Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
8b3657f398adeaf405f74dded8e32ae7_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8b3657f398adeaf405f74dded8e32ae7_JaffaCakes118.dll
Resource
win10v2004-20240426-en
Target
8b3657f398adeaf405f74dded8e32ae7_JaffaCakes118
Size
1.0MB
MD5
8b3657f398adeaf405f74dded8e32ae7
SHA1
dd32a8b5d15d834a710cbe4fbebc1d764cf3f6a7
SHA256
162fc2000d30562028b940b07e030df3870d00d8c84360321b3d19572e689df7
SHA512
80082e3ed8de68fd72244ba17c4da68e52cdceaee6838d17de0777d69d93a66904603f6bd579d506668420285438fb5110dbef64023ef6e4f22fd280d7fee3da
SSDEEP
24576:fIpTbxAeXaG8/ZkSpjSDtCadGQrV1cC2gVRz3TAsSH3Jav1+:fwCcaGOZdMD4UGMCdez3ZSAg
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource | yara_rule |
---|---|
sample | agile_net |
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
D:\Utilities\ny2udwwk.qj1\Desktop\Desktop.BrowserAdapter\bin\Release\PursuePoint.BrowserAdapter.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ