3fd42a6d47f7d910b16bd1e7d280dc1d9ba62e096ef940ac7d90d51a7b5cb0fd

Sharing

Copy URL Twitter E-mail

General

Target

3fd42a6d47f7d910b16bd1e7d280dc1d9ba62e096ef940ac7d90d51a7b5cb0fd
Size

147.6MB
MD5

582c3f0df99f7b99506fb781630a2c3b
SHA1

787f7a69139c009d83bd3aae5889a43d6799ba97
SHA256

3fd42a6d47f7d910b16bd1e7d280dc1d9ba62e096ef940ac7d90d51a7b5cb0fd
SHA512

cf2596fb637c084dcd4dfa423aa5713b31d552c422d69b93ab26425dd28712203867457c82c508ea70101d0aa2cc8926196ef89f20a2a7c72195795b561ebd38
SSDEEP

786432:rCZzdLN4v1SoNjWPNLd1pQshPQLnXni9vyM/52nyMh8sai:rIdJU1JNSPtyLXi9vOn6O

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fd42a6d47f7d910b16bd1e7d280dc1d9ba62e096ef940ac7d90d51a7b5cb0fd

Files

3fd42a6d47f7d910b16bd1e7d280dc1d9ba62e096ef940ac7d90d51a7b5cb0fd
.exe windows:6 windows x64 arch:x64

b2c1d56adb58f6a1074f417735626eb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb

Imports

kernel32

RaiseException
FreeLibrary
SetErrorMode
RaiseFailFastException
GetExitCodeProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
MultiByteToWideChar
GetTickCount
FlushInstructionCache
QueryPerformanceFrequency
QueryPerformanceCounter
RtlLookupFunctionEntry
LocateXStateFeature
RtlDeleteFunctionTable
InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead
GetTickCount64
DuplicateHandle
QueueUserAPC
WaitForSingleObjectEx
SetThreadPriority
GetThreadPriority
GetCurrentThreadId
TlsAlloc
GetCurrentThread
GetCurrentProcessId
CreateThread
GetModuleHandleW
WaitForMultipleObjectsEx
SignalObjectAndWait
RtlCaptureContext
SetThreadStackGuarantee
VirtualQuery
WriteFile
GetStdHandle
GetConsoleOutputCP
MapViewOfFileEx
UnmapViewOfFile
GetStringTypeExW
InterlockedPopEntrySList
ExitProcess
Sleep
CreateMemoryResourceNotification
VirtualAlloc
VirtualFree
VirtualProtect
SleepEx
SwitchToThread
SuspendThread
ResumeThread
InitializeContext
SetXStateFeaturesMask
RtlRestoreContext
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
ReadFile
GetFileSize
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateEventW
SetEvent
ResetEvent
GetThreadContext
SetThreadContext
GetEnabledXStateFeatures
CopyContext
WerRegisterRuntimeExceptionModule
RtlInstallFunctionTableCallback
GetSystemDefaultLCID
GetUserDefaultLCID
RtlUnwind
HeapAlloc
HeapFree
GetProcessHeap
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
CreateSemaphoreExW
ReleaseSemaphore
GetACP
LCMapStringEx
LocalFree
VerSetConditionMask
VerifyVersionInfoW
QueryThreadCycleTime
GetLogicalProcessorInformationEx
SetThreadGroupAffinity
GetThreadGroupAffinity
GetProcessGroupAffinity
GetCurrentProcessorNumberEx
GetProcessAffinityMask
QueryInformationJobObject
CreateFileMappingW
GetSystemTimeAsFileTime
GetModuleFileNameW
CreateProcessW
GetCPInfo
CloseHandle
GetTempPathW
LoadLibraryExW
CreateFileW
GetFileAttributesExW
GetFullPathNameW
LoadLibraryExA
OutputDebugStringA
OpenEventW
ReleaseMutex
ExitThread
CreateMutexW
HeapReAlloc
CreateNamedPipeA
WaitForMultipleObjects
DisconnectNamedPipe
CreateFileA
CancelIoEx
GetOverlappedResult
ConnectNamedPipe
FlushFileBuffers
SetFilePointer
MapViewOfFile
GetActiveProcessorGroupCount
GetSystemTime
SetConsoleCtrlHandler
GetLocaleInfoEx
GetUserDefaultLocaleName
RtlAddFunctionTable
LoadLibraryW
CreateDirectoryW
RemoveDirectoryW
CreateActCtxW
ActivateActCtx
FindResourceW
GetWindowsDirectoryW
GetFileSizeEx
FindFirstFileExW
FindNextFileW
FindClose
LoadLibraryA
GetCurrentDirectoryW
IsWow64Process
EncodePointer
DecodePointer
CreateFileMappingA
TlsSetValue
TlsGetValue
GetSystemInfo
GetCurrentProcess
OutputDebugStringW
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
GetProcAddress
GetModuleHandleExW
SetThreadErrorMode
WideCharToMultiByte
FlushProcessWriteBuffers
SetLastError
DebugBreak
WaitForSingleObject
GetNumaHighestNodeNumber
SetThreadAffinityMask
SetThreadIdealProcessorEx
GetThreadIdealProcessorEx
VirtualAllocExNuma
GetNumaProcessorNodeEx
VirtualUnlock
GetLargePageMinimum
IsProcessInJob
K32GetProcessMemoryInfo
GetLogicalProcessorInformation
GlobalMemoryStatusEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlVirtualUnwind
IsProcessorFeaturePresent
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsFree
RtlPcToFileHeader
InitializeConditionVariable
WakeConditionVariable
TryAcquireSRWLockExclusive
GetExitCodeThread
GetStringTypeW
InitializeCriticalSectionEx
GetLastError

advapi32

GetSidSubAuthority
AdjustTokenPrivileges
RegGetValueW
SetKernelObjectSecurity
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
SetThreadToken
RevertToSelf
OpenThreadToken
EventWriteTransfer
EventWrite
LookupPrivilegeValueW

ole32

CreateStreamOnHGlobal
CoRevokeInitializeSpy
CoGetClassObject
CoGetContextToken
CoGetObjectContext
CoUnmarshalInterface
CoMarshalInterface
CoGetMarshalSizeMax
CLSIDFromProgID
CoReleaseMarshalData
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoInitializeEx
CoRegisterInitializeSpy
CoWaitForMultipleHandles
CoUninitialize
CoCreateFreeThreadedMarshaler

oleaut32

GetRecordInfoFromTypeInfo
VariantInit
VariantClear
SafeArrayAllocDescriptorEx
SafeArraySetRecordInfo
VariantChangeTypeEx
VariantChangeType
SafeArrayGetVartype
SafeArrayAllocData
SysFreeString
GetErrorInfo
SafeArrayGetElemsize
SetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString
SafeArrayCreateVector
SysAllocStringLen
SafeArrayPutElement
LoadRegTypeLi
CreateErrorInfo
LoadTypeLibEx
QueryPathOfRegTypeLi
SafeArrayDestroy
VarCyFromDec
SafeArrayGetLBound
SafeArrayGetDim

user32

LoadStringW
MessageBoxW

shell32

ShellExecuteW

api-ms-win-crt-string-l1-1-0

strncat_s
wcsncat_s
strcmp
wcsnlen
wcscat_s
towupper
iswascii
_strdup
strnlen
strncpy
wcstok_s
isdigit
isalpha
towlower
isupper
iswupper
iswspace
_wcsdup
strtok_s
islower
_wcsnicmp
strcspn
__strncnt
strlen
wcscpy_s
toupper
wcsncpy_s
_wcsicmp
strcpy_s
strcat_s
_strnicmp
tolower
wcsncmp
isspace
strncmp
_stricmp
strncpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsprintf_s
fflush
__stdio_common_vfprintf
__stdio_common_vswprintf
__stdio_common_vfwprintf
fputws
fputwc
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
fgetpos
fgets
fgetc
fputc
_wfsopen
_wfopen
__p__commode
_set_fmode
setvbuf
_setmode
_dup
_fileno
ftell
fseek
__stdio_common_vsnprintf_s
fputs
__acrt_iob_func
__stdio_common_vsnwprintf_s
fwrite
_flushall
fopen
fclose

api-ms-win-crt-runtime-l1-1-0

_get_initial_wide_environment
_initterm
_initterm_e
_exit
_invalid_parameter_noinfo_noreturn
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
_configure_wide_argv
_set_app_type
_beginthreadex
terminate
_controlfp_s
_wcserror_s
_invalid_parameter_noinfo
_seh_filter_exe
_cexit
_errno
_initialize_wide_environment
abort
_crt_atexit
_register_onexit_function
_initialize_onexit_table
exit

api-ms-win-crt-convert-l1-1-0

_ltow_s
atol
wcstoul
_wcstoui64
strtoull
_atoi64
strtoul
_itow_s
_wtoi

api-ms-win-crt-heap-l1-1-0

calloc
free
_set_new_mode
realloc
malloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

cbrtf
atanhf
asinhf
asinh
cbrt
acosh
_fdopen
atanh
fmaf
_copysignf
_isnanf
trunc
truncf
ilogb
ilogbf
fma
floorf
_copysign
_isnan
_finite
frexp
modf
modff
acos
acosf
asin
asinf
atan
atan2
tanhf
atan2f
fmod
fmodf
log
log10
atanf
log10f
log2
log2f
logf
pow
powf
sin
sinf
sinh
sinhf
sqrt
ceil
ceilf
sqrtf
tan
tanf
tanh
cos
cosf
acoshf
cosh
coshf
exp
expf
__setusermatherr
floor

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s
wcsftime

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_unlock_locales
___lc_locale_name_func
localeconv
_lock_locales
_configthreadlocale
___lc_codepage_func
__pctype_func
___mb_cur_max_func
setlocale

api-ms-win-crt-filesystem-l1-1-0

_wrename
_lock_file
_unlock_file
_wremove

Exports

Exports

CLRJitAttachState
DotNetRuntimeInfo
MetaDataGetDispenser
g_CLREngineMetrics
g_dacTable

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CLR_UEF
Size: 512B - Virtual size: 221B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Section
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2c1d56adb58f6a1074f417735626eb2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

user32

shell32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.CLR_UEF Size: 512B - Virtual size: 221B

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 38KB - Virtual size: 128KB

.pdata Size: 222KB - Virtual size: 221KB

.didat Size: 512B - Virtual size: 56B

Section Size: 512B - Virtual size: 8B

_RDATA Size: 77KB - Virtual size: 77KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 6.1MB - Virtual size: 6.1MB

.CLR_UEF
Size: 512B - Virtual size: 221B

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 38KB - Virtual size: 128KB

.pdata
Size: 222KB - Virtual size: 221KB

.didat
Size: 512B - Virtual size: 56B

Section
Size: 512B - Virtual size: 8B

_RDATA
Size: 77KB - Virtual size: 77KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 32KB - Virtual size: 31KB