WAGNER[.]7z | Triage

General

Target

WAGNER.7z
Size

382KB
MD5

8b8ef9d859a3422ec6caa9e6a706f10a
SHA1

1e71a997d14e782dcbbc710a406c5f7d470db1e7
SHA256

9233be63d0e708bf6c9223dff0388e9f8d36e3626a5a198c3aebff90682133d3
SHA512

0406a05289d0793305a798beed5166d53d6ceafed3e19f53b4535a8983251cc42e148b6fa0813398275ebedf0ce878d3105ad4d15ed0481905a93ad38e1bfec6
SSDEEP

6144:zH8tgo+gntHza/EQOuFrb7BGpw5Qa8laNp9LMXsP2pexBbY8ems32x0Ja4Z+85d5:zcyo+gntTall4wfrKPaY+4Z+8LwKg0

Score

7^/10

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
static1/unpack001/WAGNER.exe	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WAGNER.exe

WAGNER.7z
.7z

Password: LЧVЮ=7vЛ+ыПЫнiбф4!ФWщЮ;NгЯЭБm=ы[;_U9WЩбW#u&j&m?-++жЦhq№fЖтjы%ч$ж}ю4мUя4бЫ;Г:Цвё~Ш9ЁЖ{Гj4VfFh_j;Ёvн9#
WAGNER.exe
.exe windows x86

Password: LЧVЮ=7vЛ+ыПЫнiбф4!ФWщЮ;NгЯЭБm=ы[;_U9WЩбW#u&j&m?-++жЦhq№fЖтjы%ч$ж}ю4мUя4бЫ;Г:Цвё~Ш9ЁЖ{Гj4VfFh_j;Ёvн9#

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ