I have noticed that Eziriz .NET Reactor (6.x.x.x) is no longer detected since version 3.06.
It seems that the rule that detects (Dot Net Reactor.2.sg) the Eziriz .NET Reactor has completely disappeared from the repo.
Sample I have tested:
sha256: 45dc4518fbf43bf4611446159f72cdbc37641707bb924bd2a52644a3af5bab76
Hi,
I have noticed that Eziriz .NET Reactor (6.x.x.x) is no longer detected since version 3.06. It seems that the rule that detects (Dot Net Reactor.2.sg) the Eziriz .NET Reactor has completely disappeared from the repo.
Sample I have tested: sha256: 45dc4518fbf43bf4611446159f72cdbc37641707bb924bd2a52644a3af5bab76
References: https://www.youtube.com/watch?v=3t9BEdA4ch8&list=RDCMUCVFXrUwuWxNlm6UNZtBLJ-A&start_radio=1 https://malshare.com/sample.php?action=detail&hash=45dc4518fbf43bf4611446159f72cdbc37641707bb924bd2a52644a3af5bab76
I am unsure whether we should go back to 3.05 if it is mainly about analyzing .NET samples. Why was the rule removed?
Maybe it is possible to improve the rule based on this sample.