b31046194d5645b249c871d72874b3b2b5f5ee56104dd728c1b6e9e56433952d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b31046194d5645b249c871d72874b3b2b5f5ee56104dd728c1b6e9e56433952d
Size

1.6MB
MD5

a9c6e45742a26a1e1b0c0005cff016f3
SHA1

8ab60c6f3f2e46ac2ac39aa9187cfdbda4732224
SHA256

b31046194d5645b249c871d72874b3b2b5f5ee56104dd728c1b6e9e56433952d
SHA512

41e5d7e41fc2f1da0b25e55b68af100508376bb6b809ae99b9f4c0c8c44cc0efa203d3e4b719510fcd7431e85e66fa505a6ac65c4f29f90273b5030c8a813b31
SSDEEP

24576:zvX28jGghlqJW7SZdR8R2Xl5m7ZXuMsIR6ON7X8O6b1VjGSikm28FFRVUneRqx:7Vfqwq8RomtXUI4MGRVtm28FFRVUn

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b31046194d5645b249c871d72874b3b2b5f5ee56104dd728c1b6e9e56433952d

Files

b31046194d5645b249c871d72874b3b2b5f5ee56104dd728c1b6e9e56433952d
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ