Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Static task
static1
Behavioral task
behavioral1
Sample
bde9b23fbe4f12e5ff686c17cc9d9490.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bde9b23fbe4f12e5ff686c17cc9d9490.exe
Resource
win10v2004-20230220-en
Target
bde9b23fbe4f12e5ff686c17cc9d9490.exe
Size
16.0MB
MD5
bde9b23fbe4f12e5ff686c17cc9d9490
SHA1
f0a99fc9abe817705fcae04ec626abf263ffcc32
SHA256
9012d01ae4d6db135651b4322c96846544d8e323ecafe5754026f7ea0c320d5e
SHA512
6f6fcad5783c4c1ab309f4a8950026fd063de6059f98e24e3b460095a665b2d54168c07c3fd42f0644f002adb3a2f91f80fbabdd852a19205b45c5643e6ddfe1
SSDEEP
98304:J2nlZSn0kF9Eh5euL3iuSr0/r5CBTZ8o0xnbREEwegXnrMOiRwF:AnlZSn0kF9Eh5sr0Ny09bREEweanI6
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
Processes:
resource | yara_rule |
---|---|
sample | net_reactor |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
CN=Invincea\, Inc.,O=Invincea\, Inc.,L=Fairfax,ST=Virginia,C=US
CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US
CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ