Loader[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Loader.exe
Size

5.5MB
MD5

10614cf2f1776ac3cdde30d497897c72
SHA1

91c441810fee12a4c04e33649c590c33a3bd1427
SHA256

18ed1ce822016af6ad90ba47dd82f0848837d7b047eb019af2518877469f494e
SHA512

3dfab245a2e9818c0a86ccc7f85d09aad954e7194b193e361f1386bd5023fd94ebdf616233eefc84b6f7af49c9484bc6f82a84a77188e9d828153df9ad197e46
SSDEEP

98304:jAxZzZlTxAhUIFzK1U1cmQGb9QgfRRG0kNjNP2AQIJqv:jUZtlKhUIFiUpQKmgf8BP24Jqv

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

Processes:

resource yara_rule

sample net_reactor

resource	yara_rule
sample	net_reactor

Files

Loader.exe
.exe windows:4 windows x86 arch:x86

Password: E

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:bf:47:0c:61:f3:c3:cc:0b:53:fc:e7:24:c1:5e:82
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21-04-2021 00:00

Not After

25-04-2024 23:59

Subject

CN=Mullvad VPN AB,OU=App,O=Mullvad VPN AB,L=Göteborg,C=SE,1.2.840.113549.1.9.1=#0c0f617070406d756c6c7661642e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:15:00:64:a5:51:97:ae:95:5a:7f:fd:d1:fc:e8:83:90:ed:b4:32:3f:01:cd:32:2a:c1:11:94:11:67:89:c6
Signer

Actual PE Digest

08:15:00:64:a5:51:97:ae:95:5a:7f:fd:d1:fc:e8:83:90:ed:b4:32:3f:01:cd:32:2a:c1:11:94:11:67:89:c6

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

pavgo5i7V.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: E

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:bf:47:0c:61:f3:c3:cc:0b:53:fc:e7:24:c1:5e:82Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:15:00:64:a5:51:97:ae:95:5a:7f:fd:d1:fc:e8:83:90:ed:b4:32:3f:01:cd:32:2a:c1:11:94:11:67:89:c6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.rsrc Size: 150KB - Virtual size: 150KB

.reloc Size: 512B - Virtual size: 12B

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:bf:47:0c:61:f3:c3:cc:0b:53:fc:e7:24:c1:5e:82
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:15:00:64:a5:51:97:ae:95:5a:7f:fd:d1:fc:e8:83:90:ed:b4:32:3f:01:cd:32:2a:c1:11:94:11:67:89:c6
Signer

.text
Size: 5.4MB - Virtual size: 5.4MB

.rsrc
Size: 150KB - Virtual size: 150KB

.reloc
Size: 512B - Virtual size: 12B