4a8c51a3a3840406e297305d71db78ab1ea45900eadfd0e4c78706c55c4b655bN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a8c51a3a3840406e297305d71db78ab1ea45900eadfd0e4c78706c55c4b655bN
Size

697KB
MD5

e23977dda4d98095cf71168958ecde10
SHA1

ab037c324fa7151c5c25c6d9a84a45ef232adefb
SHA256

4a8c51a3a3840406e297305d71db78ab1ea45900eadfd0e4c78706c55c4b655b
SHA512

12b4a5efbd764e5ebefd88c093217cdd3a7888acd7217dbfe579c35e89bdf3900cddb441c5c01c569f39f4f43cbc48aa829393f16e0c61295a9e628cf12ee259
SSDEEP

12288:krodrwiAExI1OvGrlW6KTtVlSnBx1ebEGigx9mCK7DIY:QoJLyOvGpExVlS52pJrmR0Y

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a8c51a3a3840406e297305d71db78ab1ea45900eadfd0e4c78706c55c4b655bN

Files

4a8c51a3a3840406e297305d71db78ab1ea45900eadfd0e4c78706c55c4b655bN
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

G5d_)W82
Size: - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

h(SZ]g33
Size: - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

7^'2BK.8
Size: 695KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

g:,1jMMI
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ