Static task
static1
Behavioral task
behavioral1
Sample
db2b38258707432f6ff76fec06aa4150cd8eb57994ff23863078efab2bc42e10.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
db2b38258707432f6ff76fec06aa4150cd8eb57994ff23863078efab2bc42e10.exe
Resource
win10v2004-en-20220113
General
-
Target
db2b38258707432f6ff76fec06aa4150cd8eb57994ff23863078efab2bc42e10
-
Size
690KB
-
MD5
27612a1c9b24892d269a6dc74f52a969
-
SHA1
c98dd2ca6c60055ceef283e2633f05ac1dcd27c9
-
SHA256
db2b38258707432f6ff76fec06aa4150cd8eb57994ff23863078efab2bc42e10
-
SHA512
34ea857eab0b068d707e89a6c1158bb68608241cd08a4896ea0d5219337f22739ccebc1e32f6b477ad7473e4b4ce24c3f8b75c64b1b8182edc1e548eef35fd31
-
SSDEEP
12288:FcPIX+tQiCMK1k+VhGmCvbOtx2x+PtNaoNDjYbyqsyBb2:qP8+tNCMYwyOatNaoNDjYbyqsyBb2
Malware Config
Signatures
-
ReZer0 packer 1 IoCs
Detects ReZer0, a packer with multiple versions used in various campaigns.
Processes:
resource yara_rule sample rezer0
Files
-
db2b38258707432f6ff76fec06aa4150cd8eb57994ff23863078efab2bc42e10.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 687KB - Virtual size: 687KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ