Static task
static1
General
-
Target
RexonFREE.dll
-
Size
1.6MB
-
MD5
c42516b5c5173694d535f65579409ea4
-
SHA1
b5bfe357b8c3fa1f9621dee6fa230689f6b7b95a
-
SHA256
05c3a977fa5e0074c1dab26c08296979753d8709bfecc7b44d8046aef79936a6
-
SHA512
94e3d5f019f23a27a3dcd0aeb91a62cd7f74d3dd2689d3e5dba5e891c017aea4e66c12c78ae6a567b079b13d218c4a5fbc53eeff4e744427e26b3d47bd9d139e
-
SSDEEP
49152:HaYbX/UWqZsYheRl1ESo0miUpam9AvPGF9qYh/5kKY1mqqVHXRONE2VbmE2RFKZN:HaOYXRoFhkxJldW
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RexonFREE.dll
Files
-
RexonFREE.dll.dll windows:4 windows x86 arch:x86
Password: zavsfree
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ