Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
Overview
overview
7Static
static
7Bunifu.Licensing.dll
windows7-x64
1Bunifu.Licensing.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows7-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1Plugins/Camera.dll
windows7-x64
1Plugins/Camera.dll
windows10-2004-x64
1Plugins/Chat.dll
windows7-x64
1Plugins/Chat.dll
windows10-2004-x64
1Plugins/HApps.dll
windows7-x64
1Plugins/HApps.dll
windows10-2004-x64
1Plugins/HBrowser.dll
windows7-x64
1Plugins/HBrowser.dll
windows10-2004-x64
1Plugins/HRDP.dll
windows7-x64
1Plugins/HRDP.dll
windows10-2004-x64
1Plugins/HVNC.dll
windows7-x64
1Plugins/HVNC.dll
windows10-2004-x64
1Plugins/Keylogger.dll
windows7-x64
1Plugins/Keylogger.dll
windows10-2004-x64
1Plugins/Manager.dll
windows7-x64
1Plugins/Manager.dll
windows10-2004-x64
1Plugins/Options.dll
windows7-x64
1Plugins/Options.dll
windows10-2004-x64
1Plugins/Op...rm.dll
windows7-x64
1Plugins/Op...rm.dll
windows10-2004-x64
1Plugins/Passwords.dll
windows7-x64
1Plugins/Passwords.dll
windows10-2004-x64
1Plugins/RAPP.dll
windows7-x64
1Plugins/RAPP.dll
windows10-2004-x64
1Plugins/RDP.dll
windows7-x64
1Plugins/RDP.dll
windows10-2004-x64
1Plugins/Ransom.dll
windows7-x64
1Plugins/Ransom.dll
windows10-2004-x64
1Behavioral task
behavioral1
Sample
Bunifu.Licensing.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Bunifu.Licensing.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Newtonsoft.Json.dll
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
Plugins/Camera.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Plugins/Camera.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Plugins/Chat.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Plugins/Chat.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
Plugins/HApps.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Plugins/HApps.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Plugins/HBrowser.dll
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
Plugins/HBrowser.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
Plugins/HRDP.dll
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
Plugins/HRDP.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
Plugins/HVNC.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Plugins/HVNC.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Plugins/Keylogger.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Plugins/Keylogger.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
Plugins/Manager.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
Plugins/Manager.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
Plugins/Options.dll
Resource
win7-20240215-en
Behavioral task
behavioral22
Sample
Plugins/Options.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
Plugins/OptionsForm.dll
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
Plugins/OptionsForm.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
Plugins/Passwords.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Plugins/Passwords.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
Plugins/RAPP.dll
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
Plugins/RAPP.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
Plugins/RDP.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Plugins/RDP.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
Plugins/Ransom.dll
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
Plugins/Ransom.dll
Resource
win10v2004-20240508-en
Target
Silver_Rat.zip
Size
28.7MB
MD5
520858d87505cbf0316ae9b24eb22f8c
SHA1
93cd36ade41903630204a0a345968062c7ea45ea
SHA256
e0803fe76c83da3b24ae34f2862e08356b46d9046bf53947de8c1729e5dd18ee
SHA512
59d0a49f4babc4d1a436f0063affc082e9f39dde2881232a1c88365f9f33ce34a4dbd5baddba02e0fc96b864cba4f42b383f18ae0f0a7e653de7ef2ecd9f8bcb
SSDEEP
786432:IaPM3krYTAxoFxbGSjSGJBxny9WIVXel1TokyNNX2JRPft:nU3keAsxq4hBhcoT4XSRPF
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
static1/unpack001/Bunifu.Licensing.dll | agile_net |
static1/unpack001/bunifu.ui.winforms.1.5.3.dll | agile_net |
Checks for missing Authenticode signature.
Processes:
resource |
---|
unpack001/RestSharp.dll |
unpack001/SilverRat.exe |
unpack001/bouncycastle.crypto.dll |
unpack001/bunifu.ui.winforms.dll |
unpack001/cgeoip.dll |
unpack001/protobuf-net.core.dll |
unpack001/protobuf-net.dll |
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
C:\Users\wilsk\source\repos\apps\desktop\bunifu\work\bunifu-framework\Licensing\Bunifu.Licensing.Redistributable\bin\Debug\net40\Secured\net40\Bunifu.Licensing.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
c:\personal_source\RestSharp\RestSharp.Net46\obj\ReleaseSigned\RestSharp.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
malloc
memset
strcmp
strcpy
getenv
sprintf
fopen
fwrite
fclose
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit
ShellExecuteA
SetUnhandledExceptionFilter
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
/_/artifacts/obj/System.Collections.Immutable/net461-Release/System.Collections.Immutable.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageTimeStamping
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
C:\Users\wilsk\source\repos\apps\desktop\bunifu\work\bunifu-framework\__build__\__raw__\Bunifu UI WinForms\1.5.3\net40\Secured\net40\Bunifu.UI.WinForms.1.5.3.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Guna.UI2\Build\Guna.UI2.WinForms\build\.net 4.0\Guna.UI2.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
protobuf-net.Core.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
protobuf-net.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ