3066d1b2e84e8444082d70a1ad90c017_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3066d1b2e84e8444082d70a1ad90c017_JaffaCakes118
Size

109KB
MD5

3066d1b2e84e8444082d70a1ad90c017
SHA1

3bd522bd7256095774f78ba98ea0f4085651b88a
SHA256

61ffe36301e722b85088cfceb5d5a703e57eff907119ef305dc92da45c254aaf
SHA512

84c61d702d184538cbdac5d99ae18cc9abd6aef456db3133fb1a694aca2947683f098d6601964c633c274358b9b510761e6afee8adfaea03e23609cd654a8fc9
SSDEEP

3072:OCrRG9LEWHyMp6awrpEoNLna7EP7S5p1gRk:OCrs0JaYvnDPgg2

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

3066d1b2e84e8444082d70a1ad90c017_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1c547b1fc79fa916ac946df147ff61a0

Code Sign

6d:41:ef:f2:9f:38:ad:46:b3:1e:18:49:99:7e:6e:8d
Certificate

Issuer

CN=TXEEIIHYPDLIUTTDUL

Not Before

16-04-2019 17:38

Not After

31-12-2039 23:59

Subject

CN=TXEEIIHYPDLIUTTDUL

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9c:21:88:d8:2a:c6:c8:bd:96:d4:53:28:99:fa:5c:77:49:e3:35:b8:09:59:83:97:8d:4a:c9:f9:3a:cf:b4:69
Signer

Actual PE Digest

9c:21:88:d8:2a:c6:c8:bd:96:d4:53:28:99:fa:5c:77:49:e3:35:b8:09:59:83:97:8d:4a:c9:f9:3a:cf:b4:69

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
FindFirstFileExA
FindNextFileA
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetComputerNameExW
GetComputerNameW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExW
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
GetVersionExW
GetWindowsDirectoryA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedDecrement
InterlockedIncrement
FindClose
IsBadStringPtrW
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenEventA
OpenEventW
OpenProcess
OutputDebugStringW
PostQueuedCompletionStatus
QueryPerformanceCounter
RaiseException
ReadConsoleOutputW
ReadConsoleW
ReadFile
ReleaseMutex
ResetEvent
RtlUnwind
SetConsoleActiveScreenBuffer
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleScreenBufferSize
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFilePointer
SetFilePointerEx
SetHandleCount
SetHandleInformation
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
UpdateResourceA
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcatA
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyA
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
FileTimeToSystemTime
ExpandEnvironmentStringsW
ExitProcess
EnumSystemLocalesA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
DecodePointer
CreateThread
CreateProcessA
CreatePipe
CreateNamedPipeA
CreateMutexA
CreateIoCompletionPort
CreateFileW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryA
CreateConsoleScreenBuffer
ConnectNamedPipe
CompareStringW
CompareStringA
CloseHandle
IsBadHugeWritePtr
AddAtomA

user32

IsCharAlphaW
LoadIconW
LoadMenuIndirectW
MessageBoxIndirectA
OemToCharW
OpenDesktopA
PeekMessageW
RegisterClassA
SendIMEMessageExW
SetClassLongA
GetWindowRgn
SetFocus
VkKeyScanExW
SwitchDesktop
SetWindowsHookExA
SetWindowPlacement
SetRect
SetMenuItemBitmaps
CharLowerBuffW
CharLowerW
GetWindowModuleFileName
GetUserObjectSecurity
GetSysColorBrush
GetPropW
GetMessagePos
GetClipCursor
GetClassLongA
SetCursor
EnumThreadWindows
EnumDisplayDevicesA
DrawCaption
DdeQueryStringW
CreatePopupMenu
CreateDialogParamW
SetMenuInfo

gdi32

GetStockObject
GetObjectA
CreateSolidBrush
GetTextExtentPoint32A
CreateFontIndirectA

advapi32

RegOpenKeyA
SystemFunction036
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegSetValueExA
RegQueryValueExA
AllocateAndInitializeSid
CopySid
EqualSid
GetLengthSid
GetUserNameA
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyA

shell32

CommandLineToArgvW
DragAcceptFiles
DragQueryFileA
DragQueryPoint
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableW
SHBrowseForFolderA
SHChangeNotify
SHCreateDirectoryExA
SHCreateDirectoryExW
SHFileOperationW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetFileInfoA
SHGetIconOverlayIndexW
SHGetMalloc
SHGetSpecialFolderPathA
SHInvokePrinterCommandA
SHIsFileAvailableOffline
SHQueryRecycleBinA
SHQueryRecycleBinW
ShellAboutA
ShellExecuteExA
Shell_NotifyIconA
Shell_NotifyIcon

ole32

CoTaskMemAlloc

shlwapi

StrStrIA
StrStrA
StrRStrIA
StrRChrIW
StrRChrIA
StrCmpNIW
StrChrA
StrStrW

comctl32

ImageList_Destroy
ImageList_DrawIndirect
ImageList_GetImageCount
ImageList_LoadImageW
ImageList_Create
ImageList_AddMasked
InitCommonControlsEx

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c547b1fc79fa916ac946df147ff61a0

Code Sign

6d:41:ef:f2:9f:38:ad:46:b3:1e:18:49:99:7e:6e:8dCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

9c:21:88:d8:2a:c6:c8:bd:96:d4:53:28:99:fa:5c:77:49:e3:35:b8:09:59:83:97:8d:4a:c9:f9:3a:cf:b4:69Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 572B

.rsrc Size: 2KB - Virtual size: 1KB

6d:41:ef:f2:9f:38:ad:46:b3:1e:18:49:99:7e:6e:8d
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

9c:21:88:d8:2a:c6:c8:bd:96:d4:53:28:99:fa:5c:77:49:e3:35:b8:09:59:83:97:8d:4a:c9:f9:3a:cf:b4:69
Signer

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 572B

.rsrc
Size: 2KB - Virtual size: 1KB