quasar | SeroXenPTO[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

SeroXenPTO.7z
Size

49.1MB
MD5

040d599ca4c2436dbab3d2d68dc25974
SHA1

ace864761a39342f6df1838e1c3ed0e487f55d24
SHA256

e5c1a97a5bde421d7f8c8fefd60740f52e54c469236023000c6a29d40bbe04b9
SHA512

d0a9a55d11a99f0a91630947c20e8dff553b245f1e8485334ea86d265c1aea60f1ce018c12a1a9e5fd4ded2e31946f36fbf5035aa52f77236ae6f17321819b15
SSDEEP

1572864:MDpxlQPw/QZtNsiG8BHNev0YPEOp/nU8p42La:qHiGaP/NBYPEOp/nU8pvLa

Score

10^/10

quasar

Malware Config

Signatures

Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
static1/unpack001/SeroXenPTO/SeroXenPTO/Quasar.Common.dll	family_quasar
static1/unpack001/SeroXenPTO/SeroXenPTO/SeroXen.exe	family_quasar

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SeroXenPTO/SeroXenPTO/C5VM.dll
unpack001/SeroXenPTO/SeroXenPTO/SeroXenPTO.bin

Files

SeroXenPTO.7z
.7z
SeroXenPTO/SeroXenPTO/BouncyCastle.Crypto.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

37:4d:dd:80:d0:6b:63:20:d7:8c:09:38:8b:aa:f9:b6:e1:63:dd:ca
Signer

Actual PE Digest

37:4d:dd:80:d0:6b:63:20:d7:8c:09:38:8b:aa:f9:b6:e1:63:dd:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BouncyCastle.Crypto.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/C5VM.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Cake.Core.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

5d:12:0b:39:2e:a6:c7:aa:d0:0c:36:e1:b5:96:e7:d3:53:c7:ff:30
Signer

Actual PE Digest

5d:12:0b:39:2e:a6:c7:aa:d0:0c:36:e1:b5:96:e7:d3:53:c7:ff:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\projects\cake\src\Cake.Core\obj\Release\Cake.Core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Cake.Powershell.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

8a:a8:10:52:a7:57:d5:83:91:65:e6:18:fa:6d:8d:7c:d6:22:4e:80
Signer

Actual PE Digest

8a:a8:10:52:a7:57:d5:83:91:65:e6:18:fa:6d:8d:7c:d6:22:4e:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\cake-powershell\src\Powershell\obj\Release\Cake.Powershell.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Gma.System.MouseKeyHook.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

d0:1c:3e:7f:2a:e8:8c:ff:be:e3:ea:13:b8:ad:61:b7:c0:92:ce:5b
Signer

Actual PE Digest

d0:1c:3e:7f:2a:e8:8c:ff:be:e3:ea:13:b8:ad:61:b7:c0:92:ce:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\globalmousekeyhook\MouseKeyHook\obj\Debug\Gma.System.MouseKeyHook.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Logic.NET.dll
.dll windows:4 windows x64 arch:x64

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

d7:6e:09:70:37:50:1e:4b:b6:1f:e1:4e:fe:72:5a:ad:83:26:6f:57
Signer

Actual PE Digest

d7:6e:09:70:37:50:1e:4b:b6:1f:e1:4e:fe:72:5a:ad:83:26:6f:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\C5\source\repos\Logic.NET\Logic.NET\obj\x64\Release\Logic.NET.pdb

Sections

.text
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Microsoft.VisualStudio.CodeCoverage.Shim.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

0a:7a:9c:00:f9:bc:ea:8b:0a:1a:1f:6d:6c:3b:ec:44:5b:cd:d0:dc
Signer

Actual PE Digest

0a:7a:9c:00:f9:bc:ea:8b:0a:1a:1f:6d:6c:3b:ec:44:5b:cd:d0:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\binaries\Intermediate\vset\shim.csproj_kqmet5lz\objr\x86\Microsoft.VisualStudio.CodeCoverage.Shim.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Microsoft.VisualStudio.TestPlatform.MSTest.TestAdapter.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

5e:bf:52:e5:b7:28:ed:8f:c9:6b:bc:e0:35:d5:3b:b3:00:0e:e2:b2
Signer

Actual PE Digest

5e:bf:52:e5:b7:28:ed:8f:c9:6b:bc:e0:35:d5:3b:b3:00:0e:e2:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\4790\s\src\Adapter\MSTest.CoreAdapter\obj\Release\Microsoft.VisualStudio.TestPlatform.MSTest.TestAdapter.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

a7:d9:c5:aa:a1:d3:e2:75:6a:46:13:55:a7:dd:32:83:02:ac:d7:8b
Signer

Actual PE Digest

a7:d9:c5:aa:a1:d3:e2:75:6a:46:13:55:a7:dd:32:83:02:ac:d7:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\4790\s\src\Adapter\PlatformServices.Interface\obj\Release\Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

5f:65:71:f0:46:1f:d6:7c:1d:d6:18:91:1c:3b:38:1d:67:a7:c9:10
Signer

Actual PE Digest

5f:65:71:f0:46:1f:d6:7c:1d:d6:18:91:1c:3b:38:1d:67:a7:c9:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\4790\s\src\Adapter\PlatformServices.Desktop\obj\Release\Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Microsoft.VisualStudio.TestPlatform.TestFramework.Extensions.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

d3:c7:d9:ad:7e:b5:23:e9:82:75:fa:6f:d2:f6:95:1b:5e:47:0f:90
Signer

Actual PE Digest

d3:c7:d9:ad:7e:b5:23:e9:82:75:fa:6f:d2:f6:95:1b:5e:47:0f:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\4790\s\src\TestFramework\Extension.Desktop\obj\Release\Microsoft.VisualStudio.TestPlatform.TestFramework.Extensions.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Microsoft.VisualStudio.TestPlatform.TestFramework.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

9f:0e:a1:3c:e4:6d:79:5a:d2:03:ce:74:d0:8c:e5:a0:ca:75:5c:5b
Signer

Actual PE Digest

9f:0e:a1:3c:e4:6d:79:5a:d2:03:ce:74:d0:8c:e5:a0:ca:75:5c:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\4790\s\src\TestFramework\MSTest.Core\obj\Release\Microsoft.VisualStudio.TestPlatform.TestFramework.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Mono.Cecil.Mdb.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

5e:6c:6c:d8:a4:36:06:98:60:45:94:87:5c:69:53:83:5e:7b:35:a1
Signer

Actual PE Digest

5e:6c:6c:d8:a4:36:06:98:60:45:94:87:5c:69:53:83:5e:7b:35:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\symbols\mdb\obj\Release\net40\Mono.Cecil.Mdb.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Mono.Cecil.Pdb.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

f2:d2:2c:27:ab:1e:13:fc:dd:bf:28:47:e7:83:46:71:f9:ca:24:85
Signer

Actual PE Digest

f2:d2:2c:27:ab:1e:13:fc:dd:bf:28:47:e7:83:46:71:f9:ca:24:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\symbols\pdb\obj\Release\net40\Mono.Cecil.Pdb.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Mono.Cecil.Rocks.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

31:e9:fb:33:02:07:17:f3:54:3b:7a:e0:8a:5a:78:7f:bf:f1:86:79
Signer

Actual PE Digest

31:e9:fb:33:02:07:17:f3:54:3b:7a:e0:8a:5a:78:7f:bf:f1:86:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\rocks\obj\Release\net40\Mono.Cecil.Rocks.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

84:8e:05:ae:58:45:1d:35:7a:97:64:09:34:fb:1a:d1:e6:63:f1:32
Signer

Actual PE Digest

84:8e:05:ae:58:45:1d:35:7a:97:64:09:34:fb:1a:d1:e6:63:f1:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\obj\Release\net40\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Open.Nat.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

50:40:3c:93:34:a6:e2:f3:6b:50:54:1d:2a:c8:0f:3c:9f:86:4f:5a
Signer

Actual PE Digest

50:40:3c:93:34:a6:e2:f3:6b:50:54:1d:2a:c8:0f:3c:9f:86:4f:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/PTOAuth.dll
.dll windows:6 windows x64 arch:x64

4453de7a211a4e62586f684333e33f76

Code Sign

1c:61:33:df:84:c8:81:cd:c0:1f:82:77:4d:bf:e2:4b
Certificate

Issuer

CN=Patched.to Code Signing Certificate,OU=Development and research,O=Patched.to,1.2.840.113549.1.9.1=#0c1061646d696e40706174636865642e746f

Not Before

30/06/2021, 06:49

Not After

30/06/2026, 06:49

Subject

CN=Patched.to Code Signing Certificate,OU=Development and research,O=Patched.to,1.2.840.113549.1.9.1=#0c1061646d696e40706174636865642e746f

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:61:33:df:84:c8:81:cd:c0:1f:82:77:4d:bf:e2:4b
Certificate

Issuer

CN=Patched.to Code Signing Certificate,OU=Development and research,O=Patched.to,1.2.840.113549.1.9.1=#0c1061646d696e40706174636865642e746f

Not Before

30/06/2021, 06:49

Not After

30/06/2026, 06:49

Subject

CN=Patched.to Code Signing Certificate,OU=Development and research,O=Patched.to,1.2.840.113549.1.9.1=#0c1061646d696e40706174636865642e746f

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:c1:88:33:74:08:12:a3:88:11:a8:c2:20:16:ed:20:4e:dd:5a:5f:ea:70:52:39:7e:65:54:e7:83:74:d1:97
Signer

Actual PE Digest

75:c1:88:33:74:08:12:a3:88:11:a8:c2:20:16:ed:20:4e:dd:5a:5f:ea:70:52:39:7e:65:54:e7:83:74:d1:97

Digest Algorithm

sha256

PE Digest Matches

true

29:19:8f:99:bf:0c:d9:29:c7:4c:1c:5e:0a:fa:fd:20:0e:c9:e8:24
Signer

Actual PE Digest

29:19:8f:99:bf:0c:d9:29:c7:4c:1c:5e:0a:fa:fd:20:0e:c9:e8:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxTimeoutA
CharUpperBuffW

winhttp

WinHttpReceiveResponse

crypt32

CertCloseStore

bcrypt

BCryptEncrypt

wintrust

WinVerifyTrust

credui

CredUnPackAuthenticationBufferW

wtsapi32

WTSSendMessageW

advapi32

RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

Exports

Exports

PTOAuthCredential
PTOAuthFree
PTOAuthGet
PTOAuthSize

Sections

.text
Size: - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pto0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pto1
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Profiles/Default.xml
SeroXenPTO/SeroXenPTO/Quasar.Common.Tests.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

67:1a:f2:b2:66:b8:75:33:f9:f1:15:a0:42:2a:2f:d5:e2:f3:b6:d2
Signer

Actual PE Digest

67:1a:f2:b2:66:b8:75:33:f9:f1:15:a0:42:2a:2f:d5:e2:f3:b6:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Quasar.Common.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

04:d4:7f:4e:49:80:90:b8:44:d7:d6:0a:35:97:82:45:54:1d:da:bc
Signer

Actual PE Digest

04:d4:7f:4e:49:80:90:b8:44:d7:d6:0a:35:97:82:45:54:1d:da:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Renci.SshNet.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

3e:9b:7a:5e:8e:a1:77:0a:82:27:53:1e:8f:5f:31:c4:cd:1f:d9:75
Signer

Actual PE Digest

3e:9b:7a:5e:8e:a1:77:0a:82:27:53:1e:8f:5f:31:c4:cd:1f:d9:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\development\SSH.NET\src\Renci.SshNet\obj\Release\net40\Renci.SshNet.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 783KB - Virtual size: 782KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/SeroXen.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

92:91:9c:08:de:7b:01:3c:33:6c:21:e5:08:45:c9:fd:94:9b:f3:6e
Signer

Actual PE Digest

92:91:9c:08:de:7b:01:3c:33:6c:21:e5:08:45:c9:fd:94:9b:f3:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 38.5MB - Virtual size: 38.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/SeroXenPTO.bin
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/System.Management.Automation.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

1c:14:c3:36:cb:e7:4b:09:75:6c:22:cc:fb:67:e9:69:55:ae:14:fc
Signer

Actual PE Digest

1c:14:c3:36:cb:e7:4b:09:75:6c:22:cc:fb:67:e9:69:55:ae:14:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/System.ValueTuple.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

e0:5a:d1:da:4b:60:60:fb:28:f2:b5:1c:59:6c:d7:66:96:16:eb:e0
Signer

Actual PE Digest

e0:5a:d1:da:4b:60:60:fb:28:f2:b5:1c:59:6c:d7:66:96:16:eb:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/Vestris.ResourceLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

a1:e7:cd:a8:ae:d8:2e:0e:29:0b:8d:23:e1:a3:df:a8:4a:2a:08:85
Signer

Actual PE Digest

a1:e7:cd:a8:ae:d8:2e:0e:29:0b:8d:23:e1:a3:df:a8:4a:2a:08:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\resourcelib\Source\ResourceLib\obj\Release\net45\Vestris.ResourceLib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/client_obf.bin
SeroXenPTO/SeroXenPTO/dnlib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

79:28:90:20:b6:c8:23:95:7d:ad:2c:81:09:76:ac:82:d1:cc:3a:29
Signer

Actual PE Digest

79:28:90:20:b6:c8:23:95:7d:ad:2c:81:09:76:ac:82:d1:cc:3a:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/src/obj/Release/net45/dnlib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/protobuf-net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

Issuer

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

Not Before

29/07/2022, 03:53

Not After

29/07/2023, 09:53

Subject

CN={C97DFA28-2A19-440B-8EB4-4EA8ABAEC4A4}

35:4a:a9:1b:7b:0e:7d:52:0a:9d:c2:b8:a3:a1:82:e6:01:cb:5f:55
Signer

Actual PE Digest

35:4a:a9:1b:7b:0e:7d:52:0a:9d:c2:b8:a3:a1:82:e6:01:cb:5f:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

protobuf-net.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SeroXenPTO/SeroXenPTO/settings.xml

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50Certificate

37:4d:dd:80:d0:6b:63:20:d7:8c:09:38:8b:aa:f9:b6:e1:63:dd:caSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50Certificate

5d:12:0b:39:2e:a6:c7:aa:d0:0c:36:e1:b5:96:e7:d3:53:c7:ff:30Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 108KB - Virtual size: 107KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50Certificate

8a:a8:10:52:a7:57:d5:83:91:65:e6:18:fa:6d:8d:7c:d6:22:4e:80Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 21KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50Certificate

d0:1c:3e:7f:2a:e8:8c:ff:be:e3:ea:13:b8:ad:61:b7:c0:92:ce:5bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 43KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

Code Sign

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50Certificate

d7:6e:09:70:37:50:1e:4b:b6:1f:e1:4e:fe:72:5a:ad:83:26:6f:57Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 470KB - Virtual size: 469KB

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

37:4d:dd:80:d0:6b:63:20:d7:8c:09:38:8b:aa:f9:b6:e1:63:dd:ca
Signer

.text
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

5d:12:0b:39:2e:a6:c7:aa:d0:0c:36:e1:b5:96:e7:d3:53:c7:ff:30
Signer

.text
Size: 108KB - Virtual size: 107KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 12B

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

8a:a8:10:52:a7:57:d5:83:91:65:e6:18:fa:6d:8d:7c:d6:22:4e:80
Signer

.text
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 12B

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

d0:1c:3e:7f:2a:e8:8c:ff:be:e3:ea:13:b8:ad:61:b7:c0:92:ce:5b
Signer

.text
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

d7:6e:09:70:37:50:1e:4b:b6:1f:e1:4e:fe:72:5a:ad:83:26:6f:57
Signer

.text
Size: 470KB - Virtual size: 469KB

.rsrc
Size: 1024B - Virtual size: 888B

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

0a:7a:9c:00:f9:bc:ea:8b:0a:1a:1f:6d:6c:3b:ec:44:5b:cd:d0:dc
Signer

.text
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

5e:bf:52:e5:b7:28:ed:8f:c9:6b:bc:e0:35:d5:3b:b3:00:0e:e2:b2
Signer

.text
Size: 120KB - Virtual size: 120KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

a7:d9:c5:aa:a1:d3:e2:75:6a:46:13:55:a7:dd:32:83:02:ac:d7:8b
Signer

.text
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

5f:65:71:f0:46:1f:d6:7c:1d:d6:18:91:1c:3b:38:1d:67:a7:c9:10
Signer

.text
Size: 95KB - Virtual size: 95KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

25:cf:5c:85:5f:f8:f2:b3:42:ec:f2:23:23:8c:e8:50
Certificate

d3:c7:d9:ad:7e:b5:23:e9:82:75:fa:6f:d2:f6:95:1b:5e:47:0f:90
Signer

.text
Size: 21KB - Virtual size: 21KB