3fabbcc26d85c25716e82b0113fc8ef25c5ee74b8670ecc102757f84e534b46f

Sharing

Copy URL Twitter E-mail

General

Target

3fabbcc26d85c25716e82b0113fc8ef25c5ee74b8670ecc102757f84e534b46f
Size

250KB
MD5

405ef55c5b98e7028e83c42bc06b76f0
SHA1

ad2dcbe5e94190936c3e83f8abb0c2f0c79a4323
SHA256

3fabbcc26d85c25716e82b0113fc8ef25c5ee74b8670ecc102757f84e534b46f
SHA512

568ad5b743c7b639344851feca0e79a067b5d6dbab606778795813adef487b446fb966761f58903f1a228d7f0591a74803e9b03a218eed8a90c3b9d4232ceaf5
SSDEEP

6144:yv7weSZB9WfHarXji0kCjMof46J/x6i7jQP:ReS9WfHabjvrImfsi7m

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
static1/unpack001/官方自助出票终端.exe	net_reactor

Files

3fabbcc26d85c25716e82b0113fc8ef25c5ee74b8670ecc102757f84e534b46f
.zip
官方自助出票终端.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0a
Certificate

Issuer

CN=TrustAsia SHA2 Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

29/01/2018, 05:43

Not After

29/01/2020, 05:43

Subject

CN=亚洲诚信代码签名测试证书SHA2,O=亚数信息科技（上海）有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06
Certificate

Issuer

CN=TrustAsia Root CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

01/01/2015, 07:48

Not After

30/12/2025, 07:48

Subject

CN=TrustAsia SHA2 Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a
Certificate

Issuer

CN=TrustAsia SHA2 Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

29/01/2018, 05:43

Not After

29/01/2020, 05:43

Subject

CN=亚洲诚信代码签名测试证书SHA2,O=亚数信息科技（上海）有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06
Certificate

Issuer

CN=TrustAsia Root CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

01/01/2015, 07:48

Not After

30/12/2025, 07:48

Subject

CN=TrustAsia SHA2 Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:fc:77:93:26:8e:db:3f:5e:67:d8:84:f0:b3:f1:a8:ce:6b:d6:d7:a4:45:9b:3f:51:bc:66:54:90:ae:bf:0b
Signer

Actual PE Digest

4c:fc:77:93:26:8e:db:3f:5e:67:d8:84:f0:b3:f1:a8:ce:6b:d6:d7:a4:45:9b:3f:51:bc:66:54:90:ae:bf:0b

Digest Algorithm

sha256

PE Digest Matches

true

be:f8:03:5c:25:02:47:7a:69:4a:7b:63:0d:68:1e:4f:ab:44:8c:bf
Signer

Actual PE Digest

be:f8:03:5c:25:02:47:7a:69:4a:7b:63:0d:68:1e:4f:ab:44:8c:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
打不开点我修复点击（是）修复成功.chm
.chm

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0aCertificate

Extended Key Usages

Key Usages

06Certificate

Extended Key Usages

Key Usages

0aCertificate

Extended Key Usages

Key Usages

06Certificate

Extended Key Usages

Key Usages

4c:fc:77:93:26:8e:db:3f:5e:67:d8:84:f0:b3:f1:a8:ce:6b:d6:d7:a4:45:9b:3f:51:bc:66:54:90:ae:bf:0bSigner

be:f8:03:5c:25:02:47:7a:69:4a:7b:63:0d:68:1e:4f:ab:44:8c:bfSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 73KB - Virtual size: 72KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

0a
Certificate

06
Certificate

0a
Certificate

06
Certificate

4c:fc:77:93:26:8e:db:3f:5e:67:d8:84:f0:b3:f1:a8:ce:6b:d6:d7:a4:45:9b:3f:51:bc:66:54:90:ae:bf:0b
Signer

be:f8:03:5c:25:02:47:7a:69:4a:7b:63:0d:68:1e:4f:ab:44:8c:bf
Signer

.text
Size: 73KB - Virtual size: 72KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B