Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
Behavioral task
behavioral1
Sample
Contract for collaboration.pdf.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
Promotion video from Spotify.mp4.scr
Resource
win10v2004-20240412-en
Target
vozer_promo_pass_infected.zip
Size
53KB
MD5
5d8c03c354500fdeaea2d5969f360712
SHA1
d3a0ff8a84eda1939eb796e3d07b2a9ab7a5a0db
SHA256
324c0102bae77f7829b0c441875565b1f31f2e57757958a261b9fcef7345749a
SHA512
ce58ea5b60ec87196d54ca81f5f3024771c65106b520751ff1ffb329681c033a48bac40adb09a3e572017ddf7bb722e9cdbef207a41ec44c532f44df7529942c
SSDEEP
1536:s4ZN6iF9Ejlp4LrJHtQeCbLpdU6yWUfLeGafDNl:jL3EjlGL0ZPbwLePDNl
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
| resource | yara_rule |
|---|---|
| static1/unpack002/Contract for collaboration.pdf.exe | agile_net |
| static1/unpack002/Promotion video from Spotify.mp4.scr | agile_net |
Checks for missing Authenticode signature.
Processes:
| resource |
|---|
| unpack002/Promotion video from Spotify.mp4.scr |
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ