Extended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231215-en
Target
file
Size
6.5MB
MD5
f18bb1edd3ae7b63144e96132ce9aefb
SHA1
c1e427cada1d7c0ffc7196d722ee6c0af82c2756
SHA256
897b63dc56623c54120c95340a7e8c416786dbc18bb03dae3300ab2fd57e928a
SHA512
d0036a1b6bab8786f45688a7d22a3dfd28a9ef21048b13aea72182b3599d1ebb22acd210e5c86883b0b3a81f755a1a1eebe9a7fac7eaf7b5235188cc3f5eab0b
SSDEEP
98304:ukWTppXqlbXXSKXiDvrfuh8AN8HJyeZaDN6h:ukWVtYbnSKXSvbSupyYaDNE
resource | yara_rule |
---|---|
sample | family_zgrat_v1 |
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource | yara_rule |
---|---|
sample | net_reactor |
ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ