Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Behavioral task
behavioral1
Sample
ad217d76ecbe99e2759a47b1c8d0f37bb0690650ef715b2a343f714084952006.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ad217d76ecbe99e2759a47b1c8d0f37bb0690650ef715b2a343f714084952006.exe
Resource
win10v2004-20220812-en
Target
ad217d76ecbe99e2759a47b1c8d0f37bb0690650ef715b2a343f714084952006
Size
143KB
MD5
705436fa5496d519336a31dccd30ef2d
SHA1
f1eeb2f9376e18821e3506a508b7e90780ea2949
SHA256
ad217d76ecbe99e2759a47b1c8d0f37bb0690650ef715b2a343f714084952006
SHA512
f6cf330fab84ddec0089c187a306266dfcd2e9ce64b7522eefb0d386fe310cf9dcae419935508de61ada490d364dcfab4e04333e3fe9a6f1911c5e7e3958387c
SSDEEP
3072:I9H7kL6yAsM0H1zvbAo5TdeFtejLcR+JZqvNm94K9VByB2:I9H7kWyzM0HuoxdeFtejLcq70A
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
sample | agile_net |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
SERIALNUMBER=J12/1244/1999,CN=Softland SRL,O=Softland SRL,L=Cluj-Napoca,C=RO,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302524f
CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US
CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
SERIALNUMBER=J12/1244/1999,CN=Softland SRL,O=Softland SRL,L=Cluj-Napoca,C=RO,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302524f
CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US
CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ