Static task
static1
Behavioral task
behavioral1
Sample
2279e3a12dd54692c3599d976f558148ba1a6ce0ca4058cffcd1d00d31bf2439.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2279e3a12dd54692c3599d976f558148ba1a6ce0ca4058cffcd1d00d31bf2439.exe
Resource
win10v2004-20241007-en
General
-
Target
2279e3a12dd54692c3599d976f558148ba1a6ce0ca4058cffcd1d00d31bf2439
-
Size
114KB
-
MD5
4a60a0407f0b836bfcba46581e7b1497
-
SHA1
9373725022363230a486bde5d2ef4db295fa7f62
-
SHA256
2279e3a12dd54692c3599d976f558148ba1a6ce0ca4058cffcd1d00d31bf2439
-
SHA512
445fa53fa83a38a9efca13ac6d0321d52a174d073b170eec931771bb37fade3f0de15db6e74261eab7e5d0cca57150870b168d4bb51177b9d847972b471fd690
-
SSDEEP
1536:GxgoGOdBGnY+1P75AzTliRVcwTLNZ/MhHPGbfSGZ+VLL3nNEYmYvwo:0aY307cwFVMRG7SGZ+VP9h
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2279e3a12dd54692c3599d976f558148ba1a6ce0ca4058cffcd1d00d31bf2439
Files
-
2279e3a12dd54692c3599d976f558148ba1a6ce0ca4058cffcd1d00d31bf2439.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 110KB - Virtual size: 110KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 177B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ