Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
21868ce1d5e8d29acf4a3843b2170249_JaffaCakes118.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
21868ce1d5e8d29acf4a3843b2170249_JaffaCakes118.dll
Resource
win10v2004-20240426-en
Target
21868ce1d5e8d29acf4a3843b2170249_JaffaCakes118
Size
1.0MB
MD5
21868ce1d5e8d29acf4a3843b2170249
SHA1
1c0c13949cc62d0e403464a0716d4ae5956b1d94
SHA256
16f48c28aef3603a350200ef772550a9a9e527a698084b464dcebef35efb7870
SHA512
c149885e42ebff8fee1dd5fbc558599e8dcaa67c979e666aabfb875abe2d5abce5c14f94ff8100165d390c9dfbf9697c316676c68645b8b2d94076548886b2c1
SSDEEP
24576:93xSzLWZ1hOjhp4nmL053nfy8W+nh/D/FICq:tsm1h04K8W6ppq
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
sample | agile_net |
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ