C:\projects\colorful-console\src\Colorful.Console\obj\Debug\net461\Colorful.Console.pdb
Static task
static1
Behavioral task
behavioral1
Sample
XYZ_nova_unbanned.zip
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
XYZ_nova_unbanned.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Colorful.Console.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
Colorful.Console.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Loader.exe
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
Loader.exe
Resource
win10v2004-20240802-en
General
-
Target
XYZ_nova_unbanned.zip
-
Size
87KB
-
MD5
f5cba228cac0617425611c9ca5b25472
-
SHA1
e9b52aa3daa12b6118ecf4c81736355d3379c6fc
-
SHA256
1cf987040a2f3adecd5523a087834c588712f511db21d94f8a73fa4928375662
-
SHA512
38c930b69983bc6bae30058fbb0d3820e61097cad02a232cfa9c2309c1630ee3a8f5b7c3ea27b5c508fa4926bc25742e1aec0cffe9ddebcf9602a0ea8b0effc5
-
SSDEEP
1536:IeEiLwrjH1yXNrFj4Tkp86tn3WE8ju8/dcEJVKxrKO1np7WHdS:GjVyXNr+TkaaWEe3FBJ4x+iS0
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule static1/unpack001/Loader.exe net_reactor -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/Colorful.Console.dll unpack001/Loader.exe
Files
-
XYZ_nova_unbanned.zip.zip
-
Colorful.Console.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 86KB - Virtual size: 86KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 992B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Loader.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Loader.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 102KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ