Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
23653e8364ea3b494fd63e65cbdb6bd4_JaffaCakes118.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
23653e8364ea3b494fd63e65cbdb6bd4_JaffaCakes118.dll
Resource
win10v2004-20240419-en
Target
23653e8364ea3b494fd63e65cbdb6bd4_JaffaCakes118
Size
1.1MB
MD5
23653e8364ea3b494fd63e65cbdb6bd4
SHA1
d4194110286414004d0a21d690c91fc93a4c5d42
SHA256
1318a94628221dcafc533eb77bd9f7762fe6cecc9b177c610cf73e7089a3b8ce
SHA512
5e87b18550d52f9ddd086078a001d52abd7e729271485a2cff9e746b38a5fff88055fa38adf8e2e7091e9bf2b06f614ac31e1467abe17a0992e2cd613545c8c0
SSDEEP
24576:7NAsCw0OjKAeQuz1t5DzAe7JS85SqX16qN+RpNBnH4N:ZzCWKAelzNAtcnX13oYN
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
sample | agile_net |
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ