09e61eb3f5951880bf0bd3dd5[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

09e61eb3f5951880bf0bd3dd5.bin
Size

808KB
MD5

4c5f18c4069194b9b7a73eaf4f09a4a3
SHA1

624e7939d918381cd67b764c928cd82e910a6708
SHA256

864dd6c8eda6e622fb9e08022f76efe6551bc8c4df64216eb9abd7552b192a56
SHA512

1d21d47957b2d534474eb518ece167a94c374a9d10ed1988aaa4f3ed467dd5e59feb55c19d429a82b9711f577548eddc6d1a25ad5d5593a2ef537cba4b78527f
SSDEEP

24576:a444HwalOgWw1VEmRZhow4a3mRgkAGsSxB:aXjaQgWw1VEaZK63mRwG9

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
static1/unpack001/a4df733d5bc4d0c50249f228bd100ac4bffd19a330d57363039a1d0f18bd56f0.exe	net_reactor

Files

09e61eb3f5951880bf0bd3dd5.bin
.zip

Password: infected
a4df733d5bc4d0c50249f228bd100ac4bffd19a330d57363039a1d0f18bd56f0.exe
.exe windows x64

Code Sign

6a:e7:30:c2:2c:ef:5c:b0:43:c9:fc:8b:3d:40:c7:f9
Certificate

Issuer

CN=Samsung Neo QLED 8K Smart TV QE85QN900BU

Not Before

27-06-2023 12:40

Not After

28-06-2033 12:40

Subject

CN=Samsung Neo QLED 8K Smart TV QE85QN900BU

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:b2:12:06:e6:ec:d8:29:25:4b:81:ed:d5:7d:67:6f:04:f9:f5:2d:24:96:b7:46:09:98:9a:0d:93:73:58:2a
Signer

Actual PE Digest

27:b2:12:06:e6:ec:d8:29:25:4b:81:ed:d5:7d:67:6f:04:f9:f5:2d:24:96:b7:46:09:98:9a:0d:93:73:58:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

6a:e7:30:c2:2c:ef:5c:b0:43:c9:fc:8b:3d:40:c7:f9Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

27:b2:12:06:e6:ec:d8:29:25:4b:81:ed:d5:7d:67:6f:04:f9:f5:2d:24:96:b7:46:09:98:9a:0d:93:73:58:2aSigner

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 262KB - Virtual size: 262KB

6a:e7:30:c2:2c:ef:5c:b0:43:c9:fc:8b:3d:40:c7:f9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

27:b2:12:06:e6:ec:d8:29:25:4b:81:ed:d5:7d:67:6f:04:f9:f5:2d:24:96:b7:46:09:98:9a:0d:93:73:58:2a
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 262KB - Virtual size: 262KB