C:\Users\Kenji\Downloads\Fera Launcher\Fera Launcher\Fera Launcher\obj\Release\Fera Launcher.pdb
Overview
overview
3Static
static
3Release (1).zip
windows7-x64
1Release (1).zip
windows10-2004-x64
1Release/Re...er.exe
windows7-x64
1Release/Re...er.exe
windows10-2004-x64
1Release/Re...xe.xml
windows7-x64
1Release/Re...xe.xml
windows10-2004-x64
1Release/Re...er.pdb
windows7-x64
3Release/Re...er.pdb
windows10-2004-x64
3Release/Re...ms.dll
windows7-x64
1Release/Re...ms.dll
windows10-2004-x64
1Release/Re...ms.xml
windows7-x64
1Release/Re...ms.xml
windows10-2004-x64
1Release/Re...ve.dll
windows7-x64
1Release/Re...ve.dll
windows10-2004-x64
1Release/Re...ve.xml
windows7-x64
1Release/Re...ve.xml
windows10-2004-x64
1Release/Re...fe.dll
windows7-x64
1Release/Re...fe.dll
windows10-2004-x64
1Release/Re...fe.xml
windows7-x64
1Release/Re...fe.xml
windows10-2004-x64
1Release/Re...ns.dll
windows7-x64
1Release/Re...ns.dll
windows10-2004-x64
1Release/Re...ns.xml
windows7-x64
1Release/Re...ns.xml
windows10-2004-x64
1Static task
static1
Behavioral task
behavioral1
Sample
Release (1).zip
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Release (1).zip
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
Release/Release/Fera Launcher.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
Release/Release/Fera Launcher.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
Release/Release/Fera Launcher.exe.xml
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Release/Release/Fera Launcher.exe.xml
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
Release/Release/Fera Launcher.pdb
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
Release/Release/Fera Launcher.pdb
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
Release/Release/System.Reactive.Windows.Forms.dll
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
Release/Release/System.Reactive.Windows.Forms.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
Release/Release/System.Reactive.Windows.Forms.xml
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
Release/Release/System.Reactive.Windows.Forms.xml
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
Release/Release/System.Reactive.dll
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
Release/Release/System.Reactive.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral15
Sample
Release/Release/System.Reactive.xml
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
Release/Release/System.Reactive.xml
Resource
win10v2004-20240704-en
Behavioral task
behavioral17
Sample
Release/Release/System.Runtime.CompilerServices.Unsafe.dll
Resource
win7-20240705-en
Behavioral task
behavioral18
Sample
Release/Release/System.Runtime.CompilerServices.Unsafe.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral19
Sample
Release/Release/System.Runtime.CompilerServices.Unsafe.xml
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
Release/Release/System.Runtime.CompilerServices.Unsafe.xml
Resource
win10v2004-20240704-en
Behavioral task
behavioral21
Sample
Release/Release/System.Threading.Tasks.Extensions.dll
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
Release/Release/System.Threading.Tasks.Extensions.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral23
Sample
Release/Release/System.Threading.Tasks.Extensions.xml
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
Release/Release/System.Threading.Tasks.Extensions.xml
Resource
win10v2004-20240704-en
General
-
Target
Release (1).zip
-
Size
1.1MB
-
MD5
5bbf9636164b47a23f546bf487fa2c54
-
SHA1
feda263ef6835d694c2889b3ecf52532ebb6a853
-
SHA256
e7c5889f1b45ca1093a5af87ebe949e7fa9fae3171e36f5b2628579b0506ce0b
-
SHA512
286ef60517def7de091327c0a6771b1972dbc63158baa96e4e3f3cbbfe2d3b0950fc1569525b7ae08369f448e743cf70786fb7a146167033fdf2db0c81431f2e
-
SSDEEP
24576:fjbCvVVhXM/UwAjkNV49yu+nScuEQirmfRt7fIMTQznlzl/2nvTi8qy:b81M/UwyO6eSmQQmJtTZwlzl/4ODy
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Release/Release/Fera Launcher.exe
Files
-
Release (1).zip.zip
-
Release/Release/Fera Launcher.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Sections
.text Size: 534KB - Virtual size: 533KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 82KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Release/Release/Fera Launcher.exe.config.xml
-
Release/Release/Fera Launcher.pdb
-
Release/Release/System.Reactive.Windows.Forms.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2031, 00:00SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before27/04/2018, 12:41Not After27/04/2028, 12:41SubjectCN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0b:95:63:98:10:99:08:cb:58:44:18:8e:80:b2:f3:2cCertificate
IssuerCN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=USNot Before26/03/2021, 00:00Not After22/06/2024, 23:59SubjectSERIALNUMBER=603 389 068,CN=Reactive Extensions for .NET (.NET Foundation),O=Reactive Extensions for .NET (.NET Foundation),L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
70:96:9d:bd:bd:38:d1:77:77:f9:a7:71:f7:04:47:68:2a:e3:d3:f7:24:81:d9:ad:86:4d:f8:76:9a:bf:8f:2cSigner
Actual PE Digest70:96:9d:bd:bd:38:d1:77:77:f9:a7:71:f7:04:47:68:2a:e3:d3:f7:24:81:d9:ad:86:4d:f8:76:9a:bf:8f:2cDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/Rx.NET/Source/facades/System.Reactive.Windows.Forms/obj/Release/net472/System.Reactive.Windows.Forms.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/Release/System.Reactive.Windows.Forms.xml.xml
-
Release/Release/System.Reactive.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2031, 00:00SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before27/04/2018, 12:41Not After27/04/2028, 12:41SubjectCN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0b:95:63:98:10:99:08:cb:58:44:18:8e:80:b2:f3:2cCertificate
IssuerCN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=USNot Before26/03/2021, 00:00Not After22/06/2024, 23:59SubjectSERIALNUMBER=603 389 068,CN=Reactive Extensions for .NET (.NET Foundation),O=Reactive Extensions for .NET (.NET Foundation),L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
41:2d:a3:d1:a3:64:13:26:c6:3a:68:ec:0f:af:1a:eb:6a:28:b9:90:ab:9b:d9:a6:c1:fe:8b:58:e7:83:98:6cSigner
Actual PE Digest41:2d:a3:d1:a3:64:13:26:c6:3a:68:ec:0f:af:1a:eb:6a:28:b9:90:ab:9b:d9:a6:c1:fe:8b:58:e7:83:98:6cDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/Rx.NET/Source/src/System.Reactive/obj/Release/net472/System.Reactive.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/Release/System.Reactive.xml.xml
-
Release/Release/System.Runtime.CompilerServices.Unsafe.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
10:84:6c:5c:c9:e6:39:56:a6:5f:23:06:01:58:8b:e1:ae:37:c4:fe:71:62:f4:b5:f7:ae:87:52:ec:0c:f4:30Signer
Actual PE Digest10:84:6c:5c:c9:e6:39:56:a6:5f:23:06:01:58:8b:e1:ae:37:c4:fe:71:62:f4:b5:f7:ae:87:52:ec:0c:f4:30Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/Release/System.Runtime.CompilerServices.Unsafe.xml
-
Release/Release/System.Threading.Tasks.Extensions.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
da:fb:83:40:c8:c2:8e:cb:07:b8:6a:f1:de:5f:60:bf:04:02:39:30:51:4d:e3:8a:90:db:7a:5d:d3:4f:71:f0Signer
Actual PE Digestda:fb:83:40:c8:c2:8e:cb:07:b8:6a:f1:de:5f:60:bf:04:02:39:30:51:4d:e3:8a:90:db:7a:5d:d3:4f:71:f0Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/Release/System.Threading.Tasks.Extensions.xml