Static task
static1
Behavioral task
behavioral1
Sample
5a309fcd09092bd21ea6215b470d439d9c2aaf875f70553aa627f4b5b41b3e38.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5a309fcd09092bd21ea6215b470d439d9c2aaf875f70553aa627f4b5b41b3e38.exe
Resource
win10v2004-en-20220113
General
-
Target
5a309fcd09092bd21ea6215b470d439d9c2aaf875f70553aa627f4b5b41b3e38
-
Size
585KB
-
MD5
46b33a01ddc74f6ed96a3793744eedfd
-
SHA1
654f6e185b5ab4a0a98c36d8b24d7f6399c8a61a
-
SHA256
5a309fcd09092bd21ea6215b470d439d9c2aaf875f70553aa627f4b5b41b3e38
-
SHA512
6635af0047324d7fdc018eb42339dd75b165daeb5ebd468b5fa27ec877b23ee05bd7f540790af2053822d62784cfe6cc5f12b87d0d738289225f4f2d5c903673
-
SSDEEP
12288:ZwP0qEuB7jvFo2TjWcH1E3wA9LC+aEXPhWfkd5y3:S0li77Ft3E3f9LCFE/UO5E
Malware Config
Signatures
-
ReZer0 packer 1 IoCs
Detects ReZer0, a packer with multiple versions used in various campaigns.
Processes:
resource yara_rule sample rezer0
Files
-
5a309fcd09092bd21ea6215b470d439d9c2aaf875f70553aa627f4b5b41b3e38.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 583KB - Virtual size: 582KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ