RexonPAID (1)[.]dll | Triage

Resubmissions

02/06/2024, 06:26

240602-g66rpaec43 7

02/06/2024, 06:18

240602-g2n13sde4t 7

Sharing

Copy URL Twitter E-mail

General

Target

RexonPAID (1).dll
Size

4.7MB
MD5

4edcb8c00abe1c7f01db4af8daa071a1
SHA1

ba9bfa572768de60dd5f693dd990615ee248008e
SHA256

4faf72b30db4c44595a3a34532dd9988db36c2aa69d254b4b2bc5e139415619f
SHA512

e6ec560c99242512b5f804941a81a4fbc5bbcb297c6ebd91f7648000c9a3d6a3ce4f4ca32653fea5272c4089d1486a2f48152b8bb4646d96fe12b0b3b3fef17c
SSDEEP

98304:Wd6uHYmGG6P+s7AwHMwlEp3tGRQFd/cSzvADljnu+:WdhHYmGG62s7AwHMwlEp3WQ3cSzvADl/

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RexonPAID (1).dll

Files

RexonPAID (1).dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ