D:\.Code\C#\LithiumNukerV2\LithiumCoreFramework\obj\Debug\LithiumCore.pdb
Static task
static1
1 signatures
General
-
Target
Lithium Nuker V2.zip
-
Size
306KB
-
MD5
b0669fdf8616ea2f3ebe00cee1053549
-
SHA1
0c49ca1645310380c8aa4916e93268bcff1a519e
-
SHA256
9327105ea83ce5dc8f6c8b7d76494a724116a0ca9830e07102c670d7b69cbc43
-
SHA512
259424cc4f58133cfa17a811a4ec32251b11b6a0f6f0f2560cdafcb84e087405faa71f9efcd85ff46380bb756182a71ee8ed93004386f651cd23b04675772a3a
-
SSDEEP
6144:HRZVLlfh7rZthO+JjkuHEEAt/wz/60CkCRB/MQg:xZdfrXg+JwuKt/S/60r2Bzg
Score
3/10
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/LithiumCore.dll unpack001/LithiumNukerV2.exe unpack001/Veylib.dll
Files
-
Lithium Nuker V2.zip.zip
-
LithiumCore.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
LithiumNukerV2.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\.Code\C#\LithiumNukerV2\LithiumNukerV2\obj\Release\LithiumNukerV2.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Newtonsoft.Json.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10-11-2006 00:00Not After10-11-2031 00:00SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before27-04-2018 12:41Not After27-04-2028 12:41SubjectCN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7eCertificate
IssuerCN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=USNot Before25-10-2018 00:00Not After29-10-2021 12:00SubjectSERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-01-2021 00:00Not After06-01-2031 00:00SubjectCN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07-01-2016 12:00Not After07-01-2031 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10Signer
Actual PE Digest2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 675KB - Virtual size: 675KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Veylib.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\.Code\C#\Veylib\Veylib\obj\Release\Veylib.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ