Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
Аdоbе Рhоtоshор 2024.exe
Resource
win10v2004-20240426-de
Target
Аdоbе Рhоtоshор 2024.exe
Size
172.0MB
MD5
bb14f33a26af590f00e915ff3a1e35e6
SHA1
414f3a0d345de90a67dd81a743e9201927bcd142
SHA256
ea18b965ab43d927a1d690f395f4e2b55a15db9744f68454a86b5508b302c404
SHA512
3287f3c8979635cb0ed7d3748b719d418c339665a94be68a937e7fc0856831f6e5120c23a5f96ad890fd93b068b0fd57bfbd8c9a08f2bf6d259617e86c1d7dfc
SSDEEP
3145728:ayDd2NHceT9JMuwVK7eBmCd+kbidragqT6ugQGibL1N3ISPGtNtIdDtswZ6Y2zVr:s8eT9HwVKh77dGgq1zGiNNYYiqYzvf/1
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
sample | agile_net |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
C:\Users\Admin\Desktop\projects\NewProjects\photoshopclient1\WindowsFormsApp1\bin\Debug\Secured\??d??b?? ??h??t??sh???? 2024.pdb
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ