1049496ee9b11af0314d9d3d66a3e923_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1049496ee9b11af0314d9d3d66a3e923_JaffaCakes118
Size

104KB
MD5

1049496ee9b11af0314d9d3d66a3e923
SHA1

523e9665a9416852c4a5471c9e0673acce0c8c94
SHA256

158c8771c1d3130d43498978e80dacbd47c9337fc98b9f5a408439314f4cee6d
SHA512

32d41608e13a7e7fb701a834f1e1a7220bfa3fa3827cb6a0e9bdbaf00a0ffd83e94a5d9615b407fea8096f1d310e986bac0514ea5e2712c395673ec68c9dc7d7
SSDEEP

1536:39XM2K4Y3kK5MNq5cktsVPkRcT5nEYJyuXtg/I/rSLfrsSKPHRPmKJjrz3nYxh:398xkK5h5xwPDTZrJ/rqzsFjrz3nYxh

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

1049496ee9b11af0314d9d3d66a3e923_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1f73ccef65ac87a71891a2242abcd4e9

Code Sign

66:3f:85:0a:53:d2:a9:bb:47:39:c6:d0:31:89:30:72
Certificate

Issuer

CN=OHPHNFHI

Not Before

10-04-2019 11:35

Not After

31-12-2039 23:59

Subject

CN=OHPHNFHI

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

13:a0:75:2d:47:d0:a3:df:f0:0f:86:e0:c0:cd:74:09:97:68:ed:6a:ec:40:10:e5:a6:92:d7:13:ad:74:87:cd
Signer

Actual PE Digest

13:a0:75:2d:47:d0:a3:df:f0:0f:86:e0:c0:cd:74:09:97:68:ed:6a:ec:40:10:e5:a6:92:d7:13:ad:74:87:cd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalGetAtomNameW
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByte
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
LocalLock
LocalUnlock
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OpenProcess
OutputDebugStringW
QueryDosDeviceW
RaiseException
ReleaseMutex
ResetEvent
GlobalDeleteAtom
RtlUnwind
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetLastError
SetThreadExecutionState
SetThreadLocale
SignalObjectAndWait
Sleep
SystemTimeToFileTime
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcmpW
lstrcpyA
lstrcpyW
lstrcpynW
lstrlenA
lstrlenW
VirtualAllocEx
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetWindowsDirectoryA
GetVersionExW
GetVersionExA
GetVersion
GetThreadLocale
GetTempPathW
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetStartupInfoW
GetStartupInfoA
GetProcessTimes
GetProcessHeap
GetProcAddress
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPriorityClass
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLongPathNameW
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCommandLineW
GetCPInfo
GetACP
FreeLibrary
FormatMessageW
FormatMessageA
FindFirstFileW
FindClose
FileTimeToSystemTime
ExitThread
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteFileW
DeleteFileA
DeleteCriticalSection
DefineDosDeviceW
CreateThread
CreateProcessW
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingW
CreateFileA
CreateEventW
CreateEventA
CompareStringW
ResumeThread
CloseHandle

user32

UnregisterClassW
UpdateWindow
ValidateRect
ValidateRgn
GetCaretBlinkTime
IsWindowUnicode
IsWindowVisible
GetQueueStatus
DestroyMenu
VkKeyScanW
CopyIcon
CreatePopupMenu
IsCharAlphaW
CountClipboardFormats
IsWindowEnabled
GetMenuCheckMarkDimensions
GetOpenClipboardWindow
GetParent
GetFocus
TranslateMessage
TranslateAcceleratorA
TileChildWindows
TabbedTextOutA
ShowWindow
SetSystemCursor
SetMenuItemInfoW
SetDlgItemTextA
SetClassWord
SetClassLongW
SendMessageTimeoutW
RemovePropW
RegisterClassW
PtInRect
PostThreadMessageW
PostMessageW
PeekMessageW
OemToCharA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBoxA
LockWorkStation
LoadStringW
LoadMenuW
LoadIconW
LoadCursorW
IsWindow
IsCharUpperW
InternalGetWindowText
GetSystemMetrics
GetSystemMenu
GetNextDlgTabItem
GetMessageW
GetKeyboardType
GetKeyboardLayoutNameW
GetCursorPos
GetClassLongA
ExitWindowsEx
EnumPropsW
EnumPropsExA
EnumDesktopsW
EnumDesktopsA
EndMenu
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawStateW
DrawIconEx
DispatchMessageW
DestroyWindow
DeleteMenu
DefWindowProcW
DefFrameProcA
DefDlgProcA
DdeFreeStringHandle
DdeCmpStringHandles
CreateWindowStationA
CreateWindowExW
CreateDialogIndirectParamA
CharUpperBuffW
CharToOemW
CharToOemBuffA
CharToOemA
CharNextW
CharLowerBuffA
CharLowerA
ChangeMenuW
DdeQueryStringA

gdi32

AddFontResourceA
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateEllipticRgn
CreateEnhMetaFileA
CreateFontIndirectA
CreateFontIndirectExW
CreateFontW
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EndPath
EngBitBlt
EngFindResource
EngMultiByteToWideChar
EngQueryLocalTime
ExtCreatePen
FillRgn
GdiAlphaBlend
GdiEntry8
GdiGetPageCount
GetDIBits
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetPixel
GetStockObject
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
GetWinMetaFileBits
LineTo
MoveToEx
PolyDraw
PolylineTo
Rectangle
RoundRect
STROBJ_bEnumPositionsOnly
SelectObject
SetBkColor
SetBkMode
SetBoundsRect
SetPixel
SetTextColor
SetViewportOrgEx
StartDocW
StartFormPage
StretchBlt
StrokeAndFillPath
BeginPath
StrokePath
PathToRegion
GetTextCharacterExtra
GetPolyFillMode
GetDCBrushColor
CreateHalftonePalette
DeleteMetaFile
GetLayout
EndPage
FillPath
CreateMetaFileW
AngleArc
CloseFigure

shell32

DragFinish

ole32

CoTaskMemFree

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f73ccef65ac87a71891a2242abcd4e9

Code Sign

66:3f:85:0a:53:d2:a9:bb:47:39:c6:d0:31:89:30:72Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

13:a0:75:2d:47:d0:a3:df:f0:0f:86:e0:c0:cd:74:09:97:68:ed:6a:ec:40:10:e5:a6:92:d7:13:ad:74:87:cdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 600B

.rsrc Size: 20KB - Virtual size: 20KB

66:3f:85:0a:53:d2:a9:bb:47:39:c6:d0:31:89:30:72
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

13:a0:75:2d:47:d0:a3:df:f0:0f:86:e0:c0:cd:74:09:97:68:ed:6a:ec:40:10:e5:a6:92:d7:13:ad:74:87:cd
Signer

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 600B

.rsrc
Size: 20KB - Virtual size: 20KB