Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
4dadfd9d6065e9c17bec2e45115cfb52_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4dadfd9d6065e9c17bec2e45115cfb52_JaffaCakes118.dll
Resource
win10v2004-20240226-en
Target
4dadfd9d6065e9c17bec2e45115cfb52_JaffaCakes118
Size
1.0MB
MD5
4dadfd9d6065e9c17bec2e45115cfb52
SHA1
72d748c23ea67194f0597b937634fbaea693a1b1
SHA256
215cc07206823fc9b515461eade364ccc5d95123f3f9f9919952c97d16ce8576
SHA512
34d018915c742337d8ece09b31f6e4c822ff89e71124db11df83f1b2d8f938ba5f6182bb9ff486a4e9c321703c7f3922a4527b559c89b46fbad934f5197061cb
SSDEEP
24576:7cPX1YZDE7OtO8JeWgZvb858vJh2NStp6Kk:AqDE7OYWglcMKiFk
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
sample | agile_net |
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ