file[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

file.exe
Size

5.4MB
MD5

60f5b5a5420f6581e3f48a9438cb5c55
SHA1

67431beaa088af3274bb161da2e8f1e2fb8f4ffb
SHA256

a7f095e49a35dd1f037ed9309d33e2b346bd750b612912aa7673cbbab609aebb
SHA512

6ead66070e0025a02c0aeb581bae6da7007dd668cca1a3dbce9b8cfc5e3a7ef99fe29ae3469b412970c002d4cdd318a278566f6d4446748ca2d3438445427abf
SSDEEP

98304:JRtYDvYgAi2FIV2Yf6HTTRep72QRsiFoXBc3N8RXfM4LqFG9:JYGjT1e12QqWN+fDB9

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Files

file.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

62:f8:12:a3:5f:52:bd:74:b7:18:d6:10:ac:4b:47:83
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11-09-2018 09:28

Not After

11-09-2023 09:28

Subject

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26-03-2019 17:44

Not After

22-03-2034 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:55:9d:9a:1e:2f:c1:a4:79:d6:27:68:4d:11:3a:59
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19-08-2021 19:03

Not After

18-08-2024 19:03

Subject

SERIALNUMBER=C 86211,CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Prague,C=CZ,1.3.6.1.4.1.311.60.2.1.3=#1302435a,1.3.6.1.4.1.311.60.2.1.2=#1306507261677565,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09-12-2022 18:30

Not After

06-12-2032 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11-09-2018 09:26

Not After

11-09-2023 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13-11-2019 18:50

Not After

12-11-2034 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:70:e6:81:87:86:54:13:a7:88:34:e3:92:f5:f0:03:ad:82:18:57:0d:d5:96:0f:07:ae:8e:57:db:bf:40:8f
Signer

Actual PE Digest

d8:70:e6:81:87:86:54:13:a7:88:34:e3:92:f5:f0:03:ad:82:18:57:0d:d5:96:0f:07:ae:8e:57:db:bf:40:8f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

62:f8:12:a3:5f:52:bd:74:b7:18:d6:10:ac:4b:47:83Certificate

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

78:55:9d:9a:1e:2f:c1:a4:79:d6:27:68:4d:11:3a:59Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1cCertificate

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

d8:70:e6:81:87:86:54:13:a7:88:34:e3:92:f5:f0:03:ad:82:18:57:0d:d5:96:0f:07:ae:8e:57:db:bf:40:8fSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rsrc Size: 53KB - Virtual size: 52KB

.reloc Size: 512B - Virtual size: 12B

62:f8:12:a3:5f:52:bd:74:b7:18:d6:10:ac:4b:47:83
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

78:55:9d:9a:1e:2f:c1:a4:79:d6:27:68:4d:11:3a:59
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

d8:70:e6:81:87:86:54:13:a7:88:34:e3:92:f5:f0:03:ad:82:18:57:0d:d5:96:0f:07:ae:8e:57:db:bf:40:8f
Signer

.text
Size: 5.3MB - Virtual size: 5.3MB

.rsrc
Size: 53KB - Virtual size: 52KB

.reloc
Size: 512B - Virtual size: 12B