spoof[.]exe | Triage

Resubmissions

06/05/2023, 22:30

06/05/2023, 22:23

Target

spoof.exe
Size

568KB
MD5

9f644bb770da1f86b1bb04e1ac8d2621
SHA1

85be18c700bf2488f070a6b3d7dda7adc05b32e0
SHA256

868be91cc3f077f5bd22360498271aab974d7affe544dddbc6829d66760d12d8
SHA512

ae64dc2f0c16c2bc94bf404c4600ad0133cba3c28855474cf14ca7762dfc51b865f0923127f78979e1e75b46f3cc9c6c17a53824afe94f3ee7e04eee5929d593
SSDEEP

6144:VZMN3sm2eElsdMXpiZDJ2wbJJKLZq/uHtI3Ms5IBzNoBq/rHMoajatM2jw:zuqeElsdMX88gJK9SctS6uqTraGnc

Score

7^/10

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
spoof.exe