Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
Private Key/PrivateKey.exe
Resource
win10v2004-20241007-en
Target
Private Key (infected).zip
Size
137KB
MD5
70d06330e186df7cc1230934f1c2fc13
SHA1
0b34665615ce674e3d5597f195e1dc018c154ec3
SHA256
31b5dd4b9119afd13692f5a3d204b139fe78affae1d1ceb6ca426ea59d8a1df1
SHA512
1c2e0c1f9ef11fb600a6ce35325a44faf228aa17dca7dbfa1001fa3c2333725d4fe46490921329a2eebe638d930e4152a50ccdf7830bbf8240806c2d128716de
SSDEEP
3072:gJLIHRnm9UzCz+J8qETkduWSmRVtVHWWqVrAUEUy6c2kinJhtORQe:yL79UzCyJ3Ok79bZqVVyVQns
resource | yara_rule |
---|---|
static1/unpack001/Private Key/PrivateKey.exe | family_xworm |
Checks for missing Authenticode signature.
resource |
---|
unpack001/Private Key/PrivateKey.exe |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
t:\misc_authzax\x64\ship\0\authzax.pdb
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExW
RegOpenKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetProcAddress
GetModuleHandleA
lstrlenA
lstrcmpiA
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
IsDBCSLeadByte
CloseHandle
lstrlenW
GetSystemDirectoryW
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
GetModuleFileNameW
LoadLibraryW
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
VirtualProtect
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
UrlGetPartW
CharNextW
CharNextA
memcpy_s
strcpy_s
wcsncpy_s
strncpy_s
strcat_s
memset
__C_specific_handler
??_V@YAXPEAX@Z
_resetstkoflw
_recalloc
??_U@YAPEAX_K@Z
memcmp
memcpy
_wcsicmp
??2@YAPEAX_K@Z
vswprintf_s
_encode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_decode_pointer
_amsg_exit
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
__crt_debugger_hook
__clean_type_info_names_internal
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
malloc
strstr
??3@YAXPEAX@Z
free
_CxxThrowException
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
t:\lobiclient\x64\ship\0\bcsautogen.pdb
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__clean_type_info_names_internal
__crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_amsg_exit
_decode_pointer
_encoded_null
malloc
free
_initterm_e
_initterm
_malloc_crt
_encode_pointer
vswprintf_s
_itow_s
_recalloc
__C_specific_handler
memset
wcscat_s
wcsncpy_s
wcscpy_s
memcpy_s
_CxxThrowException
wcsstr
TerminateProcess
LocalAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
LoadLibraryA
Sleep
LoadLibraryW
HeapAlloc
HeapFree
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
VirtualProtect
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
CharNextW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
StgCreateDocfile
SafeArrayGetUBound
SysFreeString
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SafeArrayUnlock
SafeArrayLock
SysAllocStringLen
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayCreate
SysStringByteLen
SafeArrayRedim
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
t:\lobiclient\x64\ship\0\bcsclient.msg.pdb
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__crt_debugger_hook
__CppXcptFilter
__C_specific_handler
_amsg_exit
_decode_pointer
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
_encode_pointer
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
VirtualProtect
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ