3jylu[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3jylu.exe
Size

1.4MB
MD5

32cc94050f57fbb4f55017ef9db5f75b
SHA1

eb31440b5a2de5e9e3b92aa0451eea5db8dce130
SHA256

2a2570f4ee8db070a14de197ddd328260059b63528d8eaf3e0d39972a88161bf
SHA512

d4bf522ecbba3ab770a7dc25c83076f9848a155d7bbb9af43ff41939868a37df0ca62a5309b1280d54a4bd7f7264d1b7ae93c24ed2089a613bd55371a7892529
SSDEEP

24576:kWOI/wYvQLqU6R0QLHYJrQA9TuAu5JS5i3ShZugpj4QUNHND9XdbdK9O:kWOvY4GU65L4JRuAu5JS5i

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Files

3jylu.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ