ba599f33457c052c91336184f43431c2f46b94178e3aec4210b133ce696a78c1

Sharing

Copy URL Twitter E-mail

General

Target

ba599f33457c052c91336184f43431c2f46b94178e3aec4210b133ce696a78c1
Size

2.9MB
MD5

fcc1cf51ee01a96049ad25c7f9fee9e3
SHA1

128d07069804094c338326f426c95c1246a1bcfe
SHA256

ba599f33457c052c91336184f43431c2f46b94178e3aec4210b133ce696a78c1
SHA512

64fd9f9c5bf6f8c0fb2403b9b811a1ce3d90b1ba350c431950249dd6d53b16ee9f938568cacc007e23eb4e4444f2277af0d99017c2e308945d05bdd5731d1af5
SSDEEP

24576:VaE6jzJmf3RKvvsAFUsPI4MAIGHmEqAGIRqkHU5JEr7Cucwv538T6es2yZ:wfzJmf3RavsAFUsgyIQfGIok7CuhGUJ

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Files

ba599f33457c052c91336184f43431c2f46b94178e3aec4210b133ce696a78c1
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

37:74:43:4f:9e:b4:0e:22:1f:92:36:ca:1f:2f:27:17
Certificate

Issuer

CN=Sectigo Public Code Signing Root E46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV E36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d5:b3:60:02:89:59:a2:7f:84:65:c9:e6:b1:8d:ba:cb
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/02/2023, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root E46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:8c:3b:8f:ce:bc:8d:7b:9f:ba:21:ac:63:8e:d4:07
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV E36,O=Sectigo Limited,C=GB

Not Before

04/07/2023, 00:00

Not After

01/07/2024, 23:59

Subject

SERIALNUMBER=7811934579,CN=ZACH TEL SP Z O O,O=ZACH TEL SP Z O O,ST=Wielkopolskie,C=PL,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302504c

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

13:2a:a3:ba:50:eb:73:6a:11:91:eb:6c:79:ab:7e:67:d9:c2:af:b8:88:62:43:1e:a8:5d:09:68:5c:51:47:5a
Signer

Actual PE Digest

13:2a:a3:ba:50:eb:73:6a:11:91:eb:6c:79:ab:7e:67:d9:c2:af:b8:88:62:43:1e:a8:5d:09:68:5c:51:47:5a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

37:74:43:4f:9e:b4:0e:22:1f:92:36:ca:1f:2f:27:17Certificate

Extended Key Usages

Key Usages

d5:b3:60:02:89:59:a2:7f:84:65:c9:e6:b1:8d:ba:cbCertificate

Extended Key Usages

Key Usages

ef:8c:3b:8f:ce:bc:8d:7b:9f:ba:21:ac:63:8e:d4:07Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

13:2a:a3:ba:50:eb:73:6a:11:91:eb:6c:79:ab:7e:67:d9:c2:af:b8:88:62:43:1e:a8:5d:09:68:5c:51:47:5aSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 512B - Virtual size: 12B

37:74:43:4f:9e:b4:0e:22:1f:92:36:ca:1f:2f:27:17
Certificate

d5:b3:60:02:89:59:a2:7f:84:65:c9:e6:b1:8d:ba:cb
Certificate

ef:8c:3b:8f:ce:bc:8d:7b:9f:ba:21:ac:63:8e:d4:07
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

13:2a:a3:ba:50:eb:73:6a:11:91:eb:6c:79:ab:7e:67:d9:c2:af:b8:88:62:43:1e:a8:5d:09:68:5c:51:47:5a
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 512B - Virtual size: 12B