bd4f0d1fca038b6d7744a9c8b397bc53[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

bd4f0d1fca038b6d7744a9c8b397bc53.bin
Size

4.7MB
MD5

f19597b598f65824cae47b7214d34ff6
SHA1

9ea46c7687f7e3a9028045bca189d36cbf7048a7
SHA256

33ea3291888e65cd2787c30b6fca559f77c6039e8d003d04be5d1d03632de3c8
SHA512

94c84365cb45bc202fd52782ff73ceba46933da70c8909fd983a36cfe3cb5dd6ffc24e2c4fc2fc03d3db711120b483ce2d396cf31b0b83e8aeb03b51e2d08f6a
SSDEEP

49152:mjhTGW/Y5MuKMXJJZmVGXM3Sgg6au6nQS7:ml6MuK+mxDXaT57

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 2 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
static1/unpack002/ntask.exe	net_reactor
static1/unpack001/ntask.exe	net_reactor

Files

bd4f0d1fca038b6d7744a9c8b397bc53.bin
.zip

Password: infected
e4546356ee0bbf198bafc760d7fda14d5dc20449c432408cfeaccf8b7a18f837.zip
.zip

Password: infected
ntask.exe
.exe windows x64

Password: infected

Code Sign

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:ba
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16-01-2020 00:00

Not After

16-04-2022 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:ba
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16-01-2020 00:00

Not After

16-04-2022 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:c9:1d:81:66:35:a9:f4:33:ed:bb:8f:68:f0:f5:67:97:56:5c:23:93:95:77:3f:c3:a4:4b:4f:23:9d:c5:72
Signer

Actual PE Digest

7d:c9:1d:81:66:35:a9:f4:33:ed:bb:8f:68:f0:f5:67:97:56:5c:23:93:95:77:3f:c3:a4:4b:4f:23:9d:c5:72

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

08-12-2021 09:26
Valid: true

Chain 1

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

b2:f4:06:ce:b0:29:e7:f3:29:e6:4f:23:02:86:5d:b7:7b:e4:03:f6
Signer

Actual PE Digest

b2:f4:06:ce:b0:29:e7:f3:29:e6:4f:23:02:86:5d:b7:7b:e4:03:f6

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

08-12-2021 09:26
Valid: true

Chain 1

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ntask.exe
.exe windows x64

Password: infected

Code Sign

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:ba
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16-01-2020 00:00

Not After

16-04-2022 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:ba
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16-01-2020 00:00

Not After

16-04-2022 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:c9:1d:81:66:35:a9:f4:33:ed:bb:8f:68:f0:f5:67:97:56:5c:23:93:95:77:3f:c3:a4:4b:4f:23:9d:c5:72
Signer

Actual PE Digest

7d:c9:1d:81:66:35:a9:f4:33:ed:bb:8f:68:f0:f5:67:97:56:5c:23:93:95:77:3f:c3:a4:4b:4f:23:9d:c5:72

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

08-12-2021 09:26
Valid: true

Chain 1

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

b2:f4:06:ce:b0:29:e7:f3:29:e6:4f:23:02:86:5d:b7:7b:e4:03:f6
Signer

Actual PE Digest

b2:f4:06:ce:b0:29:e7:f3:29:e6:4f:23:02:86:5d:b7:7b:e4:03:f6

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

08-12-2021 09:26
Valid: true

Chain 1

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

Code Sign

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:baCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:baCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

7d:c9:1d:81:66:35:a9:f4:33:ed:bb:8f:68:f0:f5:67:97:56:5c:23:93:95:77:3f:c3:a4:4b:4f:23:9d:c5:72Signer

Signature Validations

Verification

08-12-2021 09:26 Valid: true

Chain 1

b2:f4:06:ce:b0:29:e7:f3:29:e6:4f:23:02:86:5d:b7:7b:e4:03:f6Signer

Signature Validations

Verification

08-12-2021 09:26 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

Password: infected

Code Sign

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:baCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:baCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

7d:c9:1d:81:66:35:a9:f4:33:ed:bb:8f:68:f0:f5:67:97:56:5c:23:93:95:77:3f:c3:a4:4b:4f:23:9d:c5:72Signer

Signature Validations

Verification

08-12-2021 09:26 Valid: true

Chain 1

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:ba
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:ba
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

7d:c9:1d:81:66:35:a9:f4:33:ed:bb:8f:68:f0:f5:67:97:56:5c:23:93:95:77:3f:c3:a4:4b:4f:23:9d:c5:72
Signer

08-12-2021 09:26
Valid: true

b2:f4:06:ce:b0:29:e7:f3:29:e6:4f:23:02:86:5d:b7:7b:e4:03:f6
Signer

08-12-2021 09:26
Valid: true

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:ba
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:ba
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

7d:c9:1d:81:66:35:a9:f4:33:ed:bb:8f:68:f0:f5:67:97:56:5c:23:93:95:77:3f:c3:a4:4b:4f:23:9d:c5:72
Signer

08-12-2021 09:26
Valid: true

b2:f4:06:ce:b0:29:e7:f3:29:e6:4f:23:02:86:5d:b7:7b:e4:03:f6
Signer

08-12-2021 09:26
Valid: true

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB