Static task
static1
General
-
Target
RexonFREE_1.dll
-
Size
2.4MB
-
MD5
8c7ebd0892df23b1450b4dd9f0db8242
-
SHA1
ec910aa060439b480c3afc6986bf582c796d1b7b
-
SHA256
5b13da621ebb7ebcd221e26b2fc1326ae61d80a3eb1cf2e815f45e0264e11ae0
-
SHA512
ca2ae2bf75f6e3783c9f85778f196b9f3460a46fb6fa615707f1a098f1120b0946ea1c40f1f1db769d10758e9d790e821239c43d1a116e251688a61df9893f8d
-
SSDEEP
49152:ghU5yaPfP0sJwmRNoREk7I3YFwtxPyhuGdEt9/lzIkhnaoaL7ZjXq+ODVThBJ6w9:guyY83swdETg4kloXgSLR/k
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RexonFREE_1.dll
Files
-
RexonFREE_1.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ