Static task
static1
Behavioral task
behavioral1
Sample
9b3430f42a0fb00d014c2fa208662865.exe
Resource
win7-20240903-en
General
-
Target
9b3430f42a0fb00d014c2fa208662865.exe
-
Size
4.8MB
-
MD5
9b3430f42a0fb00d014c2fa208662865
-
SHA1
09a16508bcc0a6da90c272daa2eff627ccd3205d
-
SHA256
8062eb6eea56d33e35ea32f6eef98636bbd66c2d177c1889c4f0a960b0d14d47
-
SHA512
d2887d08a66e10af1e89fb60f2a4f8d7bae7dc5cccc0301a70cb5ff120094c5e6247b44cf3b1b2b1c7e5d48e687319b842a721d757ebb44cf484ef766db92e29
-
SSDEEP
98304:CdlaF/1RByjAQG/Mul2rq/aReDkizMeQUh:CdYvkji/Mul2rVe4iwVUh
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9b3430f42a0fb00d014c2fa208662865.exe
Files
-
9b3430f42a0fb00d014c2fa208662865.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 4.6MB - Virtual size: 4.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 233KB - Virtual size: 232KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ