cc15d0ce7cf2017446bf74877bb50a71260dd61fdf0d80e0e79e64c198c91cf6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cc15d0ce7cf2017446bf74877bb50a71260dd61fdf0d80e0e79e64c198c91cf6
Size

893KB
MD5

c4d36ad7b6627358b02e779914fea200
SHA1

3ef453dc6fa1a79680a12272f2b50a0c109a7715
SHA256

cc15d0ce7cf2017446bf74877bb50a71260dd61fdf0d80e0e79e64c198c91cf6
SHA512

c7f4dd98c20273d6bf4aadb39dcdd878f67c5f0149aab8c04ea6913b3d0029e6a5cffbe555744d6221c135365471bacfa73b2313ee8d58e9cabe078ef1e1bb14
SSDEEP

6144:5Z5tpiRw39OD0U0GbI33r7Lv5D91zRKRz8RzcRz7IDRzmUQRz8Rzq:/5YZ0/3r7Lv5D91zRKeqeKu

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc15d0ce7cf2017446bf74877bb50a71260dd61fdf0d80e0e79e64c198c91cf6

Files

cc15d0ce7cf2017446bf74877bb50a71260dd61fdf0d80e0e79e64c198c91cf6
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

vMailExceltoPSTConverter32Bits.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 786KB - Virtual size: 786KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ