Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
348ec113dac9d1ad8c37ed33efb9e98d.exe
Resource
win7-20231129-en
Target
348ec113dac9d1ad8c37ed33efb9e98d
Size
1013KB
MD5
348ec113dac9d1ad8c37ed33efb9e98d
SHA1
0155e7ee208657b1970d4d6e42d1f18096eb4fbe
SHA256
f1199e5b5953534ddbb788d136dd99e6c1d20698458afc9c01b70972b2b3b9af
SHA512
54fa4c4defecdd3b11a95600d4806d1be8350424f146dd82c929a398d44a5c962fd711566f454551eeb53c1bbfc8d74b8e175fe541fce0bcbf9ab06106296de8
SSDEEP
24576:cT3oblY5lxt9Yi/+eX+ZGfJglBBK2xfLT:cT3KlkxtaeOZGfJgDBK2tH
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
sample | agile_net |
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ