Static task
static1
Behavioral task
behavioral1
Sample
04cf19770a11dd188e9396789561059a84f2baccc956fc77e8134a42c2d09f21.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
04cf19770a11dd188e9396789561059a84f2baccc956fc77e8134a42c2d09f21.exe
Resource
win10v2004-20240426-en
General
-
Target
04cf19770a11dd188e9396789561059a84f2baccc956fc77e8134a42c2d09f21.exe
-
Size
5.1MB
-
MD5
a08f0a375dfcfbd301baf19640e0f319
-
SHA1
d0eec4bbca1c2efcae03ca3568006a760a3a4b34
-
SHA256
04cf19770a11dd188e9396789561059a84f2baccc956fc77e8134a42c2d09f21
-
SHA512
9056ba67828298bf395d0f249fc171c6179ceb2363da985dd1b082f83762b478cce57276be2ea43e93cf38e0981eb984f4bf1fe21bb716c4866ef91457d5d210
-
SSDEEP
49152:gzlsiRwPVALodv5ezAayuESxLZfsUyRRBIH2yHnJh4r5Nvo6X29ke0UzMPy7lyEX:gzlsiRtDdnu42yHQDv5o0IKDTK
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 04cf19770a11dd188e9396789561059a84f2baccc956fc77e8134a42c2d09f21.exe
Files
-
04cf19770a11dd188e9396789561059a84f2baccc956fc77e8134a42c2d09f21.exe.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 5.2MB - Virtual size: 5.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 154KB - Virtual size: 153KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ