Nova[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Nova.exe
Size

10.2MB
MD5

e7469c583c37da1fe29697690c9e59e9
SHA1

98d814267a6220bb058ebc7a5fb7f63934532025
SHA256

6579e77b88d8a52a6f2e5bdabec3fe53013ead2592f82509d118825c7bc1c4b2
SHA512

4644180691ed493f4ceba043fce6bc0791e96a9aca650bd1fd4a3b7424b50e956028bc81cbcf16a4246bd9e2ede3d3075965f8ff2a9e21f5d1a26704ece5e338
SSDEEP

196608:OSXeN8Ee/TSOzEnZbu/83r/ySEfDbI7MGvLwX4Mxk7U9p6GRaOSUQj7JTRY9Z:rXeN8Ee/TSnFAkYrbaMGvLwXnk7U/YUh

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Nova.exe

Files

Nova.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Nova.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ