Extended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
897b63dc56623c54120c95340a7e8c416786dbc18bb03dae3300ab2fd57e928a.exe
Resource
win7-20231129-en
Target
f18bb1edd3ae7b63144e96132ce9aefb.bin
Size
4.1MB
MD5
03d004d53b58f5a5a7ed0198ef775ad6
SHA1
52e190155c2aa462ae9b6bb8a9dc5ab0655a453a
SHA256
89f9caea29343d0a92b7a2cf4c3d675fe36ed7559f1f5fb389d8ee616023d1da
SHA512
c6e98dce3a583a71f3e2d07c65793ec278c5971985be16bb42945d17d674b4b5dd700d8921f052d3ffb19fa8604d6845126d291f40b37e9d5cf1ebaea7ef0cce
SSDEEP
98304:n4X9G5TE4Pzu2OQdDqowkfHEDGdhpFUey3i15Z:nmYXrOmDqhahpTF5Z
| resource | yara_rule |
|---|---|
| static1/unpack001/897b63dc56623c54120c95340a7e8c416786dbc18bb03dae3300ab2fd57e928a.exe | family_zgrat_v1 |
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
| resource | yara_rule |
|---|---|
| static1/unpack001/897b63dc56623c54120c95340a7e8c416786dbc18bb03dae3300ab2fd57e928a.exe | net_reactor |
ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ