Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
0x0007000000021e83-163.exe
Resource
win7-20220311-en
Target
0x0007000000021e83-163.dat
Size
107KB
MD5
00e43a3bfd4f821d13329209ab4875e7
SHA1
3a6648e1f23684d2ffe2e5af683761c184537a1e
SHA256
354a014aac7be2159294631afdc5a0683edd91ec8b7c9b34d3548b2227a047f2
SHA512
2c018312976ce2d0b5e5cf12b5e5daa3773507042fceab0ab4a88f38db53cc3a99063cc6455412cd93b308a2fcdd6b777f0c56c8b1b1686bab942464867a4c62
redline
da da
86.107.197.196:63065
9b1654b30797c210c85bd0890936a5b9
Processes:
resource | yara_rule |
---|---|
sample | family_redline |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
CN=AMCERT\,LLC,O=AMCERT\,LLC,ST=Erevan,C=AM
CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB
CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB
CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ