Static task
static1
Behavioral task
behavioral1
Sample
Hackus.exe
Resource
win10v2004-20240709-en
General
-
Target
Hackus.exe
-
Size
2.6MB
-
MD5
b98582a96f3d102a3d45e7ed1111268b
-
SHA1
b1f4886d90acf2ab70477a043dea8b668a7494bc
-
SHA256
fb5518b93f5a75c4ddb033a5a1e8189d2e8177c863c8b86c0adbb2de90a928a3
-
SHA512
51530cbd2a90a0687203132ea5e8a40c7dd0ff3275e1183020ebd60707a360f66106eaf1856716f64d24ff06b0fd2ad1e29f12019e7d68bf00dc9cbe3a7afc1b
-
SSDEEP
24576:b66l+Tg33ypYcJ52Ymx35h0s5zQ+6fe05bdgBJrGrdqDwEHK2oJ8BoZecPKeNlGm:ZlP3G5KT6W0/KJQdqsF5JcJ+l2Vb
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Hackus.exe
Files
-
Hackus.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 299KB - Virtual size: 299KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE