Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
493807123c2e449d0dcfdbd3443d083aef30a6aaea42381290572bab06090c0b.exe
Resource
win7-20231215-en
Target
cae49b754cd4f40f428eaa78ceeef195.bin
Size
3.6MB
MD5
a401d0ebe91c82f07e16f3080770d10a
SHA1
5b482aee49c2e2b4889a75533bdcab2f6bed3767
SHA256
1e56543d09770766eb72db3065d71c07b89127507419263dd4f2f0cf2573dde2
SHA512
aa5c4208a9c92597c15eedf9653c57c1ce35232aea768402c0bfd3424217176bd57a08510821383e1bddebfd95962f7e887caae2d042ad6c211f8265fcca387f
SSDEEP
98304:c/y4pR9j0J1/vcnR858rrpG4tuhVOwQsW8Nr:c/y4l21s+qrrEs4VvWWr
| resource | yara_rule |
|---|---|
| static1/unpack001/493807123c2e449d0dcfdbd3443d083aef30a6aaea42381290572bab06090c0b.exe | family_zgrat_v1 |
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
| resource | yara_rule |
|---|---|
| static1/unpack001/493807123c2e449d0dcfdbd3443d083aef30a6aaea42381290572bab06090c0b.exe | net_reactor |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ