RexonPAID[.]dll | Triage

Resubmissions

01/06/2024, 20:52

240601-znzjrsef6s 7

01/06/2024, 20:37

240601-zee4rsfa97 7

Sharing

Copy URL Twitter E-mail

General

Target

RexonPAID.dll
Size

4.6MB
MD5

72e12f88054a232afbf5dcc9394c63ff
SHA1

34a8a12c3e0fd99e0db04bf6842289a5e6d37cc7
SHA256

dbd5dcba622cbdd594335d8d70812e8a54aa239e089cfb90f29b15da6e88d042
SHA512

fe7d719a1aa3358f9370366600eb035777da72143f951e8e4ead219995a29e56aa0aa73a556102489706bc5ceac5ee42a01c08fedbb90c34308772678819681a
SSDEEP

98304:OyNTHcApGzwa4eUAXOgXzdJfe8WPovtvLnrgLOTGjez/3aMM9GI7V:OyNTHcApGzwa4eUeOUzdJe8WPovtngL0

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RexonPAID.dll

Files

RexonPAID.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ