20ae85c5052ceab12b41ebd1f76fbb59_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

20ae85c5052ceab12b41ebd1f76fbb59_JaffaCakes118
Size

1.2MB
MD5

20ae85c5052ceab12b41ebd1f76fbb59
SHA1

2a675201b69ef2e69610daeeb8ecc2e065e1fe5b
SHA256

0be74adb2c0a53a10270773594bd2f25bdc60bb2a31a9fa8710e15bafb2b5c6a
SHA512

dd820c9bf08a6507618e348f18479fa33e434f4dc2c532d4ea6f4ce97813e6aa56c12e77398a3ee55d85d35b3ee70a9dc35aeb4a564184e60d1db1e3ce5534e7
SSDEEP

24576:DbdwjDjHP7tnQFg18oqyZq4XVVbPbGJLid6yqeNNHvbyVfbWWbyHjaSabybbybvN:X2jXjtQ4Zq4VbgLiYyBEkw

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

20ae85c5052ceab12b41ebd1f76fbb59_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9240c0c5a66d458388060bdb0f90f12d

Code Sign

25:f4:d6:68:11:17:cc:99:45:81:7b:76:86:d2:93:3a
Certificate

Issuer

CN=NNPPQTYSRVWDCFFNYK

Not Before

06-06-2019 10:36

Not After

31-12-2039 23:59

Subject

CN=NNPPQTYSRVWDCFFNYK

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:b1:5e:a6:23:c2:2f:6e:20:9e:c2:89:33:3d:71:82:97:d0:0e:03
Signer

Actual PE Digest

2e:b1:5e:a6:23:c2:2f:6e:20:9e:c2:89:33:3d:71:82:97:d0:0e:03

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
lstrcpyA
lstrcpyW
lstrcmpW
lstrlenA
lstrlenW
lstrcmpA
lstrcatW
lstrcatA
_hwrite
WritePrivateProfileStringA
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjects
VirtualQuery
VirtualProtect
VirtualFree
UpdateResourceW
UnhandledExceptionFilter
TlsSetValue
TlsGetValue
TlsAlloc
TerminateThread
TerminateProcess
SwitchToThread
Sleep
SizeofResource
SetVolumeMountPointW
SetUnhandledExceptionFilter
SetThreadLocale
SetThreadExecutionState
SetNamedPipeHandleState
SetMailslotInfo
SetLocaleInfoW
SetLastError
SetFilePointerEx
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
SetConsoleTitleW
RtlUnwind
RtlMoveMemory
ResumeThread
ResetEvent
ReadFile
ReadConsoleOutputCharacterW
RaiseException
QueryPerformanceCounter
QueryDosDeviceW
PurgeComm
OutputDebugStringA
OpenSemaphoreA
OpenJobObjectA
MultiByteToWideChar
MulDiv
MoveFileW
LockResource
LocalUnlock
LocalFree
LocalAlloc
LoadResource
LoadLibraryW
LoadLibraryExA
LeaveCriticalSection
LCMapStringA
IsValidLocale
IsValidCodePage
IsDBCSLeadByte
IsBadWritePtr
IsBadStringPtrW
IsBadReadPtr
IsBadCodePtr
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
HeapFree
HeapAlloc
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVolumePathNamesForVolumeNameW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTimeFormatA
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDirectoryA
GetSystemDefaultLangID
GetStringTypeW
GetStringTypeExA
GetStringTypeA
GetStdHandle
GetStartupInfoA
GetProcessHeap
GetPrivateProfileStringW
GetPrivateProfileStringA
GetOEMCP
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetDriveTypeW
GetDiskFreeSpaceA
GetDevicePowerState
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetProcAddress
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleCursorInfo
GetConsoleAliasA
GetComputerNameW
GetComputerNameExW
GetCompressedFileSizeA
GetCommandLineA
GetCPInfo
GetACP
FreeResource
FreeLibrary
FormatMessageW
FormatMessageA
FindVolumeClose
FindResourceA
FindNextVolumeW
FindNextChangeNotification
FindFirstVolumeW
FindFirstVolumeMountPointA
FindFirstFileW
FindFirstFileA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
FindCloseChangeNotification
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
ExitProcess
EnumSystemCodePagesA
EnumCalendarInfoA
EnterCriticalSection
DeviceIoControl
DeleteVolumeMountPointW
DeleteFileA
DeleteCriticalSection
DefineDosDeviceW
CreateThread
CreateSemaphoreW
CreateMutexA
CreateFileW
CreateFileA
CreateEventW
CreateEventA
CopyFileExA
CompareStringW
CompareStringA
CommConfigDialogW
CloseHandle
AddConsoleAliasA
VirtualAlloc
GetModuleHandleW
LoadLibraryA
lstrcpynA

user32

SetWindowRgn
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SubtractRect
SystemParametersInfoA
SystemParametersInfoW
TabbedTextOutA
ToAsciiEx
TrackPopupMenu
TranslateAcceleratorA
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
ValidateRect
WaitMessage
WinHelpA
WinHelpW
WindowFromDC
WindowFromPoint
mouse_event
wsprintfA
SetCapture
SetActiveWindow
SendNotifyMessageA
SendMessageA
SendDlgItemMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterDeviceNotificationW
RegisterDeviceNotificationA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
RealGetWindowClassA
PtInRect
PostThreadMessageW
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharW
OemToCharA
MsgWaitForMultipleObjects
ModifyMenuA
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadImageA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
IsCharAlphaA
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
IMPSetIMEA
IMPQueryIMEA
GetWindowThreadProcessId
GetWindowTextA
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetWindow
GetTopWindow
GetTabbedTextExtentA
GetSystemMetrics
SetWindowPos
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetQueueStatus
GetPropA
GetMouseMovePointsEx
GetMessageA
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
GetMenu
GetLastActivePopup
GetKeyboardType
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetFocus
GetDoubleClickTime
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCaretPos
GetCapture
FrameRect
FindWindowA
FillRect
ExitWindowsEx
ExcludeUpdateRgn
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EndDialog
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExA
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DrawCaption
DragDetect
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
DdeQueryNextServer
DdeFreeDataHandle
DdeCmpStringHandles
CreateWindowExA
CreatePopupMenu
CreateIcon
CreateDialogIndirectParamW
CopyImage
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffA
CharUpperA
CharToOemA
CharPrevExA
CharNextW
CharNextA
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
LoadCursorW
GetParent
IsCharAlphaNumericA
InSendMessage
CloseWindowStation
IsWindowEnabled
CreateMenu
DestroyCursor
GetDlgCtrlID
SetCursor
SetClipboardData
GetSystemMenu
SetClassLongA
CharLowerBuffA
CharLowerA
CallWindowProcA
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
GetForegroundWindow
GetActiveWindow
EnumClipboardFormats
GetMessagePos
IsClipboardFormatAvailable
GetOpenClipboardWindow
IsGUIThread
GetAsyncKeyState
GetListBoxInfo
InSendMessageEx

gdi32

EngPaint
EqualRgn
ExcludeClipRect
ExtTextOutA
FillPath
FillRgn
FrameRgn
GdiGetCodePage
GdiGetSpoolFileHandle
GdiIsPlayMetafileDC
GetAspectRatioFilterEx
GetBitmapBits
GetBrushOrgEx
GetCharWidthA
GetClipBox
GetClipRgn
GetCurrentObject
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetGlyphIndicesA
GetKerningPairsW
GetNearestColor
GetNearestPaletteIndex
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextAlign
GetTextColor
GetTextExtentExPointA
GetTextExtentPoint32A
GetTextExtentPointA
GetTextFaceW
GetTextMetricsA
GetViewportOrgEx
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
EngCreateSemaphore
MaskBlt
MoveToEx
OffsetRgn
OffsetWindowOrgEx
PATHOBJ_vEnumStart
PatBlt
PathToRegion
PlayEnhMetaFile
PolyPolyline
Polygon
Polyline
PtInRegion
RealizePalette
RectVisible
Rectangle
ResetDCA
RestoreDC
RoundRect
STROBJ_dwGetCodePage
STROBJ_vEnumStart
SelectClipPath
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextAlign
SetTextColor
SetTextJustification
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StretchBlt
StretchDIBits
StrokePath
TextOutA
TextOutW
EngCheckAbort
EndPath
EnableEUDC
EndFormPage
Ellipse
DescribePixelFormat
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateColorSpaceW
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
CLIPOBJ_cEnumStart
BitBlt
BeginPath
Arc
GetEnhMetaFileA
GetSystemPaletteUse
UnrealizeObject
CreatePatternBrush
AbortDoc
GetTextCharacterExtra
GetBkColor
SaveDC
GdiFlush
EndPage
AddFontResourceW
LineTo
CloseEnhMetaFile

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetSaveFileNameW

advapi32

RegOpenKeyA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegFlushKey
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueA
RegQueryValueExA
RegSetValueExA
CloseServiceHandle

shell32

SHFileOperation
Shell_NotifyIconA
ShellExecuteA
DragQueryFileA
DuplicateIcon
ExtractAssociatedIconExA
SHAppBarMessage
SHCreateDirectoryExW
Shell_NotifyIconW
SHFileOperationW
SHGetDataFromIDListW
SHGetFolderLocation
SHGetInstanceExplorer
SHGetPathFromIDListW
SHInvokePrinterCommandA

ole32

StringFromGUID2
StringFromCLSID
IsEqualGUID
CoUninitialize
CoTaskMemFree
CoInitializeEx
CoInitialize
CoCreateInstance

shlwapi

PathIsUNCW
PathIsRelativeW
StrRChrIA

comctl32

ImageList_DrawEx
ImageList_Draw
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_LoadImageA
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write
ImageList_DragLeave
ord17

Sections

.text
Size: 883KB - Virtual size: 883KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9240c0c5a66d458388060bdb0f90f12d

Code Sign

25:f4:d6:68:11:17:cc:99:45:81:7b:76:86:d2:93:3aCertificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

2e:b1:5e:a6:23:c2:2f:6e:20:9e:c2:89:33:3d:71:82:97:d0:0e:03Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 883KB - Virtual size: 883KB

.rdata Size: 134KB - Virtual size: 134KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 162KB - Virtual size: 1.0MB

25:f4:d6:68:11:17:cc:99:45:81:7b:76:86:d2:93:3a
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

2e:b1:5e:a6:23:c2:2f:6e:20:9e:c2:89:33:3d:71:82:97:d0:0e:03
Signer

.text
Size: 883KB - Virtual size: 883KB

.rdata
Size: 134KB - Virtual size: 134KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 162KB - Virtual size: 1.0MB