Solara[.]Dir[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Solara.Dir.zip
Size

9.8MB
MD5

904180f536e3c47bbd61e451bb9631f7
SHA1

20c0e0294ec39850545b6c1844864b0339141825
SHA256

5a072e88942b37c1afbe54875bec5d7c830868cd9af514ea88764af9a2a10fb8
SHA512

806d0aa5d2e9c759f3ee6b9a3a7e7308c16a7172d9e76a8463fe696c3a941e1386ea61ce428414f9114c55a29f95d395068205c25f7591771ddad2dbec5f344c
SSDEEP

196608:dMXtgEV+wivXxoxFwMMMl6wfvA/OSc2Cav72WkWcLcTBk1F/wB:K9gt5vXxaFDMU6wfqOSc8T2WkWybE

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Solara/SolaraV3.dll	themida

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Solara/Solara.exe
unpack001/Solara/SolaraV3.dll
unpack001/Solara/Wpf.Ui.dll
unpack001/Solara/zlib1.dll

Files

Solara.Dir.zip
.zip

Password: infected
Solara/Microsoft.Web.WebView2.Core.dll
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:51

Not After

16-10-2024 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:16:92:aa:f3:86:85:a1:7b:d7:76:7c:40:f5:23:05:fa:60:5b:ab:ec:81:76:94:51:f3:c2:32:7f:d4:70:40
Signer

Actual PE Digest

82:16:92:aa:f3:86:85:a1:7b:d7:76:7c:40:f5:23:05:fa:60:5b:ab:ec:81:76:94:51:f3:c2:32:7f:d4:70:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\third_party\edge_webview2\win\webview2_api_writer\dotNetAPIWrapper\Microsoft.Web.WebView2.Core\bin\ReleasePackage\Microsoft.Web.WebView2.Core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 545KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Solara/Microsoft.Web.WebView2.WinForms.dll
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:51

Not After

16-10-2024 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:1a:5b:3d:05:19:5a:d1:b6:47:ef:88:70:0a:42:6a:2d:a6:49:b9:08:e1:a3:f1:14:cf:cb:e8:1d:4e:59:e2
Signer

Actual PE Digest

4f:1a:5b:3d:05:19:5a:d1:b6:47:ef:88:70:0a:42:6a:2d:a6:49:b9:08:e1:a3:f1:14:cf:cb:e8:1d:4e:59:e2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\third_party\edge_webview2\win\winforms_control\Microsoft.Web.WebView2.WinForms\obj\Release Stable APIs\net462\Microsoft.Web.WebView2.WinForms.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Solara/Microsoft.Web.WebView2.Wpf.dll
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:51

Not After

16-10-2024 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:bb:ff:4e:7c:ac:65:e2:92:d2:61:a5:bd:9d:bf:a6:5d:10:ea:cb:5b:7c:90:24:3b:59:1a:91:d0:3f:26:90
Signer

Actual PE Digest

1d:bb:ff:4e:7c:ac:65:e2:92:d2:61:a5:bd:9d:bf:a6:5d:10:ea:cb:5b:7c:90:24:3b:59:1a:91:d0:3f:26:90

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\Release Stable APIs\net462\Microsoft.Web.WebView2.Wpf.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Solara/Monaco/combined.html
.html .js polyglot
Solara/Monaco/fileaccess/index.js
.js
Solara/Monaco/fileaccess/node_modules/accepts/index.js
.js
Solara/Monaco/fileaccess/node_modules/accepts/package.json
Solara/Monaco/fileaccess/node_modules/array-flatten/array-flatten.js
.js
Solara/Monaco/fileaccess/node_modules/array-flatten/package.json
Solara/Monaco/fileaccess/node_modules/body-parser/index.js
.js
Solara/Monaco/fileaccess/node_modules/body-parser/lib/read.js
.js
Solara/Monaco/fileaccess/node_modules/body-parser/lib/types/json.js
.js
Solara/Monaco/fileaccess/node_modules/body-parser/lib/types/raw.js
.js
Solara/Monaco/fileaccess/node_modules/body-parser/lib/types/text.js
.js
Solara/Monaco/fileaccess/node_modules/body-parser/lib/types/urlencoded.js
.js
Solara/Monaco/fileaccess/node_modules/body-parser/package.json
Solara/Monaco/fileaccess/node_modules/bytes/index.js
.js
Solara/Monaco/fileaccess/node_modules/bytes/package.json
Solara/Monaco/fileaccess/node_modules/call-bind/callBound.js
.js
Solara/Monaco/fileaccess/node_modules/call-bind/index.js
.js
Solara/Monaco/fileaccess/node_modules/call-bind/package.json
Solara/Monaco/fileaccess/node_modules/content-disposition/index.js
.js
Solara/Monaco/fileaccess/node_modules/content-disposition/package.json
Solara/Monaco/fileaccess/node_modules/content-type/index.js
.js
Solara/Monaco/fileaccess/node_modules/content-type/package.json
Solara/Monaco/fileaccess/node_modules/cookie-signature/index.js
.js
Solara/Monaco/fileaccess/node_modules/cookie-signature/package.json
Solara/Monaco/fileaccess/node_modules/cookie/index.js
.js
Solara/Monaco/fileaccess/node_modules/cookie/package.json
Solara/Monaco/fileaccess/node_modules/debug/package.json
Solara/Monaco/fileaccess/node_modules/debug/src/debug.js
.js
Solara/Monaco/fileaccess/node_modules/debug/src/index.js
Solara/Monaco/fileaccess/node_modules/debug/src/node.js
.js
Solara/Monaco/fileaccess/node_modules/define-data-property/index.js
.js
Solara/Monaco/fileaccess/node_modules/define-data-property/package.json
Solara/Monaco/fileaccess/node_modules/depd/index.js
.js
Solara/Monaco/fileaccess/node_modules/depd/package.json
Solara/Monaco/fileaccess/node_modules/destroy/index.js
.js
Solara/Monaco/fileaccess/node_modules/destroy/package.json
Solara/Monaco/fileaccess/node_modules/ee-first/index.js
.js
Solara/Monaco/fileaccess/node_modules/ee-first/package.json
Solara/Monaco/fileaccess/node_modules/encodeurl/index.js
.js
Solara/Monaco/fileaccess/node_modules/encodeurl/package.json
Solara/Monaco/fileaccess/node_modules/es-define-property/index.js
.js
Solara/Monaco/fileaccess/node_modules/es-define-property/package.json
Solara/Monaco/fileaccess/node_modules/es-errors/eval.js
Solara/Monaco/fileaccess/node_modules/es-errors/index.js
Solara/Monaco/fileaccess/node_modules/es-errors/package.json
Solara/Monaco/fileaccess/node_modules/es-errors/range.js
Solara/Monaco/fileaccess/node_modules/es-errors/ref.js
Solara/Monaco/fileaccess/node_modules/es-errors/syntax.js
Solara/Monaco/fileaccess/node_modules/es-errors/type.js
Solara/Monaco/fileaccess/node_modules/es-errors/uri.js
Solara/Monaco/fileaccess/node_modules/escape-html/index.js
.js
Solara/Monaco/fileaccess/node_modules/escape-html/package.json
Solara/Monaco/fileaccess/node_modules/etag/index.js
.js
Solara/Monaco/fileaccess/node_modules/etag/package.json
Solara/Monaco/fileaccess/node_modules/express/index.js
Solara/Monaco/fileaccess/node_modules/express/lib/application.js
.js
Solara/Monaco/fileaccess/node_modules/express/lib/express.js
.js
Solara/Monaco/fileaccess/node_modules/express/lib/middleware/init.js
.js
Solara/Monaco/fileaccess/node_modules/express/lib/middleware/query.js
.js
Solara/Monaco/fileaccess/node_modules/express/lib/request.js
.js
Solara/Monaco/fileaccess/node_modules/express/lib/response.js
.js
Solara/Monaco/fileaccess/node_modules/express/lib/router/index.js
.js
Solara/Monaco/fileaccess/node_modules/express/lib/router/layer.js
.js
Solara/Monaco/fileaccess/node_modules/express/lib/router/route.js
.js
Solara/Monaco/fileaccess/node_modules/express/lib/utils.js
.js
Solara/Monaco/fileaccess/node_modules/express/lib/view.js
.js
Solara/Monaco/fileaccess/node_modules/express/package.json
Solara/Monaco/fileaccess/node_modules/finalhandler/index.js
.js
Solara/Monaco/fileaccess/node_modules/finalhandler/package.json
Solara/Monaco/fileaccess/node_modules/forwarded/index.js
.js
Solara/Monaco/fileaccess/node_modules/forwarded/package.json
Solara/Monaco/fileaccess/node_modules/fresh/index.js
.js
Solara/Monaco/fileaccess/node_modules/fresh/package.json
Solara/Monaco/fileaccess/node_modules/function-bind/implementation.js
.js
Solara/Monaco/fileaccess/node_modules/function-bind/index.js
.js
Solara/Monaco/fileaccess/node_modules/function-bind/package.json
Solara/Monaco/fileaccess/node_modules/get-intrinsic/index.js
.js
Solara/Monaco/fileaccess/node_modules/get-intrinsic/package.json
Solara/Monaco/fileaccess/node_modules/gopd/index.js
.js
Solara/Monaco/fileaccess/node_modules/gopd/package.json
Solara/Monaco/fileaccess/node_modules/has-property-descriptors/index.js
.js
Solara/Monaco/fileaccess/node_modules/has-property-descriptors/package.json
Solara/Monaco/fileaccess/node_modules/has-proto/index.js
.js
Solara/Monaco/fileaccess/node_modules/has-proto/package.json
Solara/Monaco/fileaccess/node_modules/has-symbols/index.js
.js
Solara/Monaco/fileaccess/node_modules/has-symbols/package.json
Solara/Monaco/fileaccess/node_modules/has-symbols/shams.js
.js
Solara/Monaco/fileaccess/node_modules/hasown/index.js
.js
Solara/Monaco/fileaccess/node_modules/hasown/package.json
Solara/Monaco/fileaccess/node_modules/http-errors/index.js
.js
Solara/Monaco/fileaccess/node_modules/http-errors/package.json
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/dbcs-codec.js
.js
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/dbcs-data.js
.js
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/index.js
.js
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/internal.js
.js
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/sbcs-codec.js
.js
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/sbcs-data-generated.js
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/sbcs-data.js
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/utf16.js
.js
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/utf7.js
.js
Solara/Monaco/fileaccess/node_modules/iconv-lite/lib/bom-handling.js
.js
Solara/Monaco/fileaccess/node_modules/iconv-lite/lib/extend-node.js
.js
Solara/Monaco/fileaccess/node_modules/iconv-lite/lib/index.js
.js
Solara/Monaco/fileaccess/node_modules/iconv-lite/lib/streams.js
.js
Solara/Monaco/fileaccess/node_modules/iconv-lite/package.json
Solara/Monaco/fileaccess/node_modules/inherits/inherits.js
.js
Solara/Monaco/fileaccess/node_modules/inherits/package.json
Solara/Monaco/fileaccess/node_modules/ipaddr.js/lib/ipaddr.js
.js
Solara/Monaco/fileaccess/node_modules/ipaddr.js/package.json
Solara/Monaco/fileaccess/node_modules/media-typer/index.js
.js
Solara/Monaco/fileaccess/node_modules/media-typer/package.json
Solara/Monaco/fileaccess/node_modules/merge-descriptors/index.js
.js
Solara/Monaco/fileaccess/node_modules/merge-descriptors/package.json
Solara/Monaco/fileaccess/node_modules/methods/index.js
.js
Solara/Monaco/fileaccess/node_modules/methods/package.json
Solara/Monaco/fileaccess/node_modules/mime-db/db.json
Solara/Monaco/fileaccess/node_modules/mime-db/index.js
Solara/Monaco/fileaccess/node_modules/mime-db/package.json
Solara/Monaco/fileaccess/node_modules/mime-types/index.js
.js
Solara/Monaco/fileaccess/node_modules/mime-types/package.json
Solara/Monaco/fileaccess/node_modules/mime/mime.js
.js
Solara/Monaco/fileaccess/node_modules/mime/package.json
Solara/Monaco/fileaccess/node_modules/mime/types.json
Solara/Monaco/fileaccess/node_modules/ms/index.js
.js
Solara/Monaco/fileaccess/node_modules/ms/package.json
Solara/Monaco/fileaccess/node_modules/negotiator/index.js
.js
Solara/Monaco/fileaccess/node_modules/negotiator/lib/charset.js
.js
Solara/Monaco/fileaccess/node_modules/negotiator/lib/encoding.js
.js
Solara/Monaco/fileaccess/node_modules/negotiator/lib/language.js
.js
Solara/Monaco/fileaccess/node_modules/negotiator/lib/mediaType.js
.js
Solara/Monaco/fileaccess/node_modules/negotiator/package.json
Solara/Monaco/fileaccess/node_modules/object-inspect/index.js
.js
Solara/Monaco/fileaccess/node_modules/object-inspect/package.json
Solara/Monaco/fileaccess/node_modules/object-inspect/util.inspect.js
Solara/Monaco/fileaccess/node_modules/on-finished/index.js
.js
Solara/Monaco/fileaccess/node_modules/on-finished/package.json
Solara/Monaco/fileaccess/node_modules/parseurl/index.js
.js
Solara/Monaco/fileaccess/node_modules/parseurl/package.json
Solara/Monaco/fileaccess/node_modules/path-to-regexp/index.js
.js
Solara/Monaco/fileaccess/node_modules/path-to-regexp/package.json
Solara/Monaco/fileaccess/node_modules/proxy-addr/index.js
.js
Solara/Monaco/fileaccess/node_modules/proxy-addr/package.json
Solara/Monaco/fileaccess/node_modules/qs/lib/formats.js
.js
Solara/Monaco/fileaccess/node_modules/qs/lib/index.js
.js
Solara/Monaco/fileaccess/node_modules/qs/lib/parse.js
.js
Solara/Monaco/fileaccess/node_modules/qs/lib/stringify.js
.js
Solara/Monaco/fileaccess/node_modules/qs/lib/utils.js
.js
Solara/Monaco/fileaccess/node_modules/qs/package.json
Solara/Monaco/fileaccess/node_modules/range-parser/index.js
.js
Solara/Monaco/fileaccess/node_modules/range-parser/package.json
Solara/Monaco/fileaccess/node_modules/raw-body/index.js
.js
Solara/Monaco/fileaccess/node_modules/raw-body/package.json
Solara/Monaco/fileaccess/node_modules/safe-buffer/index.js
.js
Solara/Monaco/fileaccess/node_modules/safe-buffer/package.json
Solara/Monaco/fileaccess/node_modules/safer-buffer/package.json
Solara/Monaco/fileaccess/node_modules/safer-buffer/safer.js
.js
Solara/Monaco/fileaccess/node_modules/send/index.js
.js
Solara/Monaco/fileaccess/node_modules/send/node_modules/ms/index.js
.js
Solara/Monaco/fileaccess/node_modules/send/node_modules/ms/package.json
Solara/Monaco/fileaccess/node_modules/send/package.json
Solara/Monaco/fileaccess/node_modules/serve-static/index.js
.js
Solara/Monaco/fileaccess/node_modules/serve-static/package.json
Solara/Monaco/fileaccess/node_modules/set-function-length/index.js
.js
Solara/Monaco/fileaccess/node_modules/set-function-length/package.json
Solara/Monaco/fileaccess/node_modules/setprototypeof/index.js
Solara/Monaco/fileaccess/node_modules/setprototypeof/package.json
Solara/Monaco/fileaccess/node_modules/side-channel/index.js
.js
Solara/Monaco/fileaccess/node_modules/side-channel/package.json
Solara/Monaco/fileaccess/node_modules/statuses/codes.json
Solara/Monaco/fileaccess/node_modules/statuses/index.js
.js
Solara/Monaco/fileaccess/node_modules/statuses/package.json
Solara/Monaco/fileaccess/node_modules/toidentifier/index.js
Solara/Monaco/fileaccess/node_modules/toidentifier/package.json
Solara/Monaco/fileaccess/node_modules/type-is/index.js
.js
Solara/Monaco/fileaccess/node_modules/type-is/package.json
Solara/Monaco/fileaccess/node_modules/unpipe/index.js
.js
Solara/Monaco/fileaccess/node_modules/unpipe/package.json
Solara/Monaco/fileaccess/node_modules/utils-merge/index.js
.js
Solara/Monaco/fileaccess/node_modules/utils-merge/package.json
Solara/Monaco/fileaccess/node_modules/vary/index.js
.js
Solara/Monaco/fileaccess/node_modules/vary/package.json
Solara/Monaco/fileaccess/package.json
Solara/Monaco/index.html
.html .js polyglot
Solara/Monaco/vs/basic-languages/lua/lua.js
Solara/Monaco/vs/editor/editor.main.css
Solara/Monaco/vs/editor/editor.main.js
.js
Solara/Monaco/vs/editor/editor.main.nls.js
Solara/Monaco/vs/loader.js
.js
Solara/Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Code Sign

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20
Certificate

Issuer

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Not Before

15-01-2021 00:00

Not After

14-01-2046 23:59

Subject

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73
Certificate

Issuer

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Not Before

15-07-2021 00:00

Not After

14-07-2031 23:59

Subject

CN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=US

Not Before

13-08-2021 00:00

Not After

29-10-2024 23:59

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b
Signer

Actual PE Digest

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 681KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Solara/Solara.exe
.exe windows:4 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Solara/SolaraV3.dll
.dll windows:6 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

Start
ZSTD_CCtxParams_getParameter
ZSTD_CCtxParams_init
ZSTD_CCtxParams_init_advanced
ZSTD_CCtxParams_reset
ZSTD_CCtxParams_setParameter
ZSTD_CCtx_getParameter
ZSTD_CCtx_loadDictionary
ZSTD_CCtx_loadDictionary_advanced
ZSTD_CCtx_loadDictionary_byReference
ZSTD_CCtx_refCDict
ZSTD_CCtx_refPrefix
ZSTD_CCtx_refPrefix_advanced
ZSTD_CCtx_refThreadPool
ZSTD_CCtx_reset
ZSTD_CCtx_setCParams
ZSTD_CCtx_setFParams
ZSTD_CCtx_setParameter
ZSTD_CCtx_setParametersUsingCCtxParams
ZSTD_CCtx_setParams
ZSTD_CCtx_setPledgedSrcSize
ZSTD_CStreamInSize
ZSTD_CStreamOutSize
ZSTD_DCtx_getParameter
ZSTD_DCtx_loadDictionary
ZSTD_DCtx_loadDictionary_advanced
ZSTD_DCtx_loadDictionary_byReference
ZSTD_DCtx_refDDict
ZSTD_DCtx_refPrefix
ZSTD_DCtx_refPrefix_advanced
ZSTD_DCtx_reset
ZSTD_DCtx_setFormat
ZSTD_DCtx_setMaxWindowSize
ZSTD_DCtx_setParameter
ZSTD_DStreamInSize
ZSTD_DStreamOutSize
ZSTD_adjustCParams
ZSTD_cParam_getBounds
ZSTD_checkCParams
ZSTD_compress
ZSTD_compress2
ZSTD_compressBegin
ZSTD_compressBegin_advanced
ZSTD_compressBegin_usingCDict
ZSTD_compressBegin_usingCDict_advanced
ZSTD_compressBegin_usingDict
ZSTD_compressBlock
ZSTD_compressBound
ZSTD_compressCCtx
ZSTD_compressContinue
ZSTD_compressEnd
ZSTD_compressSequences
ZSTD_compressStream
ZSTD_compressStream2
ZSTD_compressStream2_simpleArgs
ZSTD_compress_advanced
ZSTD_compress_usingCDict
ZSTD_compress_usingCDict_advanced
ZSTD_compress_usingDict
ZSTD_copyCCtx
ZSTD_copyDCtx
ZSTD_createCCtx
ZSTD_createCCtxParams
ZSTD_createCCtx_advanced
ZSTD_createCDict
ZSTD_createCDict_advanced
ZSTD_createCDict_advanced2
ZSTD_createCDict_byReference
ZSTD_createCStream
ZSTD_createCStream_advanced
ZSTD_createDCtx
ZSTD_createDCtx_advanced
ZSTD_createDDict
ZSTD_createDDict_advanced
ZSTD_createDDict_byReference
ZSTD_createDStream
ZSTD_createDStream_advanced
ZSTD_createThreadPool
ZSTD_dParam_getBounds
ZSTD_decodingBufferSize_min
ZSTD_decompress
ZSTD_decompressBegin
ZSTD_decompressBegin_usingDDict
ZSTD_decompressBegin_usingDict
ZSTD_decompressBlock
ZSTD_decompressBound
ZSTD_decompressContinue
ZSTD_decompressDCtx
ZSTD_decompressStream
ZSTD_decompressStream_simpleArgs
ZSTD_decompress_usingDDict
ZSTD_decompress_usingDict
ZSTD_decompressionMargin
ZSTD_defaultCLevel
ZSTD_endStream
ZSTD_estimateCCtxSize
ZSTD_estimateCCtxSize_usingCCtxParams
ZSTD_estimateCCtxSize_usingCParams
ZSTD_estimateCDictSize
ZSTD_estimateCDictSize_advanced
ZSTD_estimateCStreamSize
ZSTD_estimateCStreamSize_usingCCtxParams
ZSTD_estimateCStreamSize_usingCParams
ZSTD_estimateDCtxSize
ZSTD_estimateDDictSize
ZSTD_estimateDStreamSize
ZSTD_estimateDStreamSize_fromFrame
ZSTD_findDecompressedSize
ZSTD_findFrameCompressedSize
ZSTD_flushStream
ZSTD_frameHeaderSize
ZSTD_freeCCtx
ZSTD_freeCCtxParams
ZSTD_freeCDict
ZSTD_freeCStream
ZSTD_freeDCtx
ZSTD_freeDDict
ZSTD_freeDStream
ZSTD_freeThreadPool
ZSTD_generateSequences
ZSTD_getBlockSize
ZSTD_getCParams
ZSTD_getDecompressedSize
ZSTD_getDictID_fromCDict
ZSTD_getDictID_fromDDict
ZSTD_getDictID_fromDict
ZSTD_getDictID_fromFrame
ZSTD_getErrorCode
ZSTD_getErrorName
ZSTD_getErrorString
ZSTD_getFrameContentSize
ZSTD_getFrameHeader
ZSTD_getFrameHeader_advanced
ZSTD_getFrameProgression
ZSTD_getParams
ZSTD_initCStream
ZSTD_initCStream_advanced
ZSTD_initCStream_srcSize
ZSTD_initCStream_usingCDict
ZSTD_initCStream_usingCDict_advanced
ZSTD_initCStream_usingDict
ZSTD_initDStream
ZSTD_initDStream_usingDDict
ZSTD_initDStream_usingDict
ZSTD_initStaticCCtx
ZSTD_initStaticCDict
ZSTD_initStaticCStream
ZSTD_initStaticDCtx
ZSTD_initStaticDDict
ZSTD_initStaticDStream
ZSTD_insertBlock
ZSTD_isError
ZSTD_isFrame
ZSTD_isSkippableFrame
ZSTD_maxCLevel
ZSTD_mergeBlockDelimiters
ZSTD_minCLevel
ZSTD_nextInputType
ZSTD_nextSrcSizeToDecompress
ZSTD_readSkippableFrame
ZSTD_registerSequenceProducer
ZSTD_resetCStream
ZSTD_resetDStream
ZSTD_sequenceBound
ZSTD_sizeof_CCtx
ZSTD_sizeof_CDict
ZSTD_sizeof_CStream
ZSTD_sizeof_DCtx
ZSTD_sizeof_DDict
ZSTD_sizeof_DStream
ZSTD_toFlushNow
ZSTD_versionNumber
ZSTD_versionString
ZSTD_writeSkippableFrame

Sections

Size: 1.9MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 640KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 13KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 104KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Solara/WebView2Loader.dll
.dll windows:5 windows x64 arch:x64

Password: infected

3fd78a8f50b85b627af2d0fc485b5e97

Code Sign

33:00:00:01:e2:f1:7d:92:02:0e:49:f8:7f:00:00:00:00:01:e2
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:31

Not After

02-12-2021 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:72:94:74:5e:21:f5:bb:c8:82:0f:f6:48:40:44:25:94:29:f2:4d:c2:a8:b0:54:7d:66:98:ca:5d:9e:30:2f
Signer

Actual PE Digest

6d:72:94:74:5e:21:f5:bb:c8:82:0f:f6:48:40:44:25:94:29:f2:4d:c2:a8:b0:54:7d:66:98:ca:5d:9e:30:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WebView2Loader.dll.pdb

Imports

kernel32

CloseHandle
CreateEventW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

CompareBrowserVersions
CreateCoreWebView2Environment
CreateCoreWebView2EnvironmentWithOptions
GetAvailableCoreWebView2BrowserVersionString

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Solara/Wpf.Ui.dll
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/src/Wpf.Ui/obj/Release/net472/Wpf.Ui.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Solara/bin/version.txt
Solara/vcruntime140.dll
.dll windows:6 windows x64 arch:x64

44c3854843f7a3fccdf8ddbbea66f302

Code Sign

33:00:00:01:5b:35:5a:26:9f:60:85:60:fc:00:00:00:00:01:5b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-12-2019 01:13

Not After

17-03-2021 01:13

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:32BD-E3D5-3B1D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:0b:84:5c:28:24:72:d8:94:33:25:aa:e8:f7:86:20:56:07:ff:89:37:d6:b5:96:12:0f:bc:dd:50:38:c4:18
Signer

Actual PE Digest

8d:0b:84:5c:28:24:72:d8:94:33:25:aa:e8:f7:86:20:56:07:ff:89:37:d6:b5:96:12:0f:bc:dd:50:38:c4:18

Digest Algorithm

sha256

PE Digest Matches

true

9b:c8:97:1c:ca:d5:7e:0b:7a:d2:4f:03:33:1f:95:05:01:42:12:b3
Signer

Actual PE Digest

9b:c8:97:1c:ca:d5:7e:0b:7a:d2:4f:03:33:1f:95:05:01:42:12:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

SetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
GetModuleFileNameW

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Solara/zlib.dll
Solara/zlib1.dll
.dll windows:4 windows x64 arch:x64

9434905d51e7bf5f119cc9e5ee85d0da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_close
_errno
_initterm
_lock
_lseek
_open
_read
_unlock
_wopen
_write
abort
calloc
fputc
free
fwrite
localeconv
malloc
memchr
memcpy
memset
realloc
strerror
strlen
strncmp
vfprintf
wcslen
wcstombs

Exports

Exports

_dist_code
_length_code
_tr_align
_tr_flush_bits
_tr_flush_block
_tr_init
_tr_stored_block
_tr_tally
adler32
adler32_combine
adler32_combine64
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
deflate_copyright
get_crc_table
gz_error
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
inflate_copyright
inflate_fast
inflate_table
uncompress
uncompress2
zError
z_errmsg
zcalloc
zcfree
zlibCompileFlags
zlibVersion

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

82:16:92:aa:f3:86:85:a1:7b:d7:76:7c:40:f5:23:05:fa:60:5b:ab:ec:81:76:94:51:f3:c2:32:7f:d4:70:40Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 545KB - Virtual size: 545KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 512B - Virtual size: 12B

Password: infected

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

4f:1a:5b:3d:05:19:5a:d1:b6:47:ef:88:70:0a:42:6a:2d:a6:49:b9:08:e1:a3:f1:14:cf:cb:e8:1d:4e:59:e2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 25KB - Virtual size: 24KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

1d:bb:ff:4e:7c:ac:65:e2:92:d2:61:a5:bd:9d:bf:a6:5d:10:ea:cb:5b:7c:90:24:3b:59:1a:91:d0:3f:26:90Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 38KB - Virtual size: 38KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 512B - Virtual size: 12B

Password: infected

dae02f32a21e03ce65412f6e56942daa

Code Sign

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20Certificate

Key Usages

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73Certificate

Extended Key Usages

Key Usages

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9bSigner

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

82:16:92:aa:f3:86:85:a1:7b:d7:76:7c:40:f5:23:05:fa:60:5b:ab:ec:81:76:94:51:f3:c2:32:7f:d4:70:40
Signer

.text
Size: 545KB - Virtual size: 545KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

4f:1a:5b:3d:05:19:5a:d1:b6:47:ef:88:70:0a:42:6a:2d:a6:49:b9:08:e1:a3:f1:14:cf:cb:e8:1d:4e:59:e2
Signer

.text
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

1d:bb:ff:4e:7c:ac:65:e2:92:d2:61:a5:bd:9d:bf:a6:5d:10:ea:cb:5b:7c:90:24:3b:59:1a:91:d0:3f:26:90
Signer

.text
Size: 38KB - Virtual size: 38KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 12B

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20
Certificate

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73
Certificate

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b
Signer

.text
Size: 681KB - Virtual size: 680KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 127KB - Virtual size: 126KB

.rsrc
Size: 6KB - Virtual size: 5KB

.edata
Size: 6KB - Virtual size: 6KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.1MB

.boot
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 16B - Virtual size: 4KB

33:00:00:01:e2:f1:7d:92:02:0e:49:f8:7f:00:00:00:00:01:e2
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

6d:72:94:74:5e:21:f5:bb:c8:82:0f:f6:48:40:44:25:94:29:f2:4d:c2:a8:b0:54:7d:66:98:ca:5d:9e:30:2f
Signer

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 40B

.gehcont
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB