Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Overview
overview
7Static
static
7Colorful.Console.dll
windows10-1703-x64
1Colorful.Console.dll
windows7-x64
1Colorful.Console.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows10-1703-x64
1Newtonsoft.Json.dll
windows7-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1Riot Cracker.exe
windows10-1703-x64
1Riot Cracker.exe
windows7-x64
3Riot Cracker.exe
windows10-2004-x64
1TrinitySeal.dll
windows10-1703-x64
1TrinitySeal.dll
windows7-x64
1TrinitySeal.dll
windows10-2004-x64
1WThreads.dll
windows10-1703-x64
1WThreads.dll
windows7-x64
1WThreads.dll
windows10-2004-x64
1Behavioral task
behavioral1
Sample
Colorful.Console.dll
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
Colorful.Console.dll
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
Colorful.Console.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
Newtonsoft.Json.dll
Resource
win10-20230220-en
Behavioral task
behavioral5
Sample
Newtonsoft.Json.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Riot Cracker.exe
Resource
win10-20230220-en
Behavioral task
behavioral8
Sample
Riot Cracker.exe
Resource
win7-20230220-en
Behavioral task
behavioral9
Sample
Riot Cracker.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral10
Sample
TrinitySeal.dll
Resource
win10-20230220-en
Behavioral task
behavioral11
Sample
TrinitySeal.dll
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
TrinitySeal.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
WThreads.dll
Resource
win10-20230220-en
Behavioral task
behavioral14
Sample
WThreads.dll
Resource
win7-20230220-en
Behavioral task
behavioral15
Sample
WThreads.dll
Resource
win10v2004-20230220-en
Target
RiotCracker_by_B60.zip
Size
513KB
MD5
ce3b33b69933861d8faca5dc5e279325
SHA1
74800ff245bd2a5b693342494acbf1aa26628bdb
SHA256
b99206182eb58236a3a7de278803a6a7c1a5d331d62bcbfb9374bba9702db188
SHA512
2162be320f1dbc872b04bd473e91c2b2553737698007a57416b5cde7cf72723b810588b6f7544096666fdf5a8efa48bedc9b9515e27a6ba882960688a4a3d23a
SSDEEP
12288:vSdbIvli/pQf+2bkGpLiwbPjp+H1eimOysr:vS5Iv0twkIv+1RPysr
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
| resource | yara_rule |
|---|---|
| static1/unpack001/TrinitySeal.dll | agile_net |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US
CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US
CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
_CorDllMain
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ