1bcd409bc9efcd48dfbc3dbd26e0071c[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

1bcd409bc9efcd48dfbc3dbd26e0071c.bin
Size

1.3MB
MD5

e728189524b8ff97d9ff07db296a5c3a
SHA1

7f83431011af1814bba03579060d3af77bea4c55
SHA256

c3a3c1a964e108919e3217614ac4754fa9f4cf37f370019645aaa277547bf372
SHA512

6477ef036e002e2cf5748bfcfa890f09926c116a45eb6c87e050ae38b0b502fb3f0023ad3f45ec3ed6a082b0c93e70572c583123db98efb39dba9cce6c31530c
SSDEEP

24576:LJE5A2w1CSQ8i/1BjVyVXKNeaHH14HThWbpC+qwtJFUYREvPQZ:LJEsI8E1+XaeE+ThWbsrGUYR2O

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
static1/unpack001/515006e6eecad0418c6c3980a258dfc6e9f8ff8dacc801298b445c25017beb29.exe	net_reactor

Files

1bcd409bc9efcd48dfbc3dbd26e0071c.bin
.zip

Password: infected
515006e6eecad0418c6c3980a258dfc6e9f8ff8dacc801298b445c25017beb29.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

1e:70:96:d9:2b:da:c5:b1:4f:da:da:ce:d4:ed:7f:3e
Certificate

Issuer

CN=Logitech Pebble M350 Off-White

Not Before

19/07/2023, 14:06

Not After

20/07/2033, 14:06

Subject

CN=Logitech Pebble M350 Off-White

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:77:fa:dc:5a:e0:d3:97:ce:52:21:0a:a5:f4:e4:ca:96:36:25:ad:1f:b3:83:ab:da:d5:d1:3a:20:f2:6e:2f
Signer

Actual PE Digest

8b:77:fa:dc:5a:e0:d3:97:ce:52:21:0a:a5:f4:e4:ca:96:36:25:ad:1f:b3:83:ab:da:d5:d1:3a:20:f2:6e:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

1e:70:96:d9:2b:da:c5:b1:4f:da:da:ce:d4:ed:7f:3eCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8b:77:fa:dc:5a:e0:d3:97:ce:52:21:0a:a5:f4:e4:ca:96:36:25:ad:1f:b3:83:ab:da:d5:d1:3a:20:f2:6e:2fSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 214KB - Virtual size: 214KB

.reloc Size: 512B - Virtual size: 12B

1e:70:96:d9:2b:da:c5:b1:4f:da:da:ce:d4:ed:7f:3e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8b:77:fa:dc:5a:e0:d3:97:ce:52:21:0a:a5:f4:e4:ca:96:36:25:ad:1f:b3:83:ab:da:d5:d1:3a:20:f2:6e:2f
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 214KB - Virtual size: 214KB

.reloc
Size: 512B - Virtual size: 12B