SeroXen Toolkit[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SeroXen Toolkit.exe
Size

38.1MB
MD5

87416030ed7ca192ef2ca41463d51bef
SHA1

44570a40759d3a36d1bedbe37e56468925aec4c8
SHA256

7203f9e5a4fdf5d3e6cfd1dc9d2a67a8ebaf7770cc5a0d72f32c5962215a4846
SHA512

11c9187053cf80dd4af41d666d14a2f6107b0a84b861c10faa0b07778b16c46e3141c510d564bf3b98fbb27aba484b3d2b1bf8cd44383238af47513508a199bd
SSDEEP

786432:6Mq8TErqJVoC5kkTZaQ0aL+kdc95fTvr2FkCVEzHTorPehHesv0Ad/+7pHCpqBa5:6MqwJdN4Q049Of7DErPD6ZmpCpqcP

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

resource	yara_rule
sample	agile_net

Files

SeroXen Toolkit.exe
.exe windows:4 windows x64 arch:x64

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

29:99:95:c9:49:4e:af:81:71:c5:54:9f:29:8a:a1:df:d5:94:b1:44
Signer

Actual PE Digest

29:99:95:c9:49:4e:af:81:71:c5:54:9f:29:8a:a1:df:d5:94:b1:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\C5\Documents\SeroXen Stuff\Quasar-master\Quasar-master-release\bin\Release\net452\REPOS\SeroXen Build2Lnk\SeroXen Build2Lnk\bin\x64\Release\Secured\SeroXen Build2Lnk.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 38.1MB - Virtual size: 38.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ