Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
Behavioral task
behavioral1
Sample
JaffaCakes118_cae392972dd3d49eeec09f8dfd5db98199c48ade60332921dc97b91b1faf2a05.exe
Resource
win7-20240903-en
Target
JaffaCakes118_cae392972dd3d49eeec09f8dfd5db98199c48ade60332921dc97b91b1faf2a05
Size
750.0MB
MD5
02d6579c678f5cbb9a054f1b7092b669
SHA1
0052f7ebe4f7065e007a843401069350f755376e
SHA256
cae392972dd3d49eeec09f8dfd5db98199c48ade60332921dc97b91b1faf2a05
SHA512
e4c1a76c5df8e61688ab86f4155b74a0a55b7d9574277e3d12ef398c89853808361753deec5542375ab4066436f157e1e44e7a6ecd0aa4bfb7dbe2df622dda2c
SSDEEP
1536:d7I/h6wysRNJ/RASiOzeDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDa:dEDyaJ/Ruqbj5ke/
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
| resource | yara_rule |
|---|---|
| sample | agile_net |
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
C:\Users\Administrator\Desktop\Setup.File.Signature.mislocation.eng - Copy.pdb
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ