JOKER OFFICIAL.pdb
Static task
static1
Behavioral task
behavioral1
Sample
1b3a73040e35a4aad3694d3d036446d3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1b3a73040e35a4aad3694d3d036446d3.exe
Resource
win10v2004-20240226-en
General
-
Target
1b3a73040e35a4aad3694d3d036446d3.bin
-
Size
2.8MB
-
MD5
1b3a73040e35a4aad3694d3d036446d3
-
SHA1
9f64debc8f7fe6ffd922073da0f4ed54139ad9c8
-
SHA256
27641498d9b498595cd6a181370f81b1e3b64d7155ff95f012babf362b60b4e2
-
SHA512
f9e3276149ec2e2084b69464002c3c58d519bd32ac3f012f92cdb310af24a597e69e079d1ccc573437f52ef0ab35b07884316b91f7013060e5695964f14a1fd3
-
SSDEEP
49152:ZIMqVJqJIXxNjdCHoE0exs/fV4BgZ/A/M0rIV2yyX/Nn:Z3PIGoy/BgZ/OR80ySn
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
Processes:
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1b3a73040e35a4aad3694d3d036446d3.bin
Files
-
1b3a73040e35a4aad3694d3d036446d3.bin.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Sections
.text Size: 2.8MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ