c95a42c985821df22b6b6af61d53127a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c95a42c985821df22b6b6af61d53127a
Size

264KB
MD5

c95a42c985821df22b6b6af61d53127a
SHA1

a3bba4166461ebc275f2b7427fe04a68256c112d
SHA256

6c33210e8d995ed94da1c47bef4d035025ac44b264be87cf535abf5d4a9b6938
SHA512

07e82e47e2516dedf40a88b93685cbb192bb0fc6e5ba7a6c3ab8ac923a4a6b3da48d30d6fea9ff066a9813261b73e9b90fcd47bf9d5642597440ae0431a2bf73
SSDEEP

3072:LwPGlOt4OOTSHzFqwpQbO2sAl0L1ZCm2GffffY6vvsMMYJv1vSgFYRkJqYmS6qY:8OlvTSTxSbOBAQv/2Y9tn4R1mPwdlQ

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c95a42c985821df22b6b6af61d53127a

Files

c95a42c985821df22b6b6af61d53127a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AqasysNet.Redundanz.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ