cb0717d65a69b927a6a64d3d6f07f67c[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cb0717d65a69b927a6a64d3d6f07f67c.bin
Size

403KB
MD5

64f1c5daaa6e25fc40f3edd22bb2ec3f
SHA1

cce3845a1b5961a474ded18a05949617894771c7
SHA256

fa25d0e52e8b4df489041f5cf994683654950b87509c2a3793472c3ac5a19808
SHA512

c09851bd022c3bc0de31ca3414737f920af34daff5bb6853a260b14063ee545cf5a40ad53e621937970a4445f88ab33614c06cf06053740b94361ffc4102a832
SSDEEP

12288:KdQVds/vXOoObd5jKcIWWUE86CqO59i8zOa:KdQV63dOpQFBUE8DX1r

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
static1/unpack001/0bdd6fa1489c0ed18e9aa11d09e6994a48c953d907a862eba9bad0a6f824b07f.exe	net_reactor

Files

cb0717d65a69b927a6a64d3d6f07f67c.bin
.zip

Password: infected
0bdd6fa1489c0ed18e9aa11d09e6994a48c953d907a862eba9bad0a6f824b07f.exe
.exe windows:4 windows x64 arch:x64

Password: infected

Code Sign

3b:21:71:6e:51:33:9e:be:4d:e0:3c:67:ec:c3:1c:c0
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/12/2023, 19:19

Not After

31/12/2039, 23:59

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

5b:a2:55:01:da:e9:7e:c0:47:98:5a:f1:c6:8d:42:d9:52:2d:a3:64
Signer

Actual PE Digest

5b:a2:55:01:da:e9:7e:c0:47:98:5a:f1:c6:8d:42:d9:52:2d:a3:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ