Static task
static1
General
-
Target
RexonPAID.dll
-
Size
4.4MB
-
MD5
c329a45420ba3afe0da40ad6d58eb5b2
-
SHA1
33c4cb07c882b4ff9e27a63ac9ed053dbe3c8443
-
SHA256
1499ef2fe513dd208ceff4630419007944d85e4ae5d68b2bc760cf0f8795efe9
-
SHA512
6bcfa983171b4a673cf3ee537c7ce8519ab64725ca82225d43da19ef6c54c2588f0d331059a68b56379bdab37fe5d37ce4738275bf0e7d46228a1466f6e128b0
-
SSDEEP
98304:576KKhzrNbSnK6+PZtMZu2xrBp3CFP9MHUm5ERvenlZ8s9VI:57xKhzrNbSnP+TMZu2xVp3C99MHf5ER9
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RexonPAID.dll
Files
-
RexonPAID.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ