Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
0ce57e90c615bd156c5b9a9059583ff9_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0ce57e90c615bd156c5b9a9059583ff9_JaffaCakes118.dll
Resource
win10v2004-20240226-en
Target
0ce57e90c615bd156c5b9a9059583ff9_JaffaCakes118
Size
1.0MB
MD5
0ce57e90c615bd156c5b9a9059583ff9
SHA1
04d000ab4966dad8c132496032075a74dbda73af
SHA256
052b2cfaafd3e657935077e43ddbf2fe84558ddf3143ffbe0b8c028548b232f7
SHA512
9b2c8bba908be7476c6187aa773195d46c42fd55bce8ef89581230f847e787c89813165035e906148b33148683dbf465c0d0f1ff2519163c1992ffe5c6003f22
SSDEEP
24576:ECChy5r/9A9+tYO0AqNzg89etxmL8Guyxe:LP/9Abzg89RL8Byxe
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
sample | agile_net |
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ