Static task
static1
Behavioral task
behavioral1
Sample
DeadCode-cleaned.exe
Resource
win10-20240404-en
General
-
Target
DeadCode-cleaned.exe
-
Size
484KB
-
MD5
c05634394cdf69cf451fc960950b9d8c
-
SHA1
a6fbf379f044073dc8ca9ee1f352c3bca7ddbd78
-
SHA256
237f3360e582a803415f99c0c0c0deaf7140f1d7eebe47c31132c3f64500b784
-
SHA512
04a437325c9b7622e0644f8898f4b6c5fbf4cd3a2b55784a3841fee66bc3fb1725c8fe3b3600489865105ea8966ccfc6ea3824a1e0212a280523abe993ca62d3
-
SSDEEP
6144:V9uUJln3G8japXCCfvSXWKj06HS7fws3Ped6RlAM1RUgqvB:V9usln28+xCi1b2d6+
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource DeadCode-cleaned.exe
Files
-
DeadCode-cleaned.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 377KB - Virtual size: 376KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ