Static task
static1
General
-
Target
RexonFREE.dll
-
Size
3.9MB
-
MD5
b978f92b989cdcdac9ed4faad8fc00bc
-
SHA1
edd1b53091f1d4bdc5334ab700893380227326a1
-
SHA256
5ecd2ec18cc1283f1718050efa93ab641be171ee14d090ed6dfc39cf9fb8d949
-
SHA512
01c0c22bf4950f94a2edb1d0c1a1c108d2c53337378e3e63426825fadeca4cbceeb32173c47c71ec4d16e2aeef86553066be8d04ed855f8866c39ae841edbb7a
-
SSDEEP
98304:ew7009I+2Lmh6pA/tj/BAorHPPQb1AY8t:ej09t2LmcpAVj/B5rHPPQb1AY8
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RexonFREE.dll
Files
-
RexonFREE.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 3.9MB - Virtual size: 3.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ