668dd66f3af5e[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

668dd66f3af5e.exe
Size

695KB
MD5

9340606636ee36434181e7b2c8d61dc9
SHA1

c9cf494d16e30b86ccb0dd0e46b5f7645abbab65
SHA256

67a9d7d397897360646ba63292caab14c1d37281013b167d433e124c5373c5a3
SHA512

cc0a698f6c10f4168d286ad296ae45ffedad07b7a8f5578063083579a432a84732a01b84fc104498253fe43e86b37f4631f7ca9742f3dad85375482bfa89cb58
SSDEEP

12288:h5MXoKJiZDXC57+dWByhc+0wOyyYdOuWS5IM1jjyQZ4wEtqyocA:h56KW1yelyyfhkv5yQZJEfocA

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
668dd66f3af5e.exe

Files

668dd66f3af5e.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

RiX6E[P'
Size: - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

JwX:\wU-
Size: - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_V"9pX&=
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Umw"d7q/
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ