Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Static task
static1
Behavioral task
behavioral1
Sample
Crypted.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Crypted.exe
Resource
win10v2004-20240709-en
Target
Crypted.exe
Size
50KB
MD5
5dd57385d3af83d5a7160e9c14aa09f5
SHA1
64aabb5a9d77cbb8768779c7f3d0231465ea29f0
SHA256
1f465a7b1dac4223346ba3070599d95dcdaa071d31d0e0a301322ee4433b4b7a
SHA512
05eb789f336fe6d4280b085d86774bdc6e818e822a42a9165102dcbd478d16168dbceadd786783547db37f7635a5451211daea3fd008557a1d3f0533326e9ea5
SSDEEP
1536:5GuV08a0ep7+bYrVNXUsyWSBY99w399hVkrf1t0:bYrVOsyWSBY99kq5W
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
resource | yara_rule |
---|---|
sample | disable_win_def |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ