Report - github.com/pwntester/ysoserial.net/releases/download/v1.36/ysoserial-1dba9c4416ba6e79b6b262b758fa75e2ee9008e9.zip

Report Overview

Submitted URL
github.com/pwntester/ysoserial.net/releases/download/v1.36/ysoserial-1dba9c4416ba6e79b6b262b758fa75e2ee9008e9.zip
IP
140.82.121.3
ASN
#36459 GITHUB
Submitted
2024-04-23 13:21:00
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2024-03-24	567 B	4.0 kB	140.82.121.3
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2024-04-23	1.0 kB	5.3 MB	185.199.110.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

Files detected

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/103972121/0ace7d2d-e547-4aae-8dae-bd68f20a3404?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240423%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240423T132030Z&X-Amz-Expires=300&X-Amz-Signature=5099ea41a42952e4b370c15f41fbacefaa47e71d9202c03241736d978db72000&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=103972121&response-content-disposition=attachment%3B%20filename%3Dysoserial-1dba9c4416ba6e79b6b262b758fa75e2ee9008e9.zip&response-content-type=application%2Foctet-stream
IP
185.199.110.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
5.3 MB (5303737 bytes)
Hash
710596bfa98d7fc2e2ec0ab20c6d2876
1c5047689215a620519e9b6e8313572aec9902be
7d109bc2f025a1caceb0c9deceb91d75c893bccf8d61dd9d3ede10dbe16f2d71

Archive (51)

Filename

Md5

File type

E.dll

91eeaabca0d535b86ed2b5abf4e22221

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ExploitClass.cs

1548d1ccfcc4a7d22b69bd52f663d7e4

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

fastjson.dll

7266b4ccbd541b59b3f46b7c94f3c616

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

FsPickler.CSharp.dll

112331ab4475bfa08548d475c198226e

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

FsPickler.CSharp.pdb

1d5ae27c89169189bb3817d8770fb8c9

MSVC program database ver 7.00, 512*67 bytes

FsPickler.CSharp.xml

40b2efde5db653df3acab5f804c34353

XML 1.0 document, ASCII text, with CRLF line terminators

FsPickler.dll

a895b3c0af856b2bcfac323ceef3e5a0

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

FsPickler.Json.dll

5f302b5b6c80ee041f51dfa14cbdce3a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

FsPickler.Json.pdb

886bb1761e3b8b10d04048cbc249be20

MSVC program database ver 7.00, 512*199 bytes

FsPickler.Json.xml

e4dff27c457428c9acbaf22e443996c5

XML 1.0 document, ASCII text, with very long lines (315), with CRLF line terminators

FsPickler.pdb

3a39fe8946a38b406083617dd0d3900c

MSVC program database ver 7.00, 512*2151 bytes

FsPickler.xml

e41671d6bd8ba1317bb78ce7274c64ec

XML 1.0 document, ASCII text, with very long lines (916), with CRLF line terminators

GhostWebShell.cs

494b9a546863ccc16c48d0a6b63cf20d

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

MessagePack.Annotations.dll

57a5f9bcf4453130b18f9e1b665d1ef2

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

MessagePack.Annotations.xml

9302722ba45e0bacd8735a1fa5a77ef9

XML 1.0 document, ASCII text, with CRLF line terminators

MessagePack.dll

460fd2a85d321559154681e9ec826812

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

MessagePack.xml

7f3ba3ac59993db4b480e30f5293e723

XML 1.0 document, ASCII text, with CRLF line terminators

Microsoft.Bcl.AsyncInterfaces.dll

48efe61d6ca3054309907b532d576d2a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Bcl.AsyncInterfaces.xml

0737b770ba5d854d4887a8f4d9c8de04

XML 1.0 document, ASCII text, with very long lines (321), with CRLF line terminators

microsoft.identitymodel.dll

aadfcb6e3f0209d5efd582fd7d4e3eaf

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.NET.StringTools.dll

b65c93a5efb116d5563d7bf546cac04c

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.NET.StringTools.pdb

c5cfd47986bc5d46172e88068aa84a7b

Microsoft Roslyn C# debugging symbols version 1.0

Microsoft.NET.StringTools.xml

b8dd20b983ea02d9dc52d4eaf4c18e5c

XML 1.0 document, ASCII text, with CRLF line terminators

Microsoft.PowerShell.Editor.dll

a84a18306a4774c3dc25cf50f0185bb2

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

NDesk.Options.dll

da56f1211f7dec41913719b608c95424

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Newtonsoft.Json.dll

6815034209687816d8cf401877ec8133

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Newtonsoft.Json.xml

ad1a946cdbe4fc83907cf558fb80a37f

XML 1.0 document, ASCII text, with CRLF line terminators

Polenter.SharpSerializer.dll

83e2959b461a395bd35a38a59385873b

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Polenter.SharpSerializer.xml

6c8e13b86d3ffaa4fc734d2137af7e14

XML 1.0 document, ASCII text, with CRLF line terminators

System.Buffers.dll

ecdfe8ede869d2ccc6bf99981ea96400

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Buffers.xml

1c55860dd93297a6ea2fad2974834c3a

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (727), with CRLF line terminators

System.Collections.Immutable.dll

d96470eec1462cdc385bfcd024a5d91b

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Collections.Immutable.xml

7278059c73a7a3e992eb9076f82bbdce

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (354), with CRLF line terminators

System.Memory.dll

f09441a1ee47fb3e6571a3a448e05baf

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Memory.xml

add19745a43b2515280ce24671863114

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

System.Numerics.Vectors.dll

aaa2cbf14e06e9d3586d8a4ed455db33

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Numerics.Vectors.xml

95dd29ca17b63843ad787d3bc9c8c933

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

System.Runtime.CompilerServices.Unsafe.dll

c610e828b54001574d86dd2ed730e392

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Runtime.CompilerServices.Unsafe.xml

c782e92abbfc0531226f735c6ac56498

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

System.Threading.Tasks.Extensions.dll

e1e9d7d46e5cd9525c5927dc98d9ecc7

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Threading.Tasks.Extensions.xml

c89e735fcf37e76e4c3d7903d2111c04

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

TestConsoleApp_YSONET.exe.config

357b302903f3fd55c20ddf876835ae35

XML 1.0 document, ASCII text, with CRLF line terminators

TestConsoleApp_YSONET.exe

080d5b71d04bda3c1e327ff24a376d1f

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

TestConsoleApp_YSONET.pdb

13e70f49ec6c227dbd858bb9fe2ce866

MSVC program database ver 7.00, 512*27 bytes

YamlDotNet.dll

1172f58d00a335aedfe63e295e765534

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

YamlDotNet.xml

14be0331c3e9fa0775ea066a7d5c4ced

XML 1.0 document, ASCII text, with CRLF line terminators

ysoserial.exe.config

e845740dc3837363db87a15e22a2789c

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

ysoserial.exe

9945815fb0e750d526922582eda2bf39

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ysoserial.pdb

36c650cf1b28055a0eb38d683fede7f1

MSVC program database ver 7.00, 512*1371 bytes

Microsoft.PowerShell.Editor.dll

a84a18306a4774c3dc25cf50f0185bb2

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Management.Automation.dll

40d5c5ee881957b887c29dff158ea207

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects c# red/black-team tools via typelibguid
Public Nextron YARA rules	malware	Detects c# red/black-team tools via typelibguid
VirusTotal	malicious	VirusTotal - Scan result 42/64

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/pwntester/ysoserial.net/releases/download/v1.36/ysoserial-1dba9c4416ba6e79b6b262b758fa75e2ee9008e9.zip

140.82.121.3

302 Found

0 B

URL User Request GET HTTP/2
github.com/pwntester/ysoserial.net/releases/download/v1.36/ysoserial-1dba9c4416ba6e79b6b262b758fa75e2ee9008e9.zip
IP
140.82.121.3:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pwntester/ysoserial.net/releases/download/v1.36/ysoserial-1dba9c4416ba6e79b6b262b758fa75e2ee9008e9.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Tue, 23 Apr 2024 13:20:30 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/103972121/0ace7d2d-e547-4aae-8dae-bd68f20a3404?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240423%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240423T132030Z&X-Amz-Expires=300&X-Amz-Signature=5099ea41a42952e4b370c15f41fbacefaa47e71d9202c03241736d978db72000&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=103972121&response-content-disposition=attachment%3B%20filename%3Dysoserial-1dba9c4416ba6e79b6b262b758fa75e2ee9008e9.zip&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: F8CD:D7F02:558CA37:56808CC:6627B59E
X-Firefox-Spdy: h2

objects.githubusercontent.com/github-production-release-asset-2e65be/103972121/0ace7d2d-e547-4aae-8dae-bd68f20a3404?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240423%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240423T132030Z&X-Amz-Expires=300&X-Amz-Signature=5099ea41a42952e4b370c15f41fbacefaa47e71d9202c03241736d978db72000&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=103972121&response-content-disposition=attachment%3B%20filename%3Dysoserial-1dba9c4416ba6e79b6b262b758fa75e2ee9008e9.zip&response-content-type=application%2Foctet-stream

185.199.110.133

200 OK

5.3 MB

URL User Request GET HTTP/2
objects.githubusercontent.com/github-production-release-asset-2e65be/103972121/0ace7d2d-e547-4aae-8dae-bd68f20a3404?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240423%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240423T132030Z&X-Amz-Expires=300&X-Amz-Signature=5099ea41a42952e4b370c15f41fbacefaa47e71d9202c03241736d978db72000&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=103972121&response-content-disposition=attachment%3B%20filename%3Dysoserial-1dba9c4416ba6e79b6b262b758fa75e2ee9008e9.zip&response-content-type=application%2Foctet-stream
IP
185.199.110.133:443
ASN
#54113 FASTLY

Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
5.3 MB (5303737 bytes)
Hash
710596bfa98d7fc2e2ec0ab20c6d2876
1c5047689215a620519e9b6e8313572aec9902be
7d109bc2f025a1caceb0c9deceb91d75c893bccf8d61dd9d3ede10dbe16f2d71

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 42/64

HTTP Headers

GET /github-production-release-asset-2e65be/103972121/0ace7d2d-e547-4aae-8dae-bd68f20a3404?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240423%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240423T132030Z&X-Amz-Expires=300&X-Amz-Signature=5099ea41a42952e4b370c15f41fbacefaa47e71d9202c03241736d978db72000&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=103972121&response-content-disposition=attachment%3B%20filename%3Dysoserial-1dba9c4416ba6e79b6b262b758fa75e2ee9008e9.zip&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
content-md5: cQWWv6mNf8Li7AqyDG0odg==
last-modified: Tue, 17 Oct 2023 18:38:40 GMT
etag: "0x8DBCF40488E61E6"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e5f7fc5e-d01e-0016-53b4-8e1782000000
x-ms-version: 2020-10-02
x-ms-creation-time: Tue, 17 Oct 2023 18:38:40 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=ysoserial-1dba9c4416ba6e79b6b262b758fa75e2ee9008e9.zip
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 820
date: Tue, 23 Apr 2024 13:20:30 GMT
x-served-by: cache-iad-kjyo7100091-IAD, cache-hel1410027-HEL
x-cache: HIT, HIT
x-cache-hits: 356, 0
x-timer: S1713878430.393936,VS0,VE554
content-length: 5303737
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (51)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers