Extended Key Usages
ExtKeyUsageTimeStamping
Overview
overview
10Static
static
7AgileDotNe...me.dll
windows7-x64
1AgileDotNe...me.dll
windows10-2004-x64
1ChangeLog.html
windows7-x64
1ChangeLog.html
windows10-2004-x64
1CraxsRat.exe.xml
windows7-x64
1CraxsRat.exe.xml
windows10-2004-x64
1GeoIPCitys.dll
windows7-x64
1GeoIPCitys.dll
windows10-2004-x64
1LiveCharts...ms.dll
windows7-x64
1LiveCharts...ms.dll
windows10-2004-x64
1LiveCharts.Wpf.dll
windows7-x64
1LiveCharts.Wpf.dll
windows10-2004-x64
1LiveCharts.dll
windows7-x64
1LiveCharts.dll
windows10-2004-x64
1MetroSet UI.dll
windows7-x64
1MetroSet UI.dll
windows10-2004-x64
1NAudio.dll
windows7-x64
1NAudio.dll
windows10-2004-x64
1SimplicLoader.exe
windows7-x64
10SimplicLoader.exe
windows10-2004-x64
10System.IO....le.dll
windows7-x64
1System.IO....le.dll
windows10-2004-x64
1Vip.Notification.dll
windows7-x64
1Vip.Notification.dll
windows10-2004-x64
1WinMM.Net.dll
windows7-x64
1WinMM.Net.dll
windows10-2004-x64
1res/GeoIP/GeoIP.dat
windows7-x64
3res/GeoIP/GeoIP.dat
windows10-2004-x64
3Behavioral task
behavioral1
Sample
AgileDotNet.VMRuntime.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
AgileDotNet.VMRuntime.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
ChangeLog.html
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
ChangeLog.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
CraxsRat.exe.xml
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
CraxsRat.exe.xml
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
GeoIPCitys.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
GeoIPCitys.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
LiveCharts.WinForms.dll
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
LiveCharts.WinForms.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
LiveCharts.Wpf.dll
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
LiveCharts.Wpf.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
LiveCharts.dll
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
LiveCharts.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral15
Sample
MetroSet UI.dll
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
MetroSet UI.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
NAudio.dll
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
NAudio.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral19
Sample
SimplicLoader.exe
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
SimplicLoader.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
System.IO.Compression.ZipFile.dll
Resource
win7-20230220-en
Behavioral task
behavioral22
Sample
System.IO.Compression.ZipFile.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
Vip.Notification.dll
Resource
win7-20230220-en
Behavioral task
behavioral24
Sample
Vip.Notification.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral25
Sample
WinMM.Net.dll
Resource
win7-20230220-en
Behavioral task
behavioral26
Sample
WinMM.Net.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral27
Sample
res/GeoIP/GeoIP.dat
Resource
win7-20230220-en
Behavioral task
behavioral28
Sample
res/GeoIP/GeoIP.dat
Resource
win10v2004-20230220-en
Target
SimplicLoader.rar
Size
4.7MB
MD5
440ebe09051a8cc5c21dc4408915c9d9
SHA1
51a66ad8f193a309bb7b61d3123711042ae7fecc
SHA256
3797d33045461d3f38719dc5a2c226a8163dc06ac0b75c2a93c54ab91f0efb5b
SHA512
f19b3bd7e26ee6d3afea4c4d6a17baa4e2ebfd529b77558082f26276aa5eabb9c8249d802a36ec784c88fa96076805702a213caf3f7892f5000e15e37727dad5
SSDEEP
98304:jLju9vlFDC3LRQMqkQRJ6LA/S8oRQT3HZI0rh9bAmek5bolAincbeSHCC:j+9dFDC3dxU/S8o235BEmHoNnQepC
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
static1/unpack001/AgileDotNet.VMRuntime.dll | agile_net |
Checks for missing Authenticode signature.
Processes:
resource |
---|
unpack001/AgileDotNet.VMRuntime.dll |
unpack001/GeoIPCitys.dll |
unpack001/LiveCharts.WinForms.dll |
unpack001/LiveCharts.Wpf.dll |
unpack001/LiveCharts.dll |
unpack001/MetroSet UI.dll |
unpack001/NAudio.dll |
unpack001/SimplicLoader.exe |
unpack001/Vip.Notification.dll |
unpack001/WinMM.Net.dll |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageTimeStamping
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ