Static task
static1
Behavioral task
behavioral1
Sample
2024-10-30_cc9ab55b63738d3320e4249f210eb21a_hiddentear_hijackloader.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
2024-10-30_cc9ab55b63738d3320e4249f210eb21a_hiddentear_hijackloader.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-10-30_cc9ab55b63738d3320e4249f210eb21a_hiddentear_hijackloader
-
Size
351KB
-
MD5
cc9ab55b63738d3320e4249f210eb21a
-
SHA1
fe81d79df7e3e0497501ba9627962c25693c1f1c
-
SHA256
cd408aa67ec73ca9938dd4f97e1f520cd106466752c48d41547d9dee38efaef7
-
SHA512
acee588a3c0d4357af531411797235cac1df733b77754f77a171e916b93a4631d539ce3b504d2d06d9de92c51439203c93077ea2b3bc1b1ef0ccd2590b21cc18
-
SSDEEP
6144:cpIOU6F4Z5zkR0R5r3PsnrysQHRxv3S9Sy+lDAA3W:GIj6uNkRirCQDekdAAm
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor
Files
-
2024-10-30_cc9ab55b63738d3320e4249f210eb21a_hiddentear_hijackloader.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
b9:76:ea:a0:25:bc:95:48:ae:14:79:65:35:df:f7:b8Certificate
IssuerCN=Baloon,OU=213,O=Baloon LLC,L=Mountain,ST=505,C=DENot Before30-10-2024 02:48Not After31-10-2025 00:00SubjectCN=Baloon,OU=213,O=Baloon LLC,L=Mountain,ST=505,C=DE0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before26-09-2024 00:00Not After25-11-2035 23:59SubjectCN=DigiCert Timestamp 2024,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
b9:76:ea:a0:25:bc:95:48:ae:14:79:65:35:df:f7:b8Certificate
IssuerCN=Baloon,OU=213,O=Baloon LLC,L=Mountain,ST=505,C=DENot Before30-10-2024 02:48Not After31-10-2025 00:00SubjectCN=Baloon,OU=213,O=Baloon LLC,L=Mountain,ST=505,C=DE0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before26-09-2024 00:00Not After25-11-2035 23:59SubjectCN=DigiCert Timestamp 2024,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c5:4b:48:13:9f:1c:56:74:e1:72:81:c8:a6:9e:66:c7:49:eb:fc:5f:5a:89:c3:67:0d:64:4a:b4:65:e4:0d:2cSigner
Actual PE Digestc5:4b:48:13:9f:1c:56:74:e1:72:81:c8:a6:9e:66:c7:49:eb:fc:5f:5a:89:c3:67:0d:64:4a:b4:65:e4:0d:2cDigest Algorithmsha256PE Digest Matchestrue9e:d5:15:b7:e6:23:3d:1a:bd:c6:99:ca:e6:78:05:5a:9d:f9:b1:c3Signer
Actual PE Digest9e:d5:15:b7:e6:23:3d:1a:bd:c6:99:ca:e6:78:05:5a:9d:f9:b1:c3Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 236KB - Virtual size: 236KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ