Static task
static1
General
-
Target
RexonPAID.dll
-
Size
5.1MB
-
MD5
7f85ae133e777ce920ea4594ec5c5939
-
SHA1
76f55e5b30aac8cf00c3cee5779223c3a125f577
-
SHA256
4b5288ee84405e93a711d4197d6c9964bf5a0199f3d760b93a51274b88cc31a4
-
SHA512
4ecafa61fbe8b82f6bbbfed6419791f43662db31a4f903dfdaeb06d6d5109206da3ce2ecbf4094289b229294714d0f04eb66e1fff6ad4d7f06d5bd7a25c616e1
-
SSDEEP
98304:z054geiIgYRlH6AjHM2z/mIUL88304lKsJAd/NvYrok7nSa:z054geiIgYRlH6F2TmIUL8U3lK2Ad/Ng
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RexonPAID.dll
Files
-
RexonPAID.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 5.1MB - Virtual size: 5.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ