Overview

overview

10

Static

static

7

Software v...er.exe

windows7-x64

10

Software v...er.exe

windows10-2004-x64

10

lib/settin...ngs.js

windows7-x64

3

lib/settin...ngs.js

windows10-2004-x64

3

lib/settin...gs.ps1

windows7-x64

6

lib/settin...gs.ps1

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Software v1.24 loader.zip

  • Size

    357KB

  • MD5

    6a74be808f6690435438cd87c7e9f83a

  • SHA1

    6fb19ecb1ddb4ed74073f5f52067d7d06931ee9f

  • SHA256

    b782dae2d00f935788f0714d0e337fcb2fa600318797d1beb19ab375d2f1d4b5

  • SHA512

    3d92bf1367360d3251af21a21a965a9df2f64b64f88396ea5b15d08f17d29394575f3f129102f4f95d68d6d43814f24b71332c4d62fbe965280615118a65b7c4

  • SSDEEP

    6144:0rP8n67fkst4Bke9NCzKxDG7HRQbnlhePIP11ATwg/nEkhB2CCUuHiQ9p:u9ftLlzRQBYMAP/EOA1iQ9p

Score
7/10

Malware Config

Signatures

  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Software v1.24 loader.zip
    .zip

    Password: 5868

  • ReadMe.txt
  • Software v1.24 loader.exe
    .exe windows:4 windows x86 arch:x86

    Password: 5868

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • jre/bukkit.yml
  • jre/commands.yml
  • jre/config.yml
  • jre/help.yml
  • lib/settings/.editorconfig
  • lib/settings/admin-settings.js
    .js
  • lib/settings/admin-settings.less
  • lib/settings/images/icon-layer.png
    .png

    Password: 5868

  • lib/settings/paper.yml
  • lib/settings/server.properties
  • lib/settings/spigot.yml
  • lib/settings/tpl/help.php
  • lib/settings/tpl/settings.php
    .ps1
  • lib/settings/tpl/welcome.php