Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
Setup ТrаdingViеw.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Setup ТrаdingViеw.exe
Resource
win10v2004-20240419-en
Target
Setup ТrаdingViеw.exe
Size
117.7MB
MD5
1ff88a70832500f01b6588e9b3716620
SHA1
ba047d8c13039ee49ed79ab010dcc36b864eb53c
SHA256
a7a773a16824cf8f71777a5d891701b20f363a117630d904c0b8450fb8c6938a
SHA512
d5b026a26862537e7dc52c0f1d919fee7bac30616a0cdf8f52d06c7c7d7356e758d5e40a7c298de1646783ce0d1edf514a65177a2a12d8b03288e2fdd3c97e3d
SSDEEP
3145728:c/JWHKaPLsl+rjF+B05jpxLewmsWzC+QlSKj4ZIiz33giPuQ4r:cBEKQjrjse5L5/We+QlSKj4ZIiUiPw
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
sample | agile_net |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
C:\Users\Admin\Desktop\projects\NewProjects\??r??dingVi??wClient1\WindowsFormsApp1\bin\Debug\Secured\Setup ??r??dingVi??w.pdb
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ