2301051321091[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2301051321091.exe
Size

453KB
MD5

cb0717d65a69b927a6a64d3d6f07f67c
SHA1

0a683ecda9e0b1d1984b6a1c76b6b9263d46c1c8
SHA256

0bdd6fa1489c0ed18e9aa11d09e6994a48c953d907a862eba9bad0a6f824b07f
SHA512

c8447c70e96ec51bdeed369876bd4b34fc54957b1d006cc31f7d6ad2ed7b68d32c2424536634cc0f033e47084e983e4dbdd725c4d24230ab1075a03f7ffbdb8e
SSDEEP

12288:lueAlvS+8Qyh6HQUavuhrnSaCuUncPxsmopSUz0W:lueAlv8Hh6uWp/Cu+cPXopSUzt

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Files

2301051321091.exe
.exe windows:4 windows x64 arch:x64

Code Sign

3b:21:71:6e:51:33:9e:be:4d:e0:3c:67:ec:c3:1c:c0
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/12/2023, 19:19

Not After

31/12/2039, 23:59

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

5b:a2:55:01:da:e9:7e:c0:47:98:5a:f1:c6:8d:42:d9:52:2d:a3:64
Signer

Actual PE Digest

5b:a2:55:01:da:e9:7e:c0:47:98:5a:f1:c6:8d:42:d9:52:2d:a3:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ