27877263ae03dd2d0290433e7e970c98_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

27877263ae03dd2d0290433e7e970c98_JaffaCakes118
Size

126KB
MD5

27877263ae03dd2d0290433e7e970c98
SHA1

459c67aed9dc0db4ba09da829c4ddeb439288ae0
SHA256

40fc1e6f956763871d70c576634c8444713283d44cb09048b1d451d0f1f6207e
SHA512

f384f0d9e96bea3e89c1c5bc01532c4cc011e0718556ba595f136672e407caf600c9da283c7e057a0c9d6cd13393ff1499e3a65e055e985ace1f0d22ac85ed66
SSDEEP

3072:j31/jxwB6WjDAf5vMsUYWDvNJcO/Fu2HnquMNIp:j31/CLoPIFu2nMK

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
static1/unpack001/Oplata ponedel'nik.exe	cryptone

Files

27877263ae03dd2d0290433e7e970c98_JaffaCakes118
.rar
Oplata ponedel'nik.exe
.exe windows:1 windows x86 arch:x86

ba30714f4671fdae7d69e4a4263d3161

Code Sign

66:ca:24:cc:0c:6d:ea:51:b5:8b:72:ff:4c:f9:51:aa
Certificate

Issuer

CN=AETXZIICNIUTRLCPID

Not Before

10-07-2020 05:20

Not After

31-12-2039 23:59

Subject

CN=AETXZIICNIUTRLCPID

Extended Key Usages

ExtKeyUsageCodeSigning

59:fc:8e:5c:53:f2:19:f2:85:b0:51:fb:e5:98:39:08:99:5e:4b:d8
Signer

Actual PE Digest

59:fc:8e:5c:53:f2:19:f2:85:b0:51:fb:e5:98:39:08:99:5e:4b:d8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetModuleHandleA
VirtualAllocEx
VirtualProtect
CreateFileA
FlushFileBuffers
SetStdHandle
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
VirtualQuery
InterlockedExchange
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetSystemInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetTimeZoneInformation
LCMapStringW
LCMapStringA
SetFilePointer
GetCPInfo
GetOEMCP
GetACP
GetFullPathNameW
WriteFile
GetFullPathNameA
GetCurrentDirectoryW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetHandleCount
ReadFile
CloseHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
ReleaseMutex
CreateMutexA
HeapSize
GetCurrentProcess
TerminateProcess
GetCurrentDirectoryA
GetVersion
lstrcpynA
Sleep
lstrlenA
MulDiv
WideCharToMultiByte
QueryPerformanceFrequency
QueryPerformanceCounter
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindFirstFileA
RemoveDirectoryA
DebugBreak
FindNextFileA
FindClose
OutputDebugStringA
GetEnvironmentStrings
HeapReAlloc
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetProcAddress
HeapFree
RaiseException
HeapAlloc
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
CreateDirectoryA
GetDriveTypeW
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
DeleteFileW
DeleteFileA
ExitProcess
RtlUnwind
VerifyVersionInfoW
ConvertDefaultLocale
Heap32ListFirst
LoadModule
FindAtomW
_lwrite
WritePrivateProfileSectionA
ReadConsoleA
ContinueDebugEvent
SetFileAttributesW
SetProcessShutdownParameters
GetModuleHandleW
GetSystemDefaultLangID
OpenSemaphoreA
GlobalFindAtomA
SetVolumeLabelW
LocalFlags
FindNextVolumeMountPointA
SetConsoleTextAttribute
FreeLibrary
CreateIoCompletionPort
GetLocalTime
DeleteFiber
IsBadHugeReadPtr
TlsSetValue
EnumResourceLanguagesA
GlobalSize
BuildCommDCBW
GetFileAttributesExW
GetFileAttributesA
SetConsoleTitleA
InterlockedExchangeAdd
GlobalHandle
GetUserDefaultLCID
BeginUpdateResourceA
WriteProfileSectionA
SystemTimeToFileTime
Process32First
WinExec
OpenEventW
WaitForSingleObject
SetConsoleCursorInfo
CreateFileMappingW
UnmapViewOfFile
CreateEventW
CreateThread
WaitForMultipleObjects
CreateMutexW
SetEvent
TerminateThread
GetExitCodeThread
GetExitCodeProcess
CreateProcessW
GetVersionExW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
GetProcessHeap
OpenFileMappingW
SetLastError
GetCommandLineW
GetSystemDirectoryW
MapViewOfFile
lstrcpyW
LoadLibraryW
DeleteCriticalSection
LeaveCriticalSection

user32

LoadIconA
GetKeyboardLayout
CopyIcon
GetInputState
GetWindowTextLengthA
GetTopWindow
DestroyCursor
GetDlgCtrlID
GetClipboardData
CreatePopupMenu
IsGUIThread
DrawMenuBar
VkKeyScanA
GetMenuCheckMarkDimensions
GetClipboardOwner
IsWindow
ShowCaret
DestroyWindow
GetShellWindow
GetSysColor
IsWindowUnicode
LoadCursorFromFileA
LoadCursorFromFileW
GetWindowTextLengthW
GetFocus
PtInRect
MessageBoxW
SetCursorPos
MessageBoxA
GetDC
EnumDisplaySettingsA
ChangeDisplaySettingsA
RedrawWindow
GetClientRect
LoadCursorA
RegisterClassA
CreateWindowExW
ShowWindow
UpdateWindow
SetFocus
DefWindowProcA
SetCursor
PostQuitMessage
LoadAcceleratorsA
PeekMessageA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
SendMessageA
SetRect
AdjustWindowRect
SetWindowLongA
SetWindowPos
ShowCursor
GetForegroundWindow
ClipCursor
ToAscii
SetCapture
ReleaseCapture
GetWindowRect
ClientToScreen
GetAsyncKeyState
GetWindowInfo
GetCursorPos
HideCaret
UnionRect
PaintDesktop
DlgDirSelectComboBoxExA
ToUnicode
IsCharAlphaNumericW
GetTabbedTextExtentW
CreateDialogIndirectParamA
wsprintfA
CallWindowProcA
GetListBoxInfo
LoadBitmapA
InflateRect
KillTimer
BringWindowToTop
CallMsgFilterW
DdeFreeStringHandle
GetAltTabInfoW
EqualRect
IsIconic
RealGetWindowClassA
EnumPropsExA
DdeAccessData
DdeCreateStringHandleW
HiliteMenuItem
InsertMenuItemW
TranslateMDISysAccel
SetMenu
CreateDesktopW
UpdateLayeredWindow
GetCursor
MonitorFromPoint
EnumDisplayDevicesW
PackDDElParam
OpenIcon
GetNextDlgGroupItem
LoadStringW
LoadCursorW
GetSysColorBrush
RegisterClassW
InvalidateRgn
DefWindowProcW
BeginPaint
EndPaint
UnregisterClassW
GetDesktopWindow
GetWindowLongW
EnableWindow
DialogBoxParamW
GetParent
GetDlgItem
EndDialog
LoadIconW
SendDlgItemMessageW
PostMessageW
SetWindowLongW
SystemParametersInfoW
ReleaseDC
SendMessageW
EnumWindows
GetSystemMetrics
SetForegroundWindow
GetWindowThreadProcessId
GetClassNameW

gdi32

DeleteDC
CloseEnhMetaFile
GetPixelFormat
CreateMetaFileW
StrokePath
GetEnhMetaFileW
CreateMetaFileA
CreateSolidBrush
EndPath
GetStockObject
RealizePalette
CreateCompatibleDC
CreateFontW
FontIsLinked
GetFontAssocStatus
EngTextOut
CreateColorSpaceW
EngAlphaBlend
ExcludeClipRect
RectVisible
CreateRoundRectRgn
SelectPalette
SetICMProfileW
GdiSwapBuffers
GdiConvertBitmapV5
CreateDCA
GetCharABCWidthsI
CLIPOBJ_bEnum
GdiPlayDCScript
GdiResetDCEMF
GdiSetAttrs
EngFillPath
GdiDeleteSpoolFileHandle
GdiIsMetaPrintDC
BitBlt
TextOutW
GdiConvertToDevmodeW
GetTransform
GdiEntry8
EngGetDriverName
FixBrushOrgEx
EngBitBlt
GetTextCharacterExtra
GetAspectRatioFilterEx
EngMarkBandingSurface
GetViewportExtEx
SetFontEnumeration
TextOutA
AnyLinkedFonts
CreateDiscardableBitmap
MoveToEx
LineTo
Rectangle
CreatePen
GetDeviceCaps
CreateFontIndirectW
DeleteObject
SelectObject

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyA
RegQueryValueExA
GetUserNameW
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegSetValueExW
RegFlushKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteA
SHGetFolderPathW
ExtractAssociatedIconExW
SHPathPrepareForWriteW
ExtractAssociatedIconA
SHIsFileAvailableOffline
ShellExecuteExW
SHQueryRecycleBinW
SHFileOperationA
SHGetSpecialFolderLocation
SHGetSettings
ShellAboutA
SHFileOperation

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
StringFromGUID2

shlwapi

StrRChrIA
StrRStrIW
StrChrIW
StrStrIW
StrRChrA

comctl32

CreatePropertySheetPageW
PropertySheetW

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdat2br
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdat2bz
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdat2b
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdat2a
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdat2a1
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 691KB - Virtual size: 690KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba30714f4671fdae7d69e4a4263d3161

Code Sign

66:ca:24:cc:0c:6d:ea:51:b5:8b:72:ff:4c:f9:51:aaCertificate

Extended Key Usages

59:fc:8e:5c:53:f2:19:f2:85:b0:51:fb:e5:98:39:08:99:5e:4b:d8Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 47KB - Virtual size: 46KB

.tdata Size: 76KB - Virtual size: 76KB

.tdat2br Size: 1024B - Virtual size: 700B

.tdat2bz Size: 1024B - Virtual size: 700B

.tdat2b Size: 1024B - Virtual size: 700B

.tdat2a Size: 1024B - Virtual size: 700B

.tdat2a1 Size: 1024B - Virtual size: 700B

.data Size: 11KB - Virtual size: 10KB

2 Size: 691KB - Virtual size: 690KB

.rsrc Size: 164KB - Virtual size: 164KB

66:ca:24:cc:0c:6d:ea:51:b5:8b:72:ff:4c:f9:51:aa
Certificate

59:fc:8e:5c:53:f2:19:f2:85:b0:51:fb:e5:98:39:08:99:5e:4b:d8
Signer

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 47KB - Virtual size: 46KB

.tdata
Size: 76KB - Virtual size: 76KB

.tdat2br
Size: 1024B - Virtual size: 700B

.tdat2bz
Size: 1024B - Virtual size: 700B

.tdat2b
Size: 1024B - Virtual size: 700B

.tdat2a
Size: 1024B - Virtual size: 700B

.tdat2a1
Size: 1024B - Virtual size: 700B

.data
Size: 11KB - Virtual size: 10KB

2
Size: 691KB - Virtual size: 690KB

.rsrc
Size: 164KB - Virtual size: 164KB