19aa5577f1c6c8fa4e591fce6bf04b8de86abb2cef17c52921be997c7ec42a6f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19aa5577f1c6c8fa4e591fce6bf04b8de86abb2cef17c52921be997c7ec42a6f
Size

1.5MB
MD5

d303f717f13f43b053dc19b1d133978e
SHA1

9d6ce0c37afcbb8a3c0076c22b9a7bf5b7912027
SHA256

19aa5577f1c6c8fa4e591fce6bf04b8de86abb2cef17c52921be997c7ec42a6f
SHA512

0fc3c1376ad78f67db1611a380fe82d1c802c45b3471664b58b4a260e228ee7123582219f2b71060c38d94e0bc13313af1b03bdae1c1a7d3b1e99ab87eb0eba9
SSDEEP

24576:zzntVET5NxUpWcU6cHMR1Lx17K/LbXzedL494HA+cH0Nn4tysiq9xgtoXHHnis1:zjtXoHELMYHA+cUNnyys/9xhXHis

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19aa5577f1c6c8fa4e591fce6bf04b8de86abb2cef17c52921be997c7ec42a6f

Files

19aa5577f1c6c8fa4e591fce6bf04b8de86abb2cef17c52921be997c7ec42a6f
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ