginHost
- 0x1a504:$i3: IClientNetwork
- 0x1a529:$i6: IClientLoggingHost
- 0x1a556:$i7: IClientNetworkHost
- 0x1a569:$i8: IClientUIHost
- 0x1a273:$s1: ClientPlugin
- 0x1a51c:$s1: ClientPlugin
|
7.2.rnixgfly.exe.65d4c9f.34.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1a53c:$a1: NanoCore.ClientPluginHost
- 0x1a513:$a2: NanoCore.ClientPlugin
- 0x1f567:$b7: LogClientException
- 0x1a529:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.65c0000.31.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.65c0000.31.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.65c0000.31.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x16e2:$x2: NanoCore.ClientPlugin
- 0x170b:$x3: NanoCore.ClientPluginHost
- 0x16d3:$i3: IClientNetwork
- 0x16f8:$i6: IClientLoggingHost
- 0x1725:$i7: IClientNetworkHost
- 0x154e:$s1: ClientPlugin
- 0x16eb:$s1: ClientPlugin
|
7.2.rnixgfly.exe.65c0000.31.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x170b:$a1: NanoCore.ClientPluginHost
- 0x16e2:$a2: NanoCore.ClientPlugin
- 0x3a54:$b7: LogClientException
- 0x16f8:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.6570000.26.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x2205:$x1: NanoCore.ClientPluginHost
- 0x223e:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.6570000.26.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x2205:$x2: NanoCore.ClientPluginHost
- 0x2320:$s4: PipeCreated
- 0x221f:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.6570000.26.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x227f:$x2: NanoCore.ClientPlugin
- 0x2205:$x3: NanoCore.ClientPluginHost
- 0x2295:$i3: IClientNetwork
- 0x221f:$i6: IClientLoggingHost
- 0x223e:$i7: IClientNetworkHost
- 0x1f9f:$s1: ClientPlugin
- 0x2288:$s1: ClientPlugin
|
7.2.rnixgfly.exe.6570000.26.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x2205:$a1: NanoCore.ClientPluginHost
- 0x227f:$a2: NanoCore.ClientPlugin
- 0x29a0:$b7: LogClientException
- 0x221f:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.228d0f0.6.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.228d0f0.6.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
7.2.rnixgfly.exe.228d0f0.6.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x2d96:$x2: NanoCore.ClientPlugin
- 0x2dbb:$x3: NanoCore.ClientPluginHost
- 0x2d87:$i3: IClientNetwork
- 0x2dac:$i4: IClientAppHost
- 0x2dd5:$i5: IClientDataHost
- 0x2de5:$i7: IClientNetworkHost
- 0x2df8:$i9: IClientNameObjectCollection
- 0x2e1d:$i10: IClientReadOnlyNameObjectCollection
- 0x2bce:$s1: ClientPlugin
- 0x2d9f:$s1: ClientPlugin
|
7.2.rnixgfly.exe.228d0f0.6.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x2dbb:$a1: NanoCore.ClientPluginHost
- 0x2d96:$a2: NanoCore.ClientPlugin
- 0x6758:$b1: get_BuilderSettings
- 0x2dac:$b4: IClientAppHost
|
7.2.rnixgfly.exe.6590000.28.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x3deb:$x1: NanoCore.ClientPluginHost
- 0x3f48:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.6590000.28.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x3deb:$x2: NanoCore.ClientPluginHost
- 0x4d41:$s3: PipeExists
- 0x3fe1:$s4: PipeCreated
- 0x3e05:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.6590000.28.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x3ed5:$x2: NanoCore.ClientPlugin
- 0x3deb:$x3: NanoCore.ClientPluginHost
- 0x3eeb:$i3: IClientNetwork
- 0x3e24:$i5: IClientDataHost
- 0x3e05:$i6: IClientLoggingHost
- 0x3f48:$i7: IClientNetworkHost
- 0x3e43:$i8: IClientUIHost
- 0x4d55:$i9: IClientNameObjectCollection
- 0x38fc:$s1: ClientPlugin
- 0x3ede:$s1: ClientPlugin
- 0x4d71:$s6: get_ClientSettings
|
7.2.rnixgfly.exe.6590000.28.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x3deb:$a1: NanoCore.ClientPluginHost
- 0x3ed5:$a2: NanoCore.ClientPlugin
- 0x572e:$b7: LogClientException
- 0x4d41:$b8: PipeExists
- 0x3e05:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.32924dc.11.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.32924dc.11.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.32924dc.11.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.32924dc.11.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xd978:$x2: NanoCore.ClientPlugin
- 0xd9ad:$x3: NanoCore.ClientPluginHost
- 0xd96c:$i2: IClientData
- 0xd98e:$i3: IClientNetwork
- 0xd99d:$i5: IClientDataHost
- 0xd9c7:$i6: IClientLoggingHost
- 0xd9da:$i7: IClientNetworkHost
- 0xd9ed:$i8: IClientUIHost
- 0xd9fb:$i9: IClientNameObjectCollection
- 0xda17:$i10: IClientReadOnlyNameObjectCollection
- 0xd76a:$s1: ClientPlugin
- 0xd981:$s1: ClientPlugin
- 0x129a2:$s6: get_ClientSettings
|
7.2.rnixgfly.exe.32924dc.11.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xd9ad:$a1: NanoCore.ClientPluginHost
- 0xd978:$a2: NanoCore.ClientPlugin
- 0x128f3:$b1: get_BuilderSettings
- 0x12862:$b7: LogClientException
- 0xd9c7:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.228d0f0.6.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x14ded:$x1: NanoCore.ClientPluginHost
- 0x21f67:$x1: NanoCore.ClientPluginHost
- 0x2bdc7:$x1: NanoCore.ClientPluginHost
- 0x33cfd:$x1: NanoCore.ClientPluginHost
- 0x39ce0:$x1: NanoCore.ClientPluginHost
- 0x4375b:$x1: NanoCore.ClientPluginHost
- 0x4db97:$x1: NanoCore.ClientPluginHost
- 0x58b89:$x1: NanoCore.ClientPluginHost
- 0x6493f:$x1: NanoCore.ClientPluginHost
- 0x706a2:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
- 0x14e1a:$x2: IClientNetworkHost
- 0x21fa0:$x2: IClientNetworkHost
- 0x2be00:$x2: IClientNetworkHost
- 0x33d36:$x2: IClientNetworkHost
- 0x438b8:$x2: IClientNetworkHost
- 0x4dbd0:$x2: IClientNetworkHost
- 0x58ba3:$x2: IClientNetworkHost
- 0x64959:$x2: IClientNetworkHost
- 0x706df:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.228d0f0.6.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x4b96:$x2: NanoCore.ClientPlugin
- 0x14dc7:$x2: NanoCore.ClientPlugin
- 0x21fe3:$x2: NanoCore.ClientPlugin
- 0x2be43:$x2: NanoCore.ClientPlugin
- 0x33d77:$x2: NanoCore.ClientPlugin
- 0x39d2a:$x2: NanoCore.ClientPlugin
- 0x43845:$x2: NanoCore.ClientPlugin
- 0x4dc37:$x2: NanoCore.ClientPlugin
- 0x58b60:$x2: NanoCore.ClientPlugin
- 0x64916:$x2: NanoCore.ClientPlugin
- 0x7067d:$x2: NanoCore.ClientPlugin
- 0x4bbb:$x3: NanoCore.ClientPluginHost
- 0x14ded:$x3: NanoCore.ClientPluginHost
- 0x21f67:$x3: NanoCore.ClientPluginHost
- 0x2bdc7:$x3: NanoCore.ClientPluginHost
- 0x33cfd:$x3: NanoCore.ClientPluginHost
- 0x39ce0:$x3: NanoCore.ClientPluginHost
- 0x4375b:$x3: NanoCore.ClientPluginHost
- 0x4db97:$x3: NanoCore.ClientPluginHost
- 0x58b89:$x3: NanoCore.ClientPluginHost
- 0x6493f:$x3: NanoCore.ClientPluginHost
|
7.2.rnixgfly.exe.228d0f0.6.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x4b96:$a: NanoCore
- 0x4bbb:$a: NanoCore
- 0x4c14:$a: NanoCore
- 0x14dc7:$a: NanoCore
- 0x14ded:$a: NanoCore
- 0x14e49:$a: NanoCore
- 0x21caf:$a: NanoCore
- 0x21d08:$a: NanoCore
- 0x21d3b:$a: NanoCore
- 0x21f67:$a: NanoCore
- 0x21fe3:$a: NanoCore
- 0x225fc:$a: NanoCore
- 0x22745:$a: NanoCore
- 0x22c19:$a: NanoCore
- 0x22f00:$a: NanoCore
- 0x22f17:$a: NanoCore
- 0x2bdc7:$a: NanoCore
- 0x2be43:$a: NanoCore
- 0x2e726:$a: NanoCore
- 0x33cfd:$a: NanoCore
- 0x33d77:$a: NanoCore
|
7.2.rnixgfly.exe.228d0f0.6.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x4bbb:$a1: NanoCore.ClientPluginHost
- 0x14ded:$a1: NanoCore.ClientPluginHost
- 0x21f67:$a1: NanoCore.ClientPluginHost
- 0x2bdc7:$a1: NanoCore.ClientPluginHost
- 0x33cfd:$a1: NanoCore.ClientPluginHost
- 0x39ce0:$a1: NanoCore.ClientPluginHost
- 0x4375b:$a1: NanoCore.ClientPluginHost
- 0x4db97:$a1: NanoCore.ClientPluginHost
- 0x58b89:$a1: NanoCore.ClientPluginHost
- 0x6493f:$a1: NanoCore.ClientPluginHost
- 0x706a2:$a1: NanoCore.ClientPluginHost
- 0x4b96:$a2: NanoCore.ClientPlugin
- 0x14dc7:$a2: NanoCore.ClientPlugin
- 0x21fe3:$a2: NanoCore.ClientPlugin
- 0x2be43:$a2: NanoCore.ClientPlugin
- 0x33d77:$a2: NanoCore.ClientPlugin
- 0x39d2a:$a2: NanoCore.ClientPlugin
- 0x43845:$a2: NanoCore.ClientPlugin
- 0x4dc37:$a2: NanoCore.ClientPlugin
- 0x58b60:$a2: NanoCore.ClientPlugin
- 0x64916:$a2: NanoCore.ClientPlugin
|
7.2.rnixgfly.exe.4df0000.20.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.4df0000.20.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
7.2.rnixgfly.exe.4df0000.20.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x2d96:$x2: NanoCore.ClientPlugin
- 0x2dbb:$x3: NanoCore.ClientPluginHost
- 0x2d87:$i3: IClientNetwork
- 0x2dac:$i4: IClientAppHost
- 0x2dd5:$i5: IClientDataHost
- 0x2de5:$i7: IClientNetworkHost
- 0x2df8:$i9: IClientNameObjectCollection
- 0x2e1d:$i10: IClientReadOnlyNameObjectCollection
- 0x2bce:$s1: ClientPlugin
- 0x2d9f:$s1: ClientPlugin
|
7.2.rnixgfly.exe.4df0000.20.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x2dbb:$a1: NanoCore.ClientPluginHost
- 0x2d96:$a2: NanoCore.ClientPlugin
- 0x6758:$b1: get_BuilderSettings
- 0x2dac:$b4: IClientAppHost
|
7.2.rnixgfly.exe.5000000.22.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.5000000.22.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.5000000.22.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.5000000.22.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xd978:$x2: NanoCore.ClientPlugin
- 0xd9ad:$x3: NanoCore.ClientPluginHost
- 0xd96c:$i2: IClientData
- 0xd98e:$i3: IClientNetwork
- 0xd99d:$i5: IClientDataHost
- 0xd9c7:$i6: IClientLoggingHost
- 0xd9da:$i7: IClientNetworkHost
- 0xd9ed:$i8: IClientUIHost
- 0xd9fb:$i9: IClientNameObjectCollection
- 0xda17:$i10: IClientReadOnlyNameObjectCollection
- 0xd76a:$s1: ClientPlugin
- 0xd981:$s1: ClientPlugin
- 0x129a2:$s6: get_ClientSettings
|
7.2.rnixgfly.exe.5000000.22.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xd9ad:$a1: NanoCore.ClientPluginHost
- 0xd978:$a2: NanoCore.ClientPlugin
- 0x128f3:$b1: get_BuilderSettings
- 0x12862:$b7: LogClientException
- 0xd9c7:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.353485d.14.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.353485d.14.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.353485d.14.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1d3b2:$x2: NanoCore.ClientPlugin
- 0x1d3db:$x3: NanoCore.ClientPluginHost
- 0x1d3a3:$i3: IClientNetwork
- 0x1d3c8:$i6: IClientLoggingHost
- 0x1d3f5:$i7: IClientNetworkHost
- 0x1d408:$i8: IClientUIHost
- 0x1d112:$s1: ClientPlugin
- 0x1d3bb:$s1: ClientPlugin
|
7.2.rnixgfly.exe.353485d.14.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1d3db:$a1: NanoCore.ClientPluginHost
- 0x1d3b2:$a2: NanoCore.ClientPlugin
- 0x22406:$b7: LogClientException
- 0x1d3c8:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.6610000.35.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x41ee:$x1: NanoCore.ClientPluginHost
- 0x422b:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.6610000.35.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x41ee:$x2: NanoCore.ClientPluginHost
- 0x7641:$s4: PipeCreated
- 0x4218:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.6610000.35.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x41c9:$x2: NanoCore.ClientPlugin
- 0x41ee:$x3: NanoCore.ClientPluginHost
- 0x41ba:$i3: IClientNetwork
- 0x41df:$i4: IClientAppHost
- 0x4208:$i5: IClientDataHost
- 0x4218:$i6: IClientLoggingHost
- 0x422b:$i7: IClientNetworkHost
- 0x423e:$i8: IClientUIHost
- 0x424c:$i9: IClientNameObjectCollection
- 0x3f70:$s1: ClientPlugin
- 0x41d2:$s1: ClientPlugin
|
7.2.rnixgfly.exe.6610000.35.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x41ee:$a1: NanoCore.ClientPluginHost
- 0x41c9:$a2: NanoCore.ClientPlugin
- 0x41df:$b4: IClientAppHost
- 0x86ce:$b7: LogClientException
- 0x4218:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.400000.1.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x237e5:$x1: NanoCore.ClientPluginHost
- 0x23822:$x2: IClientNetworkHost
- 0x27355:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.rnixgfly.exe.400000.1.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x2355d:$x1: NanoCore Client.exe
- 0x237e5:$x2: NanoCore.ClientPluginHost
- 0x24e1e:$s1: PluginCommand
- 0x24e12:$s2: FileCommand
- 0x25cc3:$s3: PipeExists
- 0x2ba7a:$s4: PipeCreated
- 0x2380f:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.400000.1.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.400000.1.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x2354d:$x1: NanoCore Client
- 0x2355d:$x1: NanoCore Client
- 0x237a5:$x2: NanoCore.ClientPlugin
- 0x237e5:$x3: NanoCore.ClientPluginHost
- 0x2379a:$i1: IClientApp
- 0x237bb:$i2: IClientData
- 0x237c7:$i3: IClientNetwork
- 0x237d6:$i4: IClientAppHost
- 0x237ff:$i5: IClientDataHost
- 0x2380f:$i6: IClientLoggingHost
- 0x23822:$i7: IClientNetworkHost
- 0x23835:$i8: IClientUIHost
- 0x23843:$i9: IClientNameObjectCollection
- 0x2385f:$i10: IClientReadOnlyNameObjectCollection
- 0x235ac:$s1: ClientPlugin
- 0x237ae:$s1: ClientPlugin
- 0x23ca2:$s2: EndPoint
- 0x23cab:$s3: IPAddress
- 0x23cb5:$s4: IPEndPoint
- 0x256eb:$s6: get_ClientSettings
- 0x25c8f:$s7: get_Connected
|
7.2.rnixgfly.exe.400000.1.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2354d:$a: NanoCore
- 0x2355d:$a: NanoCore
- 0x23791:$a: NanoCore
- 0x237a5:$a: NanoCore
- 0x237e5:$a: NanoCore
- 0x235ac:$b: ClientPlugin
- 0x237ae:$b: ClientPlugin
- 0x237ee:$b: ClientPlugin
- 0x236d3:$c: ProjectData
- 0x240da:$d: DESCrypto
- 0x2baa6:$e: KeepAlive
- 0x29a94:$g: LogClientMessage
- 0x25c8f:$i: get_Connected
- 0x24410:$j: #=q
- 0x24440:$j: #=q
- 0x2445c:$j: #=q
- 0x2448c:$j: #=q
- 0x244a8:$j: #=q
- 0x244c4:$j: #=q
- 0x244f4:$j: #=q
- 0x24510:$j: #=q
|
7.2.rnixgfly.exe.400000.1.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x237e5:$a1: NanoCore.ClientPluginHost
- 0x237a5:$a2: NanoCore.ClientPlugin
- 0x256fe:$b1: get_BuilderSettings
- 0x23601:$b2: ClientLoaderForm.resources
- 0x24e1e:$b3: PluginCommand
- 0x237d6:$b4: IClientAppHost
- 0x2dc56:$b5: GetBlockHash
- 0x25d56:$b6: AddHostEntry
- 0x29a49:$b7: LogClientException
- 0x25cc3:$b8: PipeExists
- 0x2380f:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.417058.0.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.rnixgfly.exe.417058.0.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.417058.0.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.417058.0.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
- 0x12093:$s6: get_ClientSettings
- 0x12637:$s7: get_Connected
|
7.2.rnixgfly.exe.417058.0.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
7.2.rnixgfly.exe.417058.0.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1018d:$a1: NanoCore.ClientPluginHost
- 0x1014d:$a2: NanoCore.ClientPlugin
- 0x120a6:$b1: get_BuilderSettings
- 0xffa9:$b2: ClientLoaderForm.resources
- 0x117c6:$b3: PluginCommand
- 0x1017e:$b4: IClientAppHost
- 0x1a5fe:$b5: GetBlockHash
- 0x126fe:$b6: AddHostEntry
- 0x163f1:$b7: LogClientException
- 0x1266b:$b8: PipeExists
- 0x101b7:$b9: IClientLoggingHost
|
6.2.rnixgfly.exe.393658.2.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
6.2.rnixgfly.exe.393658.2.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
6.2.rnixgfly.exe.393658.2.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
6.2.rnixgfly.exe.393658.2.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe0f5:$x1: NanoCore Client
- 0xe105:$x1: NanoCore Client
- 0xe34d:$x2: NanoCore.ClientPlugin
- 0xe38d:$x3: NanoCore.ClientPluginHost
- 0xe342:$i1: IClientApp
- 0xe363:$i2: IClientData
- 0xe36f:$i3: IClientNetwork
- 0xe37e:$i4: IClientAppHost
- 0xe3a7:$i5: IClientDataHost
- 0xe3b7:$i6: IClientLoggingHost
- 0xe3ca:$i7: IClientNetworkHost
- 0xe3dd:$i8: IClientUIHost
- 0xe3eb:$i9: IClientNameObjectCollection
- 0xe407:$i10: IClientReadOnlyNameObjectCollection
- 0xe154:$s1: ClientPlugin
- 0xe356:$s1: ClientPlugin
- 0xe84a:$s2: EndPoint
- 0xe853:$s3: IPAddress
- 0xe85d:$s4: IPEndPoint
- 0x10293:$s6: get_ClientSettings
- 0x10837:$s7: get_Connected
|
6.2.rnixgfly.exe.393658.2.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
6.2.rnixgfly.exe.393658.2.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xe38d:$a1: NanoCore.ClientPluginHost
- 0xe34d:$a2: NanoCore.ClientPlugin
- 0x102a6:$b1: get_BuilderSettings
- 0xe1a9:$b2: ClientLoaderForm.resources
- 0xf9c6:$b3: PluginCommand
- 0xe37e:$b4: IClientAppHost
- 0x187fe:$b5: GetBlockHash
- 0x108fe:$b6: AddHostEntry
- 0x145f1:$b7: LogClientException
- 0x1086b:$b8: PipeExists
- 0xe3b7:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.59d0000.25.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x3f0b:$x1: NanoCore.ClientPluginHost
- 0x3f44:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.59d0000.25.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x3f0b:$x2: NanoCore.ClientPluginHost
- 0x400f:$s4: PipeCreated
- 0x3f25:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.59d0000.25.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x3f87:$x2: NanoCore.ClientPlugin
- 0x3f0b:$x3: NanoCore.ClientPluginHost
- 0x3f9d:$i3: IClientNetwork
- 0x3f25:$i6: IClientLoggingHost
- 0x3f44:$i7: IClientNetworkHost
- 0x3bfb:$s1: ClientPlugin
- 0x3f90:$s1: ClientPlugin
- 0x50f4:$s3: IPAddress
|
7.2.rnixgfly.exe.59d0000.25.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x3f0b:$a1: NanoCore.ClientPluginHost
- 0x3f87:$a2: NanoCore.ClientPlugin
- 0x4b10:$b7: LogClientException
- 0x3f25:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.5004629.21.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.5004629.21.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.5004629.21.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.5004629.21.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xb14f:$x2: NanoCore.ClientPlugin
- 0xb184:$x3: NanoCore.ClientPluginHost
- 0xb143:$i2: IClientData
- 0xb165:$i3: IClientNetwork
- 0xb174:$i5: IClientDataHost
- 0xb19e:$i6: IClientLoggingHost
- 0xb1b1:$i7: IClientNetworkHost
- 0xb1c4:$i8: IClientUIHost
- 0xb1d2:$i9: IClientNameObjectCollection
- 0xb1ee:$i10: IClientReadOnlyNameObjectCollection
- 0xaf41:$s1: ClientPlugin
- 0xb158:$s1: ClientPlugin
- 0x10179:$s6: get_ClientSettings
|
7.2.rnixgfly.exe.5004629.21.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xb184:$a1: NanoCore.ClientPluginHost
- 0xb14f:$a2: NanoCore.ClientPlugin
- 0x100ca:$b1: get_BuilderSettings
- 0x10039:$b7: LogClientException
- 0xb19e:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.65a0000.29.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x39eb:$x1: NanoCore.ClientPluginHost
- 0x3a24:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.65a0000.29.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x39eb:$x2: NanoCore.ClientPluginHost
- 0x3b36:$s4: PipeCreated
- 0x3a05:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.65a0000.29.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x3a8b:$x2: NanoCore.ClientPlugin
- 0x39eb:$x3: NanoCore.ClientPluginHost
- 0x3aa1:$i3: IClientNetwork
- 0x3a43:$i5: IClientDataHost
- 0x3a05:$i6: IClientLoggingHost
- 0x3a24:$i7: IClientNetworkHost
- 0x426c:$i9: IClientNameObjectCollection
- 0x3741:$s1: ClientPlugin
- 0x3a94:$s1: ClientPlugin
- 0x4680:$s2: EndPoint
- 0x4371:$s3: IPAddress
- 0x3c83:$s4: IPEndPoint
- 0x43a3:$s7: get_Connected
|
7.2.rnixgfly.exe.65a0000.29.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x39eb:$a1: NanoCore.ClientPluginHost
- 0x3a8b:$a2: NanoCore.ClientPlugin
- 0x47e1:$b7: LogClientException
- 0x3a05:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.1e70000.3.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.rnixgfly.exe.1e70000.3.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.1e70000.3.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.1e70000.3.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe0f5:$x1: NanoCore Client
- 0xe105:$x1: NanoCore Client
- 0xe34d:$x2: NanoCore.ClientPlugin
- 0xe38d:$x3: NanoCore.ClientPluginHost
- 0xe342:$i1: IClientApp
- 0xe363:$i2: IClientData
- 0xe36f:$i3: IClientNetwork
- 0xe37e:$i4: IClientAppHost
- 0xe3a7:$i5: IClientDataHost
- 0xe3b7:$i6: IClientLoggingHost
- 0xe3ca:$i7: IClientNetworkHost
- 0xe3dd:$i8: IClientUIHost
- 0xe3eb:$i9: IClientNameObjectCollection
- 0xe407:$i10: IClientReadOnlyNameObjectCollection
- 0xe154:$s1: ClientPlugin
- 0xe356:$s1: ClientPlugin
- 0xe84a:$s2: EndPoint
- 0xe853:$s3: IPAddress
- 0xe85d:$s4: IPEndPoint
- 0x10293:$s6: get_ClientSettings
- 0x10837:$s7: get_Connected
|
7.2.rnixgfly.exe.1e70000.3.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
7.2.rnixgfly.exe.1e70000.3.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xe38d:$a1: NanoCore.ClientPluginHost
- 0xe34d:$a2: NanoCore.ClientPlugin
- 0x102a6:$b1: get_BuilderSettings
- 0xe1a9:$b2: ClientLoaderForm.resources
- 0xf9c6:$b3: PluginCommand
- 0xe37e:$b4: IClientAppHost
- 0x187fe:$b5: GetBlockHash
- 0x108fe:$b6: AddHostEntry
- 0x145f1:$b7: LogClientException
- 0x1086b:$b8: PipeExists
- 0xe3b7:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.3223d94.17.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x10937:$x1: NanoCore.ClientPluginHost
- 0x10951:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.3223d94.17.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x10937:$x2: NanoCore.ClientPluginHost
- 0x13c74:$s4: PipeCreated
- 0x10924:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.3223d94.17.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1090e:$x2: NanoCore.ClientPlugin
- 0x10937:$x3: NanoCore.ClientPluginHost
- 0x108ff:$i3: IClientNetwork
- 0x10924:$i6: IClientLoggingHost
- 0x10951:$i7: IClientNetworkHost
- 0x10964:$i8: IClientUIHost
- 0x1066e:$s1: ClientPlugin
- 0x10917:$s1: ClientPlugin
|
7.2.rnixgfly.exe.3223d94.17.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x10937:$a1: NanoCore.ClientPluginHost
- 0x1090e:$a2: NanoCore.ClientPlugin
- 0x15962:$b7: LogClientException
- 0x10924:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.65b0000.30.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x3d99:$x1: NanoCore.ClientPluginHost
- 0x3db3:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.65b0000.30.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x3d99:$x2: NanoCore.ClientPluginHost
- 0x4dce:$s4: PipeCreated
- 0x3d86:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.65b0000.30.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x3d70:$x2: NanoCore.ClientPlugin
- 0x3d99:$x3: NanoCore.ClientPluginHost
- 0x3d61:$i3: IClientNetwork
- 0x3d86:$i6: IClientLoggingHost
- 0x3db3:$i7: IClientNetworkHost
- 0x3bd4:$s1: ClientPlugin
- 0x3d79:$s1: ClientPlugin
- 0x4084:$s2: EndPoint
- 0x408d:$s3: IPAddress
- 0x4097:$s4: IPEndPoint
|
7.2.rnixgfly.exe.65b0000.30.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x3d99:$a1: NanoCore.ClientPluginHost
- 0x3d70:$a2: NanoCore.ClientPlugin
- 0x3d86:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.6580000.27.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x13a8:$x1: NanoCore.ClientPluginHost
|
7.2.rnixgfly.exe.6580000.27.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x13a8:$x2: NanoCore.ClientPluginHost
- 0x1486:$s4: PipeCreated
- 0x13c2:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.6580000.27.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x13f2:$x2: NanoCore.ClientPlugin
- 0x13a8:$x3: NanoCore.ClientPluginHost
- 0x1408:$i3: IClientNetwork
- 0x13c2:$i6: IClientLoggingHost
- 0x1185:$s1: ClientPlugin
- 0x13fb:$s1: ClientPlugin
|
7.2.rnixgfly.exe.6580000.27.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x13a8:$a1: NanoCore.ClientPluginHost
- 0x13f2:$a2: NanoCore.ClientPlugin
- 0x13c2:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.1eb0000.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.rnixgfly.exe.1eb0000.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.1eb0000.4.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.1eb0000.4.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
- 0x12093:$s6: get_ClientSettings
- 0x12637:$s7: get_Connected
|
7.2.rnixgfly.exe.1eb0000.4.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
7.2.rnixgfly.exe.1eb0000.4.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1018d:$a1: NanoCore.ClientPluginHost
- 0x1014d:$a2: NanoCore.ClientPlugin
- 0x120a6:$b1: get_BuilderSettings
- 0xffa9:$b2: ClientLoaderForm.resources
- 0x117c6:$b3: PluginCommand
- 0x1017e:$b4: IClientAppHost
- 0x1a5fe:$b5: GetBlockHash
- 0x126fe:$b6: AddHostEntry
- 0x163f1:$b7: LogClientException
- 0x1266b:$b8: PipeExists
- 0x101b7:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.56d0000.23.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.56d0000.23.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.56d0000.23.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x6d7f:$x2: NanoCore.ClientPlugin
- 0x6da5:$x3: NanoCore.ClientPluginHost
- 0x6d70:$i3: IClientNetwork
- 0x6d95:$i5: IClientDataHost
- 0x6dbf:$i6: IClientLoggingHost
- 0x6dd2:$i7: IClientNetworkHost
- 0x6de5:$i9: IClientNameObjectCollection
- 0x6b02:$s1: ClientPlugin
- 0x6d88:$s1: ClientPlugin
|
7.2.rnixgfly.exe.56d0000.23.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x6da5:$a1: NanoCore.ClientPluginHost
- 0x6d7f:$a2: NanoCore.ClientPlugin
- 0x6dbf:$b9: IClientLoggingHost
|
7.3.rnixgfly.exe.367fdae.2.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
7.3.rnixgfly.exe.367fdae.2.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
7.3.rnixgfly.exe.367fdae.2.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x6d7f:$x2: NanoCore.ClientPlugin
- 0x6da5:$x3: NanoCore.ClientPluginHost
- 0x6d70:$i3: IClientNetwork
- 0x6d95:$i5: IClientDataHost
- 0x6dbf:$i6: IClientLoggingHost
- 0x6dd2:$i7: IClientNetworkHost
- 0x6de5:$i9: IClientNameObjectCollection
- 0x6b02:$s1: ClientPlugin
- 0x6d88:$s1: ClientPlugin
|
7.3.rnixgfly.exe.367fdae.2.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x6da5:$a1: NanoCore.ClientPluginHost
- 0x6d7f:$a2: NanoCore.ClientPlugin
- 0x6dbf:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.1e70000.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.rnixgfly.exe.1e70000.3.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.1e70000.3.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.1e70000.3.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
- 0x12093:$s6: get_ClientSettings
- 0x12637:$s7: get_Connected
|
7.2.rnixgfly.exe.1e70000.3.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
7.2.rnixgfly.exe.1e70000.3.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1018d:$a1: NanoCore.ClientPluginHost
- 0x1014d:$a2: NanoCore.ClientPlugin
- 0x120a6:$b1: get_BuilderSettings
- 0xffa9:$b2: ClientLoaderForm.resources
- 0x117c6:$b3: PluginCommand
- 0x1017e:$b4: IClientAppHost
- 0x1a5fe:$b5: GetBlockHash
- 0x126fe:$b6: AddHostEntry
- 0x163f1:$b7: LogClientException
- 0x1266b:$b8: PipeExists
- 0x101b7:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.62aed0.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.rnixgfly.exe.62aed0.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.62aed0.2.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.62aed0.2.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xfef5:$x1: NanoCore Client
- 0xff05:$x1: NanoCore Client
- 0x1014d:$x2: NanoCore.ClientPlugin
- 0x1018d:$x3: NanoCore.ClientPluginHost
- 0x10142:$i1: IClientApp
- 0x10163:$i2: IClientData
- 0x1016f:$i3: IClientNetwork
- 0x1017e:$i4: IClientAppHost
- 0x101a7:$i5: IClientDataHost
- 0x101b7:$i6: IClientLoggingHost
- 0x101ca:$i7: IClientNetworkHost
- 0x101dd:$i8: IClientUIHost
- 0x101eb:$i9: IClientNameObjectCollection
- 0x10207:$i10: IClientReadOnlyNameObjectCollection
- 0xff54:$s1: ClientPlugin
- 0x10156:$s1: ClientPlugin
- 0x39bc0:$s1: ClientPlugin
- 0x1064a:$s2: EndPoint
- 0x10653:$s3: IPAddress
- 0x1065d:$s4: IPEndPoint
- 0x12093:$s6: get_ClientSettings
|
7.2.rnixgfly.exe.62aed0.2.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x39bc0:$b: ClientPlugin
- 0x4d3a6:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
|
7.2.rnixgfly.exe.62aed0.2.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1018d:$a1: NanoCore.ClientPluginHost
- 0x1014d:$a2: NanoCore.ClientPlugin
- 0x120a6:$b1: get_BuilderSettings
- 0xffa9:$b2: ClientLoaderForm.resources
- 0x117c6:$b3: PluginCommand
- 0x1017e:$b4: IClientAppHost
- 0x1a5fe:$b5: GetBlockHash
- 0x126fe:$b6: AddHostEntry
- 0x163f1:$b7: LogClientException
- 0x1266b:$b8: PipeExists
- 0x101b7:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.59d0000.25.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x5b0b:$x1: NanoCore.ClientPluginHost
- 0x5b44:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.59d0000.25.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x5b0b:$x2: NanoCore.ClientPluginHost
- 0x5c0f:$s4: PipeCreated
- 0x5b25:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.59d0000.25.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x5b87:$x2: NanoCore.ClientPlugin
- 0x5b0b:$x3: NanoCore.ClientPluginHost
- 0x5b9d:$i3: IClientNetwork
- 0x5b25:$i6: IClientLoggingHost
- 0x5b44:$i7: IClientNetworkHost
- 0x57fb:$s1: ClientPlugin
- 0x5b90:$s1: ClientPlugin
- 0x6cf4:$s3: IPAddress
|
7.2.rnixgfly.exe.59d0000.25.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x5b0b:$a1: NanoCore.ClientPluginHost
- 0x5b87:$a2: NanoCore.ClientPlugin
- 0x6710:$b7: LogClientException
- 0x5b25:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.6570000.26.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x605:$x1: NanoCore.ClientPluginHost
- 0x63e:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.6570000.26.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x605:$x2: NanoCore.ClientPluginHost
- 0x720:$s4: PipeCreated
- 0x61f:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.6570000.26.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x67f:$x2: NanoCore.ClientPlugin
- 0x605:$x3: NanoCore.ClientPluginHost
- 0x695:$i3: IClientNetwork
- 0x61f:$i6: IClientLoggingHost
- 0x63e:$i7: IClientNetworkHost
- 0x688:$s1: ClientPlugin
|
7.2.rnixgfly.exe.6570000.26.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x605:$a1: NanoCore.ClientPluginHost
- 0x67f:$a2: NanoCore.ClientPlugin
- 0xda0:$b7: LogClientException
- 0x61f:$b9: IClientLoggingHost
|
6.2.rnixgfly.exe.380000.1.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1fde5:$x1: NanoCore.ClientPluginHost
- 0x1fe22:$x2: IClientNetworkHost
- 0x23955:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
6.2.rnixgfly.exe.380000.1.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1fb5d:$x1: NanoCore Client.exe
- 0x1fde5:$x2: NanoCore.ClientPluginHost
- 0x2141e:$s1: PluginCommand
- 0x21412:$s2: FileCommand
- 0x222c3:$s3: PipeExists
- 0x2807a:$s4: PipeCreated
- 0x1fe0f:$s5: IClientLoggingHost
|
6.2.rnixgfly.exe.380000.1.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
6.2.rnixgfly.exe.380000.1.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1fb4d:$x1: NanoCore Client
- 0x1fb5d:$x1: NanoCore Client
- 0x1fda5:$x2: NanoCore.ClientPlugin
- 0x1fde5:$x3: NanoCore.ClientPluginHost
- 0x1fd9a:$i1: IClientApp
- 0x1fdbb:$i2: IClientData
- 0x1fdc7:$i3: IClientNetwork
- 0x1fdd6:$i4: IClientAppHost
- 0x1fdff:$i5: IClientDataHost
- 0x1fe0f:$i6: IClientLoggingHost
- 0x1fe22:$i7: IClientNetworkHost
- 0x1fe35:$i8: IClientUIHost
- 0x1fe43:$i9: IClientNameObjectCollection
- 0x1fe5f:$i10: IClientReadOnlyNameObjectCollection
- 0x1fbac:$s1: ClientPlugin
- 0x1fdae:$s1: ClientPlugin
- 0x202a2:$s2: EndPoint
- 0x202ab:$s3: IPAddress
- 0x202b5:$s4: IPEndPoint
- 0x21ceb:$s6: get_ClientSettings
- 0x2228f:$s7: get_Connected
|
6.2.rnixgfly.exe.380000.1.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x1fb4d:$a: NanoCore
- 0x1fb5d:$a: NanoCore
- 0x1fd91:$a: NanoCore
- 0x1fda5:$a: NanoCore
- 0x1fde5:$a: NanoCore
- 0x1fbac:$b: ClientPlugin
- 0x1fdae:$b: ClientPlugin
- 0x1fdee:$b: ClientPlugin
- 0x1fcd3:$c: ProjectData
- 0x206da:$d: DESCrypto
- 0x280a6:$e: KeepAlive
- 0x26094:$g: LogClientMessage
- 0x2228f:$i: get_Connected
- 0x20a10:$j: #=q
- 0x20a40:$j: #=q
- 0x20a5c:$j: #=q
- 0x20a8c:$j: #=q
- 0x20aa8:$j: #=q
- 0x20ac4:$j: #=q
- 0x20af4:$j: #=q
- 0x20b10:$j: #=q
|
6.2.rnixgfly.exe.380000.1.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1fde5:$a1: NanoCore.ClientPluginHost
- 0x1fda5:$a2: NanoCore.ClientPlugin
- 0x21cfe:$b1: get_BuilderSettings
- 0x1fc01:$b2: ClientLoaderForm.resources
- 0x2141e:$b3: PluginCommand
- 0x1fdd6:$b4: IClientAppHost
- 0x2a256:$b5: GetBlockHash
- 0x22356:$b6: AddHostEntry
- 0x26049:$b7: LogClientException
- 0x222c3:$b8: PipeExists
- 0x1fe0f:$b9: IClientLoggingHost
|
7.3.rnixgfly.exe.3699e05.1.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x227f:$x2: NanoCore.ClientPlugin
- 0x8220:$x2: NanoCore.ClientPlugin
- 0x11d2c:$x2: NanoCore.ClientPlugin
- 0x1c10d:$x2: NanoCore.ClientPlugin
- 0x27021:$x2: NanoCore.ClientPlugin
- 0x32dc3:$x2: NanoCore.ClientPlugin
- 0x57cc7:$x2: NanoCore.ClientPlugin
- 0x6710b:$x2: NanoCore.ClientPlugin
- 0x2205:$x3: NanoCore.ClientPluginHost
- 0x81d6:$x3: NanoCore.ClientPluginHost
- 0x11c42:$x3: NanoCore.ClientPluginHost
- 0x1c06d:$x3: NanoCore.ClientPluginHost
- 0x2704a:$x3: NanoCore.ClientPluginHost
- 0x32dec:$x3: NanoCore.ClientPluginHost
- 0x57cf0:$x3: NanoCore.ClientPluginHost
- 0x67130:$x3: NanoCore.ClientPluginHost
- 0x2295:$i3: IClientNetwork
- 0x8236:$i3: IClientNetwork
- 0x11d42:$i3: IClientNetwork
- 0x1c123:$i3: IClientNetwork
- 0x27012:$i3: IClientNetwork
|
7.3.rnixgfly.exe.3699e05.1.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2205:$a: NanoCore
- 0x227f:$a: NanoCore
- 0x6e1c:$a: NanoCore
- 0x81d6:$a: NanoCore
- 0x8220:$a: NanoCore
- 0x8e7a:$a: NanoCore
- 0x11c42:$a: NanoCore
- 0x11d2c:$a: NanoCore
- 0x12ba3:$a: NanoCore
- 0x1bd4d:$a: NanoCore
- 0x1bdae:$a: NanoCore
- 0x1bdf1:$a: NanoCore
- 0x1be31:$a: NanoCore
- 0x1c06d:$a: NanoCore
- 0x1c10d:$a: NanoCore
- 0x1c8e5:$a: NanoCore
- 0x1ced8:$a: NanoCore
- 0x1d029:$a: NanoCore
- 0x1de83:$a: NanoCore
- 0x1e0ea:$a: NanoCore
- 0x1e0ff:$a: NanoCore
|
7.3.rnixgfly.exe.3699e05.1.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x2205:$a1: NanoCore.ClientPluginHost
- 0x81d6:$a1: NanoCore.ClientPluginHost
- 0x11c42:$a1: NanoCore.ClientPluginHost
- 0x1c06d:$a1: NanoCore.ClientPluginHost
- 0x2704a:$a1: NanoCore.ClientPluginHost
- 0x32dec:$a1: NanoCore.ClientPluginHost
- 0x57cf0:$a1: NanoCore.ClientPluginHost
- 0x67130:$a1: NanoCore.ClientPluginHost
- 0x227f:$a2: NanoCore.ClientPlugin
- 0x8220:$a2: NanoCore.ClientPlugin
- 0x11d2c:$a2: NanoCore.ClientPlugin
- 0x1c10d:$a2: NanoCore.ClientPlugin
- 0x27021:$a2: NanoCore.ClientPlugin
- 0x32dc3:$a2: NanoCore.ClientPlugin
- 0x57cc7:$a2: NanoCore.ClientPlugin
- 0x6710b:$a2: NanoCore.ClientPlugin
- 0x67121:$b4: IClientAppHost
- 0x29a0:$b7: LogClientException
- 0x13585:$b7: LogClientException
- 0x1ce63:$b7: LogClientException
- 0x35135:$b7: LogClientException
|
6.2.rnixgfly.exe.380000.1.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x237e5:$x1: NanoCore.ClientPluginHost
- 0x23822:$x2: IClientNetworkHost
- 0x27355:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
6.2.rnixgfly.exe.380000.1.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x2355d:$x1: NanoCore Client.exe
- 0x237e5:$x2: NanoCore.ClientPluginHost
- 0x24e1e:$s1: PluginCommand
- 0x24e12:$s2: FileCommand
- 0x25cc3:$s3: PipeExists
- 0x2ba7a:$s4: PipeCreated
- 0x2380f:$s5: IClientLoggingHost
|
6.2.rnixgfly.exe.380000.1.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
6.2.rnixgfly.exe.380000.1.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x2354d:$x1: NanoCore Client
- 0x2355d:$x1: NanoCore Client
- 0x237a5:$x2: NanoCore.ClientPlugin
- 0x237e5:$x3: NanoCore.ClientPluginHost
- 0x2379a:$i1: IClientApp
- 0x237bb:$i2: IClientData
- 0x237c7:$i3: IClientNetwork
- 0x237d6:$i4: IClientAppHost
- 0x237ff:$i5: IClientDataHost
- 0x2380f:$i6: IClientLoggingHost
- 0x23822:$i7: IClientNetworkHost
- 0x23835:$i8: IClientUIHost
- 0x23843:$i9: IClientNameObjectCollection
- 0x2385f:$i10: IClientReadOnlyNameObjectCollection
- 0x235ac:$s1: ClientPlugin
- 0x237ae:$s1: ClientPlugin
- 0x23ca2:$s2: EndPoint
- 0x23cab:$s3: IPAddress
- 0x23cb5:$s4: IPEndPoint
- 0x256eb:$s6: get_ClientSettings
- 0x25c8f:$s7: get_Connected
|
6.2.rnixgfly.exe.380000.1.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2354d:$a: NanoCore
- 0x2355d:$a: NanoCore
- 0x23791:$a: NanoCore
- 0x237a5:$a: NanoCore
- 0x237e5:$a: NanoCore
- 0x235ac:$b: ClientPlugin
- 0x237ae:$b: ClientPlugin
- 0x237ee:$b: ClientPlugin
- 0x236d3:$c: ProjectData
- 0x240da:$d: DESCrypto
- 0x2baa6:$e: KeepAlive
- 0x29a94:$g: LogClientMessage
- 0x25c8f:$i: get_Connected
- 0x24410:$j: #=q
- 0x24440:$j: #=q
- 0x2445c:$j: #=q
- 0x2448c:$j: #=q
- 0x244a8:$j: #=q
- 0x244c4:$j: #=q
- 0x244f4:$j: #=q
- 0x24510:$j: #=q
|
6.2.rnixgfly.exe.380000.1.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x237e5:$a1: NanoCore.ClientPluginHost
- 0x237a5:$a2: NanoCore.ClientPlugin
- 0x256fe:$b1: get_BuilderSettings
- 0x23601:$b2: ClientLoaderForm.resources
- 0x24e1e:$b3: PluginCommand
- 0x237d6:$b4: IClientAppHost
- 0x2dc56:$b5: GetBlockHash
- 0x25d56:$b6: AddHostEntry
- 0x29a49:$b7: LogClientException
- 0x25cc3:$b8: PipeExists
- 0x2380f:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.5000000.22.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.5000000.22.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.5000000.22.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.5000000.22.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xf778:$x2: NanoCore.ClientPlugin
- 0xf7ad:$x3: NanoCore.ClientPluginHost
- 0xf76c:$i2: IClientData
- 0xf78e:$i3: IClientNetwork
- 0xf79d:$i5: IClientDataHost
- 0xf7c7:$i6: IClientLoggingHost
- 0xf7da:$i7: IClientNetworkHost
- 0xf7ed:$i8: IClientUIHost
- 0xf7fb:$i9: IClientNameObjectCollection
- 0xf817:$i10: IClientReadOnlyNameObjectCollection
- 0xf56a:$s1: ClientPlugin
- 0xf781:$s1: ClientPlugin
- 0x147a2:$s6: get_ClientSettings
|
7.2.rnixgfly.exe.5000000.22.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xf7ad:$a1: NanoCore.ClientPluginHost
- 0xf778:$a2: NanoCore.ClientPlugin
- 0x146f3:$b1: get_BuilderSettings
- 0x14662:$b7: LogClientException
- 0xf7c7:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.2299338.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x15d1f:$x1: NanoCore.ClientPluginHost
- 0x1fb7f:$x1: NanoCore.ClientPluginHost
- 0x27ab5:$x1: NanoCore.ClientPluginHost
- 0x2da98:$x1: NanoCore.ClientPluginHost
- 0x37513:$x1: NanoCore.ClientPluginHost
- 0x4194f:$x1: NanoCore.ClientPluginHost
- 0x4c941:$x1: NanoCore.ClientPluginHost
- 0x586f7:$x1: NanoCore.ClientPluginHost
- 0x6445a:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
- 0x15d58:$x2: IClientNetworkHost
- 0x1fbb8:$x2: IClientNetworkHost
- 0x27aee:$x2: IClientNetworkHost
- 0x37670:$x2: IClientNetworkHost
- 0x41988:$x2: IClientNetworkHost
- 0x4c95b:$x2: IClientNetworkHost
- 0x58711:$x2: IClientNetworkHost
- 0x64497:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.2299338.5.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x15d1f:$x2: NanoCore.ClientPluginHost
- 0x1fb7f:$x2: NanoCore.ClientPluginHost
- 0x27ab5:$x2: NanoCore.ClientPluginHost
- 0x2da98:$x2: NanoCore.ClientPluginHost
- 0x37513:$x2: NanoCore.ClientPluginHost
- 0x4194f:$x2: NanoCore.ClientPluginHost
- 0x4c941:$x2: NanoCore.ClientPluginHost
- 0x586f7:$x2: NanoCore.ClientPluginHost
- 0x6445a:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0x38469:$s3: PipeExists
- 0xe576:$s4: PipeCreated
- 0x15e3c:$s4: PipeCreated
- 0x1fc83:$s4: PipeCreated
- 0x27bd0:$s4: PipeCreated
- 0x2db76:$s4: PipeCreated
- 0x37709:$s4: PipeCreated
- 0x41a9a:$s4: PipeCreated
- 0x4d976:$s4: PipeCreated
- 0x5a4a2:$s4: PipeCreated
|
7.2.rnixgfly.exe.2299338.5.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x8b7f:$x2: NanoCore.ClientPlugin
- 0x15d9b:$x2: NanoCore.ClientPlugin
- 0x1fbfb:$x2: NanoCore.ClientPlugin
- 0x27b2f:$x2: NanoCore.ClientPlugin
- 0x2dae2:$x2: NanoCore.ClientPlugin
- 0x375fd:$x2: NanoCore.ClientPlugin
- 0x419ef:$x2: NanoCore.ClientPlugin
- 0x4c918:$x2: NanoCore.ClientPlugin
- 0x586ce:$x2: NanoCore.ClientPlugin
- 0x64435:$x2: NanoCore.ClientPlugin
- 0x8ba5:$x3: NanoCore.ClientPluginHost
- 0x15d1f:$x3: NanoCore.ClientPluginHost
- 0x1fb7f:$x3: NanoCore.ClientPluginHost
- 0x27ab5:$x3: NanoCore.ClientPluginHost
- 0x2da98:$x3: NanoCore.ClientPluginHost
- 0x37513:$x3: NanoCore.ClientPluginHost
- 0x4194f:$x3: NanoCore.ClientPluginHost
- 0x4c941:$x3: NanoCore.ClientPluginHost
- 0x586f7:$x3: NanoCore.ClientPluginHost
- 0x6445a:$x3: NanoCore.ClientPluginHost
- 0x8b70:$i3: IClientNetwork
|
7.2.rnixgfly.exe.2299338.5.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x8b7f:$a: NanoCore
- 0x8ba5:$a: NanoCore
- 0x8c01:$a: NanoCore
- 0x15a67:$a: NanoCore
- 0x15ac0:$a: NanoCore
- 0x15af3:$a: NanoCore
- 0x15d1f:$a: NanoCore
- 0x15d9b:$a: NanoCore
- 0x163b4:$a: NanoCore
- 0x164fd:$a: NanoCore
- 0x169d1:$a: NanoCore
- 0x16cb8:$a: NanoCore
- 0x16ccf:$a: NanoCore
- 0x1fb7f:$a: NanoCore
- 0x1fbfb:$a: NanoCore
- 0x224de:$a: NanoCore
- 0x27ab5:$a: NanoCore
- 0x27b2f:$a: NanoCore
- 0x2da98:$a: NanoCore
- 0x2dae2:$a: NanoCore
- 0x2e73c:$a: NanoCore
|
7.2.rnixgfly.exe.2299338.5.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x8ba5:$a1: NanoCore.ClientPluginHost
- 0x15d1f:$a1: NanoCore.ClientPluginHost
- 0x1fb7f:$a1: NanoCore.ClientPluginHost
- 0x27ab5:$a1: NanoCore.ClientPluginHost
- 0x2da98:$a1: NanoCore.ClientPluginHost
- 0x37513:$a1: NanoCore.ClientPluginHost
- 0x4194f:$a1: NanoCore.ClientPluginHost
- 0x4c941:$a1: NanoCore.ClientPluginHost
- 0x586f7:$a1: NanoCore.ClientPluginHost
- 0x6445a:$a1: NanoCore.ClientPluginHost
- 0x8b7f:$a2: NanoCore.ClientPlugin
- 0x15d9b:$a2: NanoCore.ClientPlugin
- 0x1fbfb:$a2: NanoCore.ClientPlugin
- 0x27b2f:$a2: NanoCore.ClientPlugin
- 0x2dae2:$a2: NanoCore.ClientPlugin
- 0x375fd:$a2: NanoCore.ClientPlugin
- 0x419ef:$a2: NanoCore.ClientPlugin
- 0x4c918:$a2: NanoCore.ClientPlugin
- 0x586ce:$a2: NanoCore.ClientPlugin
- 0x64435:$a2: NanoCore.ClientPlugin
- 0x6444b:$b4: IClientAppHost
|
7.2.rnixgfly.exe.32154f0.16.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1f1db:$x1: NanoCore.ClientPluginHost
- 0x1f1f5:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.32154f0.16.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1f1db:$x2: NanoCore.ClientPluginHost
- 0x22518:$s4: PipeCreated
- 0x1f1c8:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.32154f0.16.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1f1b2:$x2: NanoCore.ClientPlugin
- 0x1f1db:$x3: NanoCore.ClientPluginHost
- 0x1f1a3:$i3: IClientNetwork
- 0x1f1c8:$i6: IClientLoggingHost
- 0x1f1f5:$i7: IClientNetworkHost
- 0x1f208:$i8: IClientUIHost
- 0x1ef12:$s1: ClientPlugin
- 0x1f1bb:$s1: ClientPlugin
|
7.2.rnixgfly.exe.32154f0.16.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1f1db:$a1: NanoCore.ClientPluginHost
- 0x1f1b2:$a2: NanoCore.ClientPlugin
- 0x24206:$b7: LogClientException
- 0x1f1c8:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.4df0000.20.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.4df0000.20.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x4bbb:$x2: NanoCore.ClientPluginHost
- 0x6a6b:$s4: PipeCreated
|
7.2.rnixgfly.exe.4df0000.20.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x4b96:$x2: NanoCore.ClientPlugin
- 0x4bbb:$x3: NanoCore.ClientPluginHost
- 0x4b87:$i3: IClientNetwork
- 0x4bac:$i4: IClientAppHost
- 0x4bd5:$i5: IClientDataHost
- 0x4be5:$i7: IClientNetworkHost
- 0x4bf8:$i9: IClientNameObjectCollection
- 0x4c1d:$i10: IClientReadOnlyNameObjectCollection
- 0x49ce:$s1: ClientPlugin
- 0x4b9f:$s1: ClientPlugin
|
7.2.rnixgfly.exe.4df0000.20.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x4bbb:$a1: NanoCore.ClientPluginHost
- 0x4b96:$a2: NanoCore.ClientPlugin
- 0x8558:$b1: get_BuilderSettings
- 0x4bac:$b4: IClientAppHost
|
7.2.rnixgfly.exe.352b627.10.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.352b627.10.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.352b627.10.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x16e2:$x2: NanoCore.ClientPlugin
- 0x170b:$x3: NanoCore.ClientPluginHost
- 0x16d3:$i3: IClientNetwork
- 0x16f8:$i6: IClientLoggingHost
- 0x1725:$i7: IClientNetworkHost
- 0x154e:$s1: ClientPlugin
- 0x16eb:$s1: ClientPlugin
|
7.2.rnixgfly.exe.352b627.10.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x170b:$a1: NanoCore.ClientPluginHost
- 0x16e2:$a2: NanoCore.ClientPlugin
- 0x3a54:$b7: LogClientException
- 0x16f8:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.2299338.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.2299338.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.2299338.5.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x6d7f:$x2: NanoCore.ClientPlugin
- 0x6da5:$x3: NanoCore.ClientPluginHost
- 0x6d70:$i3: IClientNetwork
- 0x6d95:$i5: IClientDataHost
- 0x6dbf:$i6: IClientLoggingHost
- 0x6dd2:$i7: IClientNetworkHost
- 0x6de5:$i9: IClientNameObjectCollection
- 0x6b02:$s1: ClientPlugin
- 0x6d88:$s1: ClientPlugin
|
7.2.rnixgfly.exe.2299338.5.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x6da5:$a1: NanoCore.ClientPluginHost
- 0x6d7f:$a2: NanoCore.ClientPlugin
- 0x6dbf:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.62aed0.2.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.rnixgfly.exe.62aed0.2.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.62aed0.2.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.62aed0.2.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe0f5:$x1: NanoCore Client
- 0xe105:$x1: NanoCore Client
- 0xe34d:$x2: NanoCore.ClientPlugin
- 0xe38d:$x3: NanoCore.ClientPluginHost
- 0xe342:$i1: IClientApp
- 0xe363:$i2: IClientData
- 0xe36f:$i3: IClientNetwork
- 0xe37e:$i4: IClientAppHost
- 0xe3a7:$i5: IClientDataHost
- 0xe3b7:$i6: IClientLoggingHost
- 0xe3ca:$i7: IClientNetworkHost
- 0xe3dd:$i8: IClientUIHost
- 0xe3eb:$i9: IClientNameObjectCollection
- 0xe407:$i10: IClientReadOnlyNameObjectCollection
- 0xe154:$s1: ClientPlugin
- 0xe356:$s1: ClientPlugin
- 0xe84a:$s2: EndPoint
- 0xe853:$s3: IPAddress
- 0xe85d:$s4: IPEndPoint
- 0x10293:$s6: get_ClientSettings
- 0x10837:$s7: get_Connected
|
7.2.rnixgfly.exe.62aed0.2.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
7.2.rnixgfly.exe.62aed0.2.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xe38d:$a1: NanoCore.ClientPluginHost
- 0xe34d:$a2: NanoCore.ClientPlugin
- 0x102a6:$b1: get_BuilderSettings
- 0xe1a9:$b2: ClientLoaderForm.resources
- 0xf9c6:$b3: PluginCommand
- 0xe37e:$b4: IClientAppHost
- 0x187fe:$b5: GetBlockHash
- 0x108fe:$b6: AddHostEntry
- 0x145f1:$b7: LogClientException
- 0x1086b:$b8: PipeExists
- 0xe3b7:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.32154f0.16.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.32154f0.16.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.32154f0.16.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1d3b2:$x2: NanoCore.ClientPlugin
- 0x1d3db:$x3: NanoCore.ClientPluginHost
- 0x1d3a3:$i3: IClientNetwork
- 0x1d3c8:$i6: IClientLoggingHost
- 0x1d3f5:$i7: IClientNetworkHost
- 0x1d408:$i8: IClientUIHost
- 0x1d112:$s1: ClientPlugin
- 0x1d3bb:$s1: ClientPlugin
|
7.2.rnixgfly.exe.32154f0.16.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1d3db:$a1: NanoCore.ClientPluginHost
- 0x1d3b2:$a2: NanoCore.ClientPlugin
- 0x22406:$b7: LogClientException
- 0x1d3c8:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.353485d.14.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1f1db:$x1: NanoCore.ClientPluginHost
- 0x2e61d:$x1: NanoCore.ClientPluginHost
- 0x8bf8a:$x1: NanoCore.ClientPluginHost
- 0x963b5:$x1: NanoCore.ClientPluginHost
- 0xa1392:$x1: NanoCore.ClientPluginHost
- 0xad134:$x1: NanoCore.ClientPluginHost
- 0xd2038:$x1: NanoCore.ClientPluginHost
- 0xe1478:$x1: NanoCore.ClientPluginHost
- 0x1f1f5:$x2: IClientNetworkHost
- 0x2e65a:$x2: IClientNetworkHost
- 0x8c0e7:$x2: IClientNetworkHost
- 0x963ee:$x2: IClientNetworkHost
- 0xa13ac:$x2: IClientNetworkHost
- 0xad14e:$x2: IClientNetworkHost
- 0xd2052:$x2: IClientNetworkHost
- 0xe14b5:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.353485d.14.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1f1b2:$x2: NanoCore.ClientPlugin
- 0x2e5f8:$x2: NanoCore.ClientPlugin
- 0x8c074:$x2: NanoCore.ClientPlugin
- 0x96455:$x2: NanoCore.ClientPlugin
- 0xa1369:$x2: NanoCore.ClientPlugin
- 0xad10b:$x2: NanoCore.ClientPlugin
- 0xd200f:$x2: NanoCore.ClientPlugin
- 0xe1453:$x2: NanoCore.ClientPlugin
- 0x1f1db:$x3: NanoCore.ClientPluginHost
- 0x2e61d:$x3: NanoCore.ClientPluginHost
- 0x8bf8a:$x3: NanoCore.ClientPluginHost
- 0x963b5:$x3: NanoCore.ClientPluginHost
- 0xa1392:$x3: NanoCore.ClientPluginHost
- 0xad134:$x3: NanoCore.ClientPluginHost
- 0xd2038:$x3: NanoCore.ClientPluginHost
- 0xe1478:$x3: NanoCore.ClientPluginHost
- 0x1f1a3:$i3: IClientNetwork
- 0x2e5e9:$i3: IClientNetwork
- 0x8c08a:$i3: IClientNetwork
- 0x9646b:$i3: IClientNetwork
- 0xa135a:$i3: IClientNetwork
|
7.2.rnixgfly.exe.353485d.14.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x1f19a:$a: NanoCore
- 0x1f1b2:$a: NanoCore
- 0x1f1db:$a: NanoCore
- 0x2e5e0:$a: NanoCore
- 0x2e5f8:$a: NanoCore
- 0x2e61d:$a: NanoCore
- 0x8bf8a:$a: NanoCore
- 0x8c074:$a: NanoCore
- 0x8ceeb:$a: NanoCore
- 0x96095:$a: NanoCore
- 0x960f6:$a: NanoCore
- 0x96139:$a: NanoCore
- 0x96179:$a: NanoCore
- 0x963b5:$a: NanoCore
- 0x96455:$a: NanoCore
- 0x96c2d:$a: NanoCore
- 0x97220:$a: NanoCore
- 0x97371:$a: NanoCore
- 0x981cb:$a: NanoCore
- 0x98432:$a: NanoCore
- 0x98447:$a: NanoCore
|
7.2.rnixgfly.exe.353485d.14.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1f1db:$a1: NanoCore.ClientPluginHost
- 0x2e61d:$a1: NanoCore.ClientPluginHost
- 0x8bf8a:$a1: NanoCore.ClientPluginHost
- 0x963b5:$a1: NanoCore.ClientPluginHost
- 0xa1392:$a1: NanoCore.ClientPluginHost
- 0xad134:$a1: NanoCore.ClientPluginHost
- 0xd2038:$a1: NanoCore.ClientPluginHost
- 0xe1478:$a1: NanoCore.ClientPluginHost
- 0x1f1b2:$a2: NanoCore.ClientPlugin
- 0x2e5f8:$a2: NanoCore.ClientPlugin
- 0x8c074:$a2: NanoCore.ClientPlugin
- 0x96455:$a2: NanoCore.ClientPlugin
- 0xa1369:$a2: NanoCore.ClientPlugin
- 0xad10b:$a2: NanoCore.ClientPlugin
- 0xd200f:$a2: NanoCore.ClientPlugin
- 0xe1453:$a2: NanoCore.ClientPlugin
- 0x2e60e:$b4: IClientAppHost
- 0xe1469:$b4: IClientAppHost
- 0x24206:$b7: LogClientException
- 0x32afd:$b7: LogClientException
- 0x8d8cd:$b7: LogClientException
|
7.2.rnixgfly.exe.22ad974.7.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x16e3:$x1: NanoCore.ClientPluginHost
- 0xb543:$x1: NanoCore.ClientPluginHost
- 0x13479:$x1: NanoCore.ClientPluginHost
- 0x1945c:$x1: NanoCore.ClientPluginHost
- 0x22ed7:$x1: NanoCore.ClientPluginHost
- 0x2d313:$x1: NanoCore.ClientPluginHost
- 0x38305:$x1: NanoCore.ClientPluginHost
- 0x440bb:$x1: NanoCore.ClientPluginHost
- 0x4fe1e:$x1: NanoCore.ClientPluginHost
- 0x171c:$x2: IClientNetworkHost
- 0xb57c:$x2: IClientNetworkHost
- 0x134b2:$x2: IClientNetworkHost
- 0x23034:$x2: IClientNetworkHost
- 0x2d34c:$x2: IClientNetworkHost
- 0x3831f:$x2: IClientNetworkHost
- 0x440d5:$x2: IClientNetworkHost
- 0x4fe5b:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.22ad974.7.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x16e3:$x2: NanoCore.ClientPluginHost
- 0xb543:$x2: NanoCore.ClientPluginHost
- 0x13479:$x2: NanoCore.ClientPluginHost
- 0x1945c:$x2: NanoCore.ClientPluginHost
- 0x22ed7:$x2: NanoCore.ClientPluginHost
- 0x2d313:$x2: NanoCore.ClientPluginHost
- 0x38305:$x2: NanoCore.ClientPluginHost
- 0x440bb:$x2: NanoCore.ClientPluginHost
- 0x4fe1e:$x2: NanoCore.ClientPluginHost
- 0x23e2d:$s3: PipeExists
- 0x1800:$s4: PipeCreated
- 0xb647:$s4: PipeCreated
- 0x13594:$s4: PipeCreated
- 0x1953a:$s4: PipeCreated
- 0x230cd:$s4: PipeCreated
- 0x2d45e:$s4: PipeCreated
- 0x3933a:$s4: PipeCreated
- 0x45e66:$s4: PipeCreated
- 0x53271:$s4: PipeCreated
- 0x16fd:$s5: IClientLoggingHost
- 0xb55d:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.22ad974.7.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x175f:$x2: NanoCore.ClientPlugin
- 0xb5bf:$x2: NanoCore.ClientPlugin
- 0x134f3:$x2: NanoCore.ClientPlugin
- 0x194a6:$x2: NanoCore.ClientPlugin
- 0x22fc1:$x2: NanoCore.ClientPlugin
- 0x2d3b3:$x2: NanoCore.ClientPlugin
- 0x382dc:$x2: NanoCore.ClientPlugin
- 0x44092:$x2: NanoCore.ClientPlugin
- 0x4fdf9:$x2: NanoCore.ClientPlugin
- 0x16e3:$x3: NanoCore.ClientPluginHost
- 0xb543:$x3: NanoCore.ClientPluginHost
- 0x13479:$x3: NanoCore.ClientPluginHost
- 0x1945c:$x3: NanoCore.ClientPluginHost
- 0x22ed7:$x3: NanoCore.ClientPluginHost
- 0x2d313:$x3: NanoCore.ClientPluginHost
- 0x38305:$x3: NanoCore.ClientPluginHost
- 0x440bb:$x3: NanoCore.ClientPluginHost
- 0x4fe1e:$x3: NanoCore.ClientPluginHost
- 0x1775:$i3: IClientNetwork
- 0xb5d5:$i3: IClientNetwork
- 0x13509:$i3: IClientNetwork
|
7.2.rnixgfly.exe.22ad974.7.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x142b:$a: NanoCore
- 0x1484:$a: NanoCore
- 0x14b7:$a: NanoCore
- 0x16e3:$a: NanoCore
- 0x175f:$a: NanoCore
- 0x1d78:$a: NanoCore
- 0x1ec1:$a: NanoCore
- 0x2395:$a: NanoCore
- 0x267c:$a: NanoCore
- 0x2693:$a: NanoCore
- 0xb543:$a: NanoCore
- 0xb5bf:$a: NanoCore
- 0xdea2:$a: NanoCore
- 0x13479:$a: NanoCore
- 0x134f3:$a: NanoCore
- 0x1945c:$a: NanoCore
- 0x194a6:$a: NanoCore
- 0x1a100:$a: NanoCore
- 0x22ed7:$a: NanoCore
- 0x22fc1:$a: NanoCore
- 0x23e38:$a: NanoCore
|
7.2.rnixgfly.exe.22ad974.7.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x16e3:$a1: NanoCore.ClientPluginHost
- 0xb543:$a1: NanoCore.ClientPluginHost
- 0x13479:$a1: NanoCore.ClientPluginHost
- 0x1945c:$a1: NanoCore.ClientPluginHost
- 0x22ed7:$a1: NanoCore.ClientPluginHost
- 0x2d313:$a1: NanoCore.ClientPluginHost
- 0x38305:$a1: NanoCore.ClientPluginHost
- 0x440bb:$a1: NanoCore.ClientPluginHost
- 0x4fe1e:$a1: NanoCore.ClientPluginHost
- 0x175f:$a2: NanoCore.ClientPlugin
- 0xb5bf:$a2: NanoCore.ClientPlugin
- 0x134f3:$a2: NanoCore.ClientPlugin
- 0x194a6:$a2: NanoCore.ClientPlugin
- 0x22fc1:$a2: NanoCore.ClientPlugin
- 0x2d3b3:$a2: NanoCore.ClientPlugin
- 0x382dc:$a2: NanoCore.ClientPlugin
- 0x44092:$a2: NanoCore.ClientPlugin
- 0x4fdf9:$a2: NanoCore.ClientPlugin
- 0x4fe0f:$b4: IClientAppHost
- 0xc148:$b7: LogClientException
- 0x13c14:$b7: LogClientException
|
7.2.rnixgfly.exe.6590000.28.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x59eb:$x1: NanoCore.ClientPluginHost
- 0x5b48:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.6590000.28.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x59eb:$x2: NanoCore.ClientPluginHost
- 0x6941:$s3: PipeExists
- 0x5be1:$s4: PipeCreated
- 0x5a05:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.6590000.28.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x5ad5:$x2: NanoCore.ClientPlugin
- 0x59eb:$x3: NanoCore.ClientPluginHost
- 0x5aeb:$i3: IClientNetwork
- 0x5a24:$i5: IClientDataHost
- 0x5a05:$i6: IClientLoggingHost
- 0x5b48:$i7: IClientNetworkHost
- 0x5a43:$i8: IClientUIHost
- 0x6955:$i9: IClientNameObjectCollection
- 0x54fc:$s1: ClientPlugin
- 0x5ade:$s1: ClientPlugin
- 0x6971:$s6: get_ClientSettings
|
7.2.rnixgfly.exe.6590000.28.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x59eb:$a1: NanoCore.ClientPluginHost
- 0x5ad5:$a2: NanoCore.ClientPlugin
- 0x732e:$b7: LogClientException
- 0x6941:$b8: PipeExists
- 0x5a05:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.65b0000.30.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x5b99:$x1: NanoCore.ClientPluginHost
- 0x5bb3:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.65b0000.30.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x5b99:$x2: NanoCore.ClientPluginHost
- 0x6bce:$s4: PipeCreated
- 0x5b86:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.65b0000.30.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x5b70:$x2: NanoCore.ClientPlugin
- 0x5b99:$x3: NanoCore.ClientPluginHost
- 0x5b61:$i3: IClientNetwork
- 0x5b86:$i6: IClientLoggingHost
- 0x5bb3:$i7: IClientNetworkHost
- 0x59d4:$s1: ClientPlugin
- 0x5b79:$s1: ClientPlugin
- 0x5e84:$s2: EndPoint
- 0x5e8d:$s3: IPAddress
- 0x5e97:$s4: IPEndPoint
|
7.2.rnixgfly.exe.65b0000.30.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x5b99:$a1: NanoCore.ClientPluginHost
- 0x5b70:$a2: NanoCore.ClientPlugin
- 0x5b86:$b9: IClientLoggingHost
|
7.3.rnixgfly.exe.3699e05.1.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x605:$x1: NanoCore.ClientPluginHost
- 0x3bd6:$x1: NanoCore.ClientPluginHost
- 0x63e:$x2: IClientNetworkHost
|
7.3.rnixgfly.exe.3699e05.1.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x605:$x2: NanoCore.ClientPluginHost
- 0x3bd6:$x2: NanoCore.ClientPluginHost
- 0x720:$s4: PipeCreated
- 0x3cb4:$s4: PipeCreated
- 0x61f:$s5: IClientLoggingHost
- 0x3bf0:$s5: IClientLoggingHost
|
7.3.rnixgfly.exe.3699e05.1.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x67f:$x2: NanoCore.ClientPlugin
- 0x3c20:$x2: NanoCore.ClientPlugin
- 0x605:$x3: NanoCore.ClientPluginHost
- 0x3bd6:$x3: NanoCore.ClientPluginHost
- 0x695:$i3: IClientNetwork
- 0x3c36:$i3: IClientNetwork
- 0x61f:$i6: IClientLoggingHost
- 0x3bf0:$i6: IClientLoggingHost
- 0x63e:$i7: IClientNetworkHost
- 0x688:$s1: ClientPlugin
- 0x3c29:$s1: ClientPlugin
|
7.3.rnixgfly.exe.3699e05.1.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x605:$a1: NanoCore.ClientPluginHost
- 0x3bd6:$a1: NanoCore.ClientPluginHost
- 0x67f:$a2: NanoCore.ClientPlugin
- 0x3c20:$a2: NanoCore.ClientPlugin
- 0xda0:$b7: LogClientException
- 0x61f:$b9: IClientLoggingHost
- 0x3bf0:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.56d0000.23.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.56d0000.23.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0xe576:$s4: PipeCreated
- 0x8bbf:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.56d0000.23.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x8b7f:$x2: NanoCore.ClientPlugin
- 0x8ba5:$x3: NanoCore.ClientPluginHost
- 0x8b70:$i3: IClientNetwork
- 0x8b95:$i5: IClientDataHost
- 0x8bbf:$i6: IClientLoggingHost
- 0x8bd2:$i7: IClientNetworkHost
- 0x8be5:$i9: IClientNameObjectCollection
- 0x8902:$s1: ClientPlugin
- 0x8b88:$s1: ClientPlugin
|
7.2.rnixgfly.exe.56d0000.23.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x8ba5:$a1: NanoCore.ClientPluginHost
- 0x8b7f:$a2: NanoCore.ClientPlugin
- 0x8bbf:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.65de8a4.33.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x10937:$x1: NanoCore.ClientPluginHost
- 0x10951:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.65de8a4.33.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x10937:$x2: NanoCore.ClientPluginHost
- 0x13c74:$s4: PipeCreated
- 0x10924:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.65de8a4.33.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1090e:$x2: NanoCore.ClientPlugin
- 0x10937:$x3: NanoCore.ClientPluginHost
- 0x108ff:$i3: IClientNetwork
- 0x10924:$i6: IClientLoggingHost
- 0x10951:$i7: IClientNetworkHost
- 0x10964:$i8: IClientUIHost
- 0x1066e:$s1: ClientPlugin
- 0x10917:$s1: ClientPlugin
|
7.2.rnixgfly.exe.65de8a4.33.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x10937:$a1: NanoCore.ClientPluginHost
- 0x1090e:$a2: NanoCore.ClientPlugin
- 0x15962:$b7: LogClientException
- 0x10924:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.65d0000.32.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1f1db:$x1: NanoCore.ClientPluginHost
- 0x1f1f5:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.65d0000.32.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1f1db:$x2: NanoCore.ClientPluginHost
- 0x22518:$s4: PipeCreated
- 0x1f1c8:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.65d0000.32.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1f1b2:$x2: NanoCore.ClientPlugin
- 0x1f1db:$x3: NanoCore.ClientPluginHost
- 0x1f1a3:$i3: IClientNetwork
- 0x1f1c8:$i6: IClientLoggingHost
- 0x1f1f5:$i7: IClientNetworkHost
- 0x1f208:$i8: IClientUIHost
- 0x1ef12:$s1: ClientPlugin
- 0x1f1bb:$s1: ClientPlugin
|
7.2.rnixgfly.exe.65d0000.32.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1f1db:$a1: NanoCore.ClientPluginHost
- 0x1f1b2:$a2: NanoCore.ClientPlugin
- 0x24206:$b7: LogClientException
- 0x1f1c8:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.65c0000.31.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x350b:$x1: NanoCore.ClientPluginHost
- 0x3525:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.65c0000.31.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x350b:$x2: NanoCore.ClientPluginHost
- 0x52b6:$s4: PipeCreated
- 0x34f8:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.65c0000.31.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x34e2:$x2: NanoCore.ClientPlugin
- 0x350b:$x3: NanoCore.ClientPluginHost
- 0x34d3:$i3: IClientNetwork
- 0x34f8:$i6: IClientLoggingHost
- 0x3525:$i7: IClientNetworkHost
- 0x334e:$s1: ClientPlugin
- 0x34eb:$s1: ClientPlugin
|
7.2.rnixgfly.exe.65c0000.31.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x350b:$a1: NanoCore.ClientPluginHost
- 0x34e2:$a2: NanoCore.ClientPlugin
- 0x5854:$b7: LogClientException
- 0x34f8:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.65d0000.32.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.65d0000.32.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.65d0000.32.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1d3b2:$x2: NanoCore.ClientPlugin
- 0x1d3db:$x3: NanoCore.ClientPluginHost
- 0x1d3a3:$i3: IClientNetwork
- 0x1d3c8:$i6: IClientLoggingHost
- 0x1d3f5:$i7: IClientNetworkHost
- 0x1d408:$i8: IClientUIHost
- 0x1d112:$s1: ClientPlugin
- 0x1d3bb:$s1: ClientPlugin
|
7.2.rnixgfly.exe.65d0000.32.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1d3db:$a1: NanoCore.ClientPluginHost
- 0x1d3b2:$a2: NanoCore.ClientPlugin
- 0x22406:$b7: LogClientException
- 0x1d3c8:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.417058.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.rnixgfly.exe.417058.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.417058.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.417058.0.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xe0f5:$x1: NanoCore Client
- 0xe105:$x1: NanoCore Client
- 0xe34d:$x2: NanoCore.ClientPlugin
- 0xe38d:$x3: NanoCore.ClientPluginHost
- 0xe342:$i1: IClientApp
- 0xe363:$i2: IClientData
- 0xe36f:$i3: IClientNetwork
- 0xe37e:$i4: IClientAppHost
- 0xe3a7:$i5: IClientDataHost
- 0xe3b7:$i6: IClientLoggingHost
- 0xe3ca:$i7: IClientNetworkHost
- 0xe3dd:$i8: IClientUIHost
- 0xe3eb:$i9: IClientNameObjectCollection
- 0xe407:$i10: IClientReadOnlyNameObjectCollection
- 0xe154:$s1: ClientPlugin
- 0xe356:$s1: ClientPlugin
- 0xe84a:$s2: EndPoint
- 0xe853:$s3: IPAddress
- 0xe85d:$s4: IPEndPoint
- 0x10293:$s6: get_ClientSettings
- 0x10837:$s7: get_Connected
|
7.2.rnixgfly.exe.417058.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
7.2.rnixgfly.exe.417058.0.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xe38d:$a1: NanoCore.ClientPluginHost
- 0xe34d:$a2: NanoCore.ClientPlugin
- 0x102a6:$b1: get_BuilderSettings
- 0xe1a9:$b2: ClientLoaderForm.resources
- 0xf9c6:$b3: PluginCommand
- 0xe37e:$b4: IClientAppHost
- 0x187fe:$b5: GetBlockHash
- 0x108fe:$b6: AddHostEntry
- 0x145f1:$b7: LogClientException
- 0x1086b:$b8: PipeExists
- 0xe3b7:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.3296b05.15.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0x23c40:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
- 0x23c6d:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.3296b05.15.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0x23c40:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0x24d1b:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
- 0x23c5a:$s5: IClientLoggingHost
|
7.2.rnixgfly.exe.3296b05.15.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.rnixgfly.exe.3296b05.15.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0xb14f:$x2: NanoCore.ClientPlugin
- 0x23c0b:$x2: NanoCore.ClientPlugin
- 0xb184:$x3: NanoCore.ClientPluginHost
- 0x23c40:$x3: NanoCore.ClientPluginHost
- 0xb143:$i2: IClientData
- 0x23bff:$i2: IClientData
- 0xb165:$i3: IClientNetwork
- 0x23c21:$i3: IClientNetwork
- 0xb174:$i5: IClientDataHost
- 0x23c30:$i5: IClientDataHost
- 0xb19e:$i6: IClientLoggingHost
- 0x23c5a:$i6: IClientLoggingHost
- 0xb1b1:$i7: IClientNetworkHost
- 0x23c6d:$i7: IClientNetworkHost
- 0xb1c4:$i8: IClientUIHost
- 0x23c80:$i8: IClientUIHost
- 0xb1d2:$i9: IClientNameObjectCollection
- 0x23c8e:$i9: IClientNameObjectCollection
- 0xb1ee:$i10: IClientReadOnlyNameObjectCollection
- 0x23caa:$i10: IClientReadOnlyNameObjectCollection
- 0xaf41:$s1: ClientPlugin
|
7.2.rnixgfly.exe.3296b05.15.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0xb184:$a1: NanoCore.ClientPluginHost
- 0x23c40:$a1: NanoCore.ClientPluginHost
- 0xb14f:$a2: NanoCore.ClientPlugin
- 0x23c0b:$a2: NanoCore.ClientPlugin
- 0x100ca:$b1: get_BuilderSettings
- 0x28b86:$b1: get_BuilderSettings
- 0x10039:$b7: LogClientException
- 0x28af5:$b7: LogClientException
- 0xb19e:$b9: IClientLoggingHost
- 0x23c5a:$b9: IClientLoggingHost
|
7.2.rnixgfly.exe.352b627.10.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x350b:$x1: NanoCore.ClientPluginHost
- 0x28411:$x1: NanoCore.ClientPluginHost
- 0x37853:$x1: NanoCore.ClientPluginHost
- 0x951c0:$x1: NanoCore.ClientPluginHost
- 0x9f5eb:$x1: NanoCore.ClientPluginHost
- 0xaa5c8:$x1: NanoCore.ClientPluginHost
- 0xb636a:$x1: NanoCore.ClientPluginHost
- 0xdb26e:$x1: NanoCore.ClientPluginHost
- 0xea6ae:$x1: NanoCore.ClientPluginHost
- 0x3525:$x2: IClientNetworkHost
- 0x2842b:$x2: IClientNetworkHost
- 0x37890:$x2: IClientNetworkHost
- 0x9531d:$x2: IClientNetworkHost
- 0x9f624:$x2: IClientNetworkHost
- 0xaa5e2:$x2: IClientNetworkHost
- 0xb6384:$x2: IClientNetworkHost
- 0xdb288:$x2: IClientNetworkHost
- 0xea6eb:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.352b627.10.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x34e2:$x2: NanoCore.ClientPlugin
- 0x283e8:$x2: NanoCore.ClientPlugin
- 0x3782e:$x2: NanoCore.ClientPlugin
- 0x952aa:$x2: NanoCore.ClientPlugin
- 0x9f68b:$x2: NanoCore.ClientPlugin
- 0xaa59f:$x2: NanoCore.ClientPlugin
- 0xb6341:$x2: NanoCore.ClientPlugin
- 0xdb245:$x2: NanoCore.ClientPlugin
- 0xea689:$x2: NanoCore.ClientPlugin
- 0x350b:$x3: NanoCore.ClientPluginHost
- 0x28411:$x3: NanoCore.ClientPluginHost
- 0x37853:$x3: NanoCore.ClientPluginHost
- 0x951c0:$x3: NanoCore.ClientPluginHost
- 0x9f5eb:$x3: NanoCore.ClientPluginHost
- 0xaa5c8:$x3: NanoCore.ClientPluginHost
- 0xb636a:$x3: NanoCore.ClientPluginHost
- 0xdb26e:$x3: NanoCore.ClientPluginHost
- 0xea6ae:$x3: NanoCore.ClientPluginHost
- 0x34d3:$i3: IClientNetwork
- 0x283d9:$i3: IClientNetwork
- 0x3781f:$i3: IClientNetwork
|
7.2.rnixgfly.exe.352b627.10.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x34e2:$a: NanoCore
- 0x350b:$a: NanoCore
- 0x283d0:$a: NanoCore
- 0x283e8:$a: NanoCore
- 0x28411:$a: NanoCore
- 0x37816:$a: NanoCore
- 0x3782e:$a: NanoCore
- 0x37853:$a: NanoCore
- 0x951c0:$a: NanoCore
- 0x952aa:$a: NanoCore
- 0x96121:$a: NanoCore
- 0x9f2cb:$a: NanoCore
- 0x9f32c:$a: NanoCore
- 0x9f36f:$a: NanoCore
- 0x9f3af:$a: NanoCore
- 0x9f5eb:$a: NanoCore
- 0x9f68b:$a: NanoCore
- 0x9fe63:$a: NanoCore
- 0xa0456:$a: NanoCore
- 0xa05a7:$a: NanoCore
- 0xa1401:$a: NanoCore
|
7.2.rnixgfly.exe.352b627.10.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x350b:$a1: NanoCore.ClientPluginHost
- 0x28411:$a1: NanoCore.ClientPluginHost
- 0x37853:$a1: NanoCore.ClientPluginHost
- 0x951c0:$a1: NanoCore.ClientPluginHost
- 0x9f5eb:$a1: NanoCore.ClientPluginHost
- 0xaa5c8:$a1: NanoCore.ClientPluginHost
- 0xb636a:$a1: NanoCore.ClientPluginHost
- 0xdb26e:$a1: NanoCore.ClientPluginHost
- 0xea6ae:$a1: NanoCore.ClientPluginHost
- 0x34e2:$a2: NanoCore.ClientPlugin
- 0x283e8:$a2: NanoCore.ClientPlugin
- 0x3782e:$a2: NanoCore.ClientPlugin
- 0x952aa:$a2: NanoCore.ClientPlugin
- 0x9f68b:$a2: NanoCore.ClientPlugin
- 0xaa59f:$a2: NanoCore.ClientPlugin
- 0xb6341:$a2: NanoCore.ClientPlugin
- 0xdb245:$a2: NanoCore.ClientPlugin
- 0xea689:$a2: NanoCore.ClientPlugin
- 0x37844:$b4: IClientAppHost
- 0xea69f:$b4: IClientAppHost
- 0x5854:$b7: LogClientException
|
7.2.rnixgfly.exe.35394fc.9.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) | - 0x1a53c:$x1: NanoCore.ClientPluginHost
- 0x2997e:$x1: NanoCore.ClientPluginHost
- 0x872eb:$x1: NanoCore.ClientPluginHost
- 0x91716:$x1: NanoCore.ClientPluginHost
- 0x9c6f3:$x1: NanoCore.ClientPluginHost
- 0xa8495:$x1: NanoCore.ClientPluginHost
- 0xcd399:$x1: NanoCore.ClientPluginHost
- 0xdc7d9:$x1: NanoCore.ClientPluginHost
- 0x1a556:$x2: IClientNetworkHost
- 0x299bb:$x2: IClientNetworkHost
- 0x87448:$x2: IClientNetworkHost
- 0x9174f:$x2: IClientNetworkHost
- 0x9c70d:$x2: IClientNetworkHost
- 0xa84af:$x2: IClientNetworkHost
- 0xcd3b3:$x2: IClientNetworkHost
- 0xdc816:$x2: IClientNetworkHost
|
7.2.rnixgfly.exe.35394fc.9.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x1a513:$x2: NanoCore.ClientPlugin
- 0x29959:$x2: NanoCore.ClientPlugin
- 0x873d5:$x2: NanoCore.ClientPlugin
- 0x917b6:$x2: NanoCore.ClientPlugin
- 0x9c6ca:$x2: NanoCore.ClientPlugin
- 0xa846c:$x2: NanoCore.ClientPlugin
- 0xcd370:$x2: NanoCore.ClientPlugin
- 0xdc7b4:$x2: NanoCore.ClientPlugin
- 0x1a53c:$x3: NanoCore.ClientPluginHost
- 0x2997e:$x3: NanoCore.ClientPluginHost
- 0x872eb:$x3: NanoCore.ClientPluginHost
- 0x91716:$x3: NanoCore.ClientPluginHost
- 0x9c6f3:$x3: NanoCore.ClientPluginHost
- 0xa8495:$x3: NanoCore.ClientPluginHost
- 0xcd399:$x3: NanoCore.ClientPluginHost
- 0xdc7d9:$x3: NanoCore.ClientPluginHost
- 0x1a504:$i3: IClientNetwork
- 0x2994a:$i3: IClientNetwork
- 0x873eb:$i3: IClientNetwork
- 0x917cc:$i3: IClientNetwork
- 0x9c6bb:$i3: IClientNetwork
|
7.2.rnixgfly.exe.35394fc.9.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x1a4fb:$a: NanoCore
- 0x1a513:$a: NanoCore
- 0x1a53c:$a: NanoCore
- 0x29941:$a: NanoCore
- 0x29959:$a: NanoCore
- 0x2997e:$a: NanoCore
- 0x872eb:$a: NanoCore
- 0x873d5:$a: NanoCore
- 0x8824c:$a: NanoCore
- 0x913f6:$a: NanoCore
- 0x91457:$a: NanoCore
- 0x9149a:$a: NanoCore
- 0x914da:$a: NanoCore
- 0x91716:$a: NanoCore
- 0x917b6:$a: NanoCore
- 0x91f8e:$a: NanoCore
- 0x92581:$a: NanoCore
- 0x926d2:$a: NanoCore
- 0x9352c:$a: NanoCore
- 0x93793:$a: NanoCore
- 0x937a8:$a: NanoCore
|
7.2.rnixgfly.exe.35394fc.9.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x1a53c:$a1: NanoCore.ClientPluginHost
- 0x2997e:$a1: NanoCore.ClientPluginHost
- 0x872eb:$a1: NanoCore.ClientPluginHost
- 0x91716:$a1: NanoCore.ClientPluginHost
- 0x9c6f3:$a1: NanoCore.ClientPluginHost
- 0xa8495:$a1: NanoCore.ClientPluginHost
- 0xcd399:$a1: NanoCore.ClientPluginHost
- 0xdc7d9:$a1: NanoCore.ClientPluginHost
- 0x1a513:$a2: NanoCore.ClientPlugin
- 0x29959:$a2: NanoCore.ClientPlugin
- 0x873d5:$a2: NanoCore.ClientPlugin
- 0x917b6:$a2: NanoCore.ClientPlugin
- 0x9c6ca:$a2: NanoCore.ClientPlugin
- 0xa846c:$a2: NanoCore.ClientPlugin
- 0xcd370:$a2: NanoCore.ClientPlugin
- 0xdc7b4:$a2: NanoCore.ClientPlugin
- 0x2996f:$b4: IClientAppHost
- 0xdc7ca:$b4: IClientAppHost
- 0x1f567:$b7: LogClientException
- 0x2de5e:$b7: LogClientException
- 0x88c2e:$b7: LogClientException
|
7.3.rnixgfly.exe.36943d9.0.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x175f:$x2: NanoCore.ClientPlugin
- 0x7cab:$x2: NanoCore.ClientPlugin
- 0xdc4c:$x2: NanoCore.ClientPlugin
- 0x17758:$x2: NanoCore.ClientPlugin
- 0x21b39:$x2: NanoCore.ClientPlugin
- 0x2ca4d:$x2: NanoCore.ClientPlugin
- 0x387ef:$x2: NanoCore.ClientPlugin
- 0x5d6f3:$x2: NanoCore.ClientPlugin
- 0x6cb37:$x2: NanoCore.ClientPlugin
- 0x16e3:$x3: NanoCore.ClientPluginHost
- 0x7c31:$x3: NanoCore.ClientPluginHost
- 0xdc02:$x3: NanoCore.ClientPluginHost
- 0x1766e:$x3: NanoCore.ClientPluginHost
- 0x21a99:$x3: NanoCore.ClientPluginHost
- 0x2ca76:$x3: NanoCore.ClientPluginHost
- 0x38818:$x3: NanoCore.ClientPluginHost
- 0x5d71c:$x3: NanoCore.ClientPluginHost
- 0x6cb5c:$x3: NanoCore.ClientPluginHost
- 0x1775:$i3: IClientNetwork
- 0x7cc1:$i3: IClientNetwork
- 0xdc62:$i3: IClientNetwork
|
7.3.rnixgfly.exe.36943d9.0.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x142b:$a: NanoCore
- 0x1484:$a: NanoCore
- 0x14b7:$a: NanoCore
- 0x16e3:$a: NanoCore
- 0x175f:$a: NanoCore
- 0x1d78:$a: NanoCore
- 0x1ec1:$a: NanoCore
- 0x2395:$a: NanoCore
- 0x267c:$a: NanoCore
- 0x2693:$a: NanoCore
- 0x7c31:$a: NanoCore
- 0x7cab:$a: NanoCore
- 0xc848:$a: NanoCore
- 0xdc02:$a: NanoCore
- 0xdc4c:$a: NanoCore
- 0xe8a6:$a: NanoCore
- 0x1766e:$a: NanoCore
- 0x17758:$a: NanoCore
- 0x185cf:$a: NanoCore
- 0x21779:$a: NanoCore
- 0x217da:$a: NanoCore
|
7.3.rnixgfly.exe.36943d9.0.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x16e3:$a1: NanoCore.ClientPluginHost
- 0x7c31:$a1: NanoCore.ClientPluginHost
- 0xdc02:$a1: NanoCore.ClientPluginHost
- 0x1766e:$a1: NanoCore.ClientPluginHost
- 0x21a99:$a1: NanoCore.ClientPluginHost
- 0x2ca76:$a1: NanoCore.ClientPluginHost
- 0x38818:$a1: NanoCore.ClientPluginHost
- 0x5d71c:$a1: NanoCore.ClientPluginHost
- 0x6cb5c:$a1: NanoCore.ClientPluginHost
- 0x175f:$a2: NanoCore.ClientPlugin
- 0x7cab:$a2: NanoCore.ClientPlugin
- 0xdc4c:$a2: NanoCore.ClientPlugin
- 0x17758:$a2: NanoCore.ClientPlugin
- 0x21b39:$a2: NanoCore.ClientPlugin
- 0x2ca4d:$a2: NanoCore.ClientPlugin
- 0x387ef:$a2: NanoCore.ClientPlugin
- 0x5d6f3:$a2: NanoCore.ClientPlugin
- 0x6cb37:$a2: NanoCore.ClientPlugin
- 0x6cb4d:$b4: IClientAppHost
- 0x83cc:$b7: LogClientException
- 0x18fb1:$b7: LogClientException
|
7.3.rnixgfly.exe.367fdae.2.raw.unpack | MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen | - 0x8b7f:$x2: NanoCore.ClientPlugin
- 0x15d8a:$x2: NanoCore.ClientPlugin
- 0x1c2d6:$x2: NanoCore.ClientPlugin
- 0x22277:$x2: NanoCore.ClientPlugin
- 0x2bd83:$x2: NanoCore.ClientPlugin
- 0x36164:$x2: NanoCore.ClientPlugin
- 0x41078:$x2: NanoCore.ClientPlugin
- 0x4ce1a:$x2: NanoCore.ClientPlugin
- 0x71d1e:$x2: NanoCore.ClientPlugin
- 0x81162:$x2: NanoCore.ClientPlugin
- 0x8ba5:$x3: NanoCore.ClientPluginHost
- 0x15d0e:$x3: NanoCore.ClientPluginHost
- 0x1c25c:$x3: NanoCore.ClientPluginHost
- 0x2222d:$x3: NanoCore.ClientPluginHost
- 0x2bc99:$x3: NanoCore.ClientPluginHost
- 0x360c4:$x3: NanoCore.ClientPluginHost
- 0x410a1:$x3: NanoCore.ClientPluginHost
- 0x4ce43:$x3: NanoCore.ClientPluginHost
- 0x71d47:$x3: NanoCore.ClientPluginHost
- 0x81187:$x3: NanoCore.ClientPluginHost
- 0x8b70:$i3: IClientNetwork
|
7.3.rnixgfly.exe.367fdae.2.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x8b7f:$a: NanoCore
- 0x8ba5:$a: NanoCore
- 0x8c01:$a: NanoCore
- 0x15a56:$a: NanoCore
- 0x15aaf:$a: NanoCore
- 0x15ae2:$a: NanoCore
- 0x15d0e:$a: NanoCore
- 0x15d8a:$a: NanoCore
- 0x163a3:$a: NanoCore
- 0x164ec:$a: NanoCore
- 0x169c0:$a: NanoCore
- 0x16ca7:$a: NanoCore
- 0x16cbe:$a: NanoCore
- 0x1c25c:$a: NanoCore
- 0x1c2d6:$a: NanoCore
- 0x20e73:$a: NanoCore
- 0x2222d:$a: NanoCore
- 0x22277:$a: NanoCore
- 0x22ed1:$a: NanoCore
- 0x2bc99:$a: NanoCore
- 0x2bd83:$a: NanoCore
|
7.3.rnixgfly.exe.367fdae.2.raw.unpack | Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown | - 0x8ba5:$a1: NanoCore.ClientPluginHost
- 0x15d0e:$a1: NanoCore.ClientPluginHost
- 0x1c25c:$a1: NanoCore.ClientPluginHost
- 0x2222d:$a1: NanoCore.ClientPluginHost
- 0x2bc99:$a1: NanoCore.ClientPluginHost
- 0x360c4:$a1: NanoCore.ClientPluginHost
- 0x410a1:$a1: NanoCore.ClientPluginHost
- 0x4ce43:$a1: NanoCore.ClientPluginHost
- 0x71d47:$a1: NanoCore.ClientPluginHost
- 0x81187:$a1: NanoCore.ClientPluginHost
- 0x8b7f:$a2: NanoCore.ClientPlugin
- 0x15d8a:$a2: NanoCore.ClientPlugin
- 0x1c2d6:$a2: NanoCore.ClientPlugin
- 0x22277:$a2: NanoCore.ClientPlugin
- 0x2bd83:$a2: NanoCore.ClientPlugin
- 0x36164:$a2: NanoCore.ClientPlugin
- 0x41078:$a2: NanoCore.ClientPlugin
- 0x4ce1a:$a2: NanoCore.ClientPlugin
- 0x71d1e:$a2: NanoCore.ClientPlugin
- 0x81162:$a2: NanoCore.ClientPlugin
- 0x81178:$b4: IClientAppHost
|
Click to see the 288 entries |