Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Static task
static1
Behavioral task
behavioral1
Sample
hgj.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
hgj.exe
Resource
win10v2004-20230220-en
Target
hgj.exe
Size
381KB
MD5
430ff166ab0342bc7036bc9af090dd82
SHA1
96dc919ed5e15d9a8db55e570658bb88dc38b2c6
SHA256
d656346e915ba499f5d4ddc36e9753891e2335ec7d309e0bc38b91c3875b081f
SHA512
074e97b5cbb5782e5ddb6ccc5166216f44e32960218735d68fb9d2508c9b5b08209289634d8b857722597e765a7633eb923ebfe71c7bae06448ad8c4c0f93169
SSDEEP
6144:eDNA9p+LExdEfqDye3NCT8yGjm04y0O12udoEUAqI:IZLExdAiCgD4wldEHI
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
Processes:
resource | yara_rule |
---|---|
sample | net_reactor |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US
CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US
CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US
CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US
CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US
CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US
CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ