Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
52171da989e6bc2d3097c3911e3370d1_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
52171da989e6bc2d3097c3911e3370d1_JaffaCakes118.dll
Resource
win10v2004-20240226-en
Target
52171da989e6bc2d3097c3911e3370d1_JaffaCakes118
Size
1.0MB
MD5
52171da989e6bc2d3097c3911e3370d1
SHA1
e1748a6606d332a938377ad04d73827ef0121803
SHA256
06f55085d8104f4cb453e92434616168740eccc836d7ecdf1fbccaf2a85abc8d
SHA512
be050555fd87b2e05d99def2ad0655c4744953d3667a55b8aa56847880d4df3e2a86af59a41011b2923b4200549aca51e316fdba58943d1950d242003e1fa047
SSDEEP
24576:hDRzZ5ljxIwpxxfJlWT8zCLQPCGzXjQPWYJqVL1xcpu:bfIwpxvzC0Xjc1OaI
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
sample | agile_net |
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ