file | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

file
Size

1.8MB
MD5

08bd9f40d1e009c3ea0475aed29e597a
SHA1

93eb930b3b54dce404916daa9d7761aa7f23bc4e
SHA256

f0f756cdd6211e7ccaa203844abf95f2993dd2c1033fde42f5e17ba10adb67e6
SHA512

ccc43b7355cf1f0d25ad7dddfde189e7d288e489921ee520861a12921ed2a9b12438a28f86bc14c6c69902ebd6d73e3d0db3ad63a2954ca1f7960d74eb56fe92
SSDEEP

49152:3JfC7C2mJOTXP3NWpItn+id8pq+Z6Q2Xr7oX1f00/gZv+1X2J+lX:7XTU+1X2JG

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Files

file
.exe windows x64

Code Sign

19:c8:f4:eb:a2:94:21:a3:44:ee:51:01:4a:50:87:c2
Certificate

Issuer

CN=Philips BHD827 Series 9000 (white/gold)

Not Before

25-06-2023 20:10

Not After

26-06-2033 20:10

Subject

CN=Philips BHD827 Series 9000 (white/gold)

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:5c:a3:a7:5f:07:0b:d3:0e:5f:41:cf:e0:c5:7b:70:9f:7e:95:c8:17:2f:52:82:27:ec:e2:a2:00:f9:c4:2d
Signer

Actual PE Digest

30:5c:a3:a7:5f:07:0b:d3:0e:5f:41:cf:e0:c5:7b:70:9f:7e:95:c8:17:2f:52:82:27:ec:e2:a2:00:f9:c4:2d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 610KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

19:c8:f4:eb:a2:94:21:a3:44:ee:51:01:4a:50:87:c2Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

30:5c:a3:a7:5f:07:0b:d3:0e:5f:41:cf:e0:c5:7b:70:9f:7e:95:c8:17:2f:52:82:27:ec:e2:a2:00:f9:c4:2dSigner

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 610KB - Virtual size: 610KB

19:c8:f4:eb:a2:94:21:a3:44:ee:51:01:4a:50:87:c2
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

30:5c:a3:a7:5f:07:0b:d3:0e:5f:41:cf:e0:c5:7b:70:9f:7e:95:c8:17:2f:52:82:27:ec:e2:a2:00:f9:c4:2d
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 610KB - Virtual size: 610KB