Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
466f45115feb9058a4843bba52f40275_JaffaCakes118.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
466f45115feb9058a4843bba52f40275_JaffaCakes118.dll
Resource
win10v2004-20240508-en
Target
466f45115feb9058a4843bba52f40275_JaffaCakes118
Size
1.1MB
MD5
466f45115feb9058a4843bba52f40275
SHA1
0a75f49f9db27fa66378643a9dfdddf10e442755
SHA256
0f552cf8c7eff68bd9cf4b07dcd3e2bca07d38c5f11d2347fce2f66526030d6c
SHA512
44b34b4cfe90341b19156c9979526104f19fd9902579c892ab3db03853a523c4e5032c65e296370012c5bdfcf37fa4dde48c07cf855fd5a136ca2a4e95ccbb0b
SSDEEP
24576:bSJOWurenCMS4GGQFPJkDPJVqsOsTiNGYWMzY5lGU2gUmq/qX5P0:RW3wHUdjikNMzaGQUwM
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
sample | agile_net |
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ