General

  • Target

    Desktop.rar

  • Size

    1.1MB

  • MD5

    be745da42d890da3a7101d151440eac7

  • SHA1

    822680e969b96b3dbb114364bf1b6859fefdb46a

  • SHA256

    c7a83f87a794a496f0274ea9809496c5f1f765ac7ea9c7d90bc9b9dbcb99b0d5

  • SHA512

    f0c42be0df379c55d91f4497f16c58785682d1075ff18eb8ee77244a91151773997b05e3a1b57b0ed478510c9735d2fbac1ace6494e07fc661de7fb7d1b9b7df

  • SSDEEP

    24576:I33vV6GlG4lqjQT/mVhVMQHSR05mIV/nuMmlb18mbT0RNzUQ:It9+rNHSRmmMuMCb2kkNd

Score
7/10

Malware Config

Signatures

  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • Desktop.rar
    .rar
  • Babel Deobfuscator(XenocodeRCE).zip
    .zip
  • Babel Deobfuscator(XenocodeRCE).exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • dnlib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • disk spoofer.dump_Slayed.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections