Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
1262b822b67ccb5ff03e0545a424ba2a_JaffaCakes118.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1262b822b67ccb5ff03e0545a424ba2a_JaffaCakes118.dll
Resource
win10v2004-20240226-en
Target
1262b822b67ccb5ff03e0545a424ba2a_JaffaCakes118
Size
1.0MB
MD5
1262b822b67ccb5ff03e0545a424ba2a
SHA1
fb60c00391a4c85e5a756e8f91b76fae9f643204
SHA256
56623c693793157b1f3afd75220281018e09d7f136a62d637993b1bebe628c72
SHA512
9bc9577205e673bbd99d31fe67ba9cca824c48cc6dbf57bbee75035915677bb0c70ec97b69a151022b41109d6392c5879ee2b99d03c3c2bb4909f67b7592b56c
SSDEEP
24576:ptIAeL3+dS6Se7G8+/R8LluaKVw1B4EBGZKiGTpF+9t4+RndA44dI0ZlGOq:z2WS6J30a+RdCddC
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
sample | agile_net |
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ