2a0ee9becaa0c18f73077b191a2f32d3bbb8d0e1e3d0729b8ddbd9b708697399 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a0ee9becaa0c18f73077b191a2f32d3bbb8d0e1e3d0729b8ddbd9b708697399
Size

115KB
MD5

81a795980eea2237d94cdbccf5393305
SHA1

62b5724e3ae591d893ada764932eafff7e3f84df
SHA256

2a0ee9becaa0c18f73077b191a2f32d3bbb8d0e1e3d0729b8ddbd9b708697399
SHA512

66313a1a40917326dafd36bd389e9ae775ec9ffe985fb7e86a5d2493f54fa74fc01010698466f1f4ea4ce4ce3114ef49dcb8d58677e2a3a755dc2f71276cd9ae
SSDEEP

1536:6DI3BUuC5ASF1sqwZ5gfk3V+9Rx66RlJFJ7zogaSsI9aOF7z:lU9Ak1q22WHRlR70vIaON

Score

10^/10

Malware Config

Signatures

Detects executables packed with unregistered version of .NET Reactor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_DotNetReactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a0ee9becaa0c18f73077b191a2f32d3bbb8d0e1e3d0729b8ddbd9b708697399

Files

2a0ee9becaa0c18f73077b191a2f32d3bbb8d0e1e3d0729b8ddbd9b708697399
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Runtime Broker.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ