66b1d51141b3a[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

66b1d51141b3a.exe
Size

695KB
MD5

eaf2f8a1b762d81598ec61d058fc9475
SHA1

8033146dfe1b8a2b81b286f26765fb937b605d9e
SHA256

b54daae39a0ffeed826e701044dfa7505c3b2466ce08cf0624e0515c87b75a6c
SHA512

75b21c8e77a1c5c7dde3273f584ee08899d1cf435a472cb8b7a03691df37bfa9435cdf20e5b921849b291d1bc768936a8f8d4696568039004604f5d1e4653267
SSDEEP

12288:o+d+52mQEvxRs0QsXUAw3djV8SAXq4kunoCveVmL/zvQIyurIBr:zuZQ1gXUn39AlLnbLDYr

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66b1d51141b3a.exe

Files

66b1d51141b3a.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

0>Q(_B\`
Size: - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Zd"itmI=
Size: - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

jDmwHEA4
Size: 693KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

5X5AgH0z
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ