Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
eeaae4d3227a8e9154123981c9b6607a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eeaae4d3227a8e9154123981c9b6607a_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Target
eeaae4d3227a8e9154123981c9b6607a_JaffaCakes118
Size
4.0MB
MD5
eeaae4d3227a8e9154123981c9b6607a
SHA1
e157bcf5be7b60c9dbc405048448474589a73e1d
SHA256
48b83155739f83a508ec4aeb87aa68a59dbd695e61f29d8d57d99eb22816201c
SHA512
785cd4bb7075659c4b1e612a207063c051f3039e7dca95cd6ebabf8e90e442cf68b5dc772ecd8a4c996352643cf5794a8cbdee09d5596a4866a6d90871724ad7
SSDEEP
98304:D1nH2CmKaZMZ6Brav2i57RxOUSSR0o6y22:hn7bQHiXxTD22
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
sample | agile_net |
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
C:\Users\Administrator\Desktop\5u6zyOvwNrfr2wS.pdb
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ