1a8cffc3f13bbe61499b4f06fe8cfec2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1a8cffc3f13bbe61499b4f06fe8cfec2_JaffaCakes118
Size

4.0MB
MD5

1a8cffc3f13bbe61499b4f06fe8cfec2
SHA1

e0fd87b1138cfb49f023c3bf2b12690e5622a264
SHA256

fb6c12679d169fdc2dc8ada6bec670671c63619d55ee580f73f9feb1d67baa5d
SHA512

2cc5fd04cc843a521399d419800733a59aa0c4d482cd6a76f805650c8537f3ccdbc5854141a1109b0d0588f4312b42f34766f0dd0fe37271b339879c01646145
SSDEEP

49152:euDEfnwnShywexlDZh3mit6OXBK8afR9ZUIIXGm3bQAv25U7Djot/lXdRTv:dDEfnwnSAldh8Oe9OII33bNet/hd

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a8cffc3f13bbe61499b4f06fe8cfec2_JaffaCakes118

Files

1a8cffc3f13bbe61499b4f06fe8cfec2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

403625a0470e73fdfd1de37432db537a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

SymSetOptions
SymGetOptions
SymInitialize
MiniDumpWriteDump
SymGetModuleBase
SymFunctionTableAccess
StackWalk
SymFromAddr
UnDecorateSymbolName
SymGetLineFromAddr64
SymCleanup

ws2_32

inet_addr
gethostbyname
htons
gethostname
WSAAsyncSelect
inet_ntoa
WSACleanup
WSAStartup
socket
send
recv
WSAConnect
WSASocketA
closesocket

imm32

ImmGetContext
ImmSetCompositionWindow
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetCompositionStringA
ImmSetCandidateWindow
ImmAssociateContext
ImmGetProperty
ImmNotifyIME
ImmReleaseContext

msimg32

TransparentBlt

dsound

ord11

d3d9

Direct3DCreate9

winmm

mmioOpenA
timeGetTime
mmioAscend
mmioRead
mmioDescend
mmioGetInfo
mmioClose
mmioAdvance
mmioSeek

kernel32

CreateThread
ExitThread
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
RtlUnwind
VirtualProtect
HeapReAlloc
GetTimeZoneInformation
InterlockedDecrement
InterlockedIncrement
GetTickCount
LeaveCriticalSection
EnterCriticalSection
lstrlenA
lstrcatA
lstrcpyA
Sleep
lstrcpynA
MulDiv
CloseHandle
CreateFileA
GetFullPathNameA
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetFileAttributesA
ReadFile
GetFileSize
GetACP
GetPrivateProfileIntA
GetPrivateProfileStringA
IsDBCSLeadByteEx
InterlockedExchange
GetVersionExA
GetLocaleInfoA
OpenEventA
WaitForMultipleObjects
CompareStringW
CompareStringA
RaiseException
lstrcmpiA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryA
GetThreadContext
GetCurrentThread
SetUnhandledExceptionFilter
ExitProcess
GetCurrentProcess
VirtualQuery
GetCurrentThreadId
GetLocalTime
SetFilePointer
OutputDebugStringA
WriteFile
GetCurrentProcessId
SetThreadPriority
GetModuleHandleA
GlobalMemoryStatus
GetSystemInfo
GetSystemTimeAsFileTime
IsBadWritePtr
GetSystemTime
WritePrivateProfileStringA
MoveFileA
DeleteFileA
CreateMutexA
GetCurrentDirectoryA
CreateDirectoryA
SetPriorityClass
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
CreateEventA
SetEvent
WaitForSingleObject
ResetEvent
IsProcessorFeaturePresent
CreateFileW
InterlockedCompareExchange
VirtualFree
VirtualAlloc
HeapAlloc
GetProcessHeap
HeapFree
FindCloseChangeNotification
FindFirstChangeNotificationA
GetVolumeInformationA
LocalAlloc
GetStartupInfoA
GetCommandLineA
TerminateProcess
LCMapStringA
LCMapStringW
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetStdHandle
HeapDestroy
HeapCreate
HeapSize
SetHandleCount
GetFileType
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
SetEndOfFile
GetLocaleInfoW
SetEnvironmentVariableA
FindNextChangeNotification

user32

UnregisterClassA
DrawEdge
wvsprintfA
SetCursor
SetDlgItemTextA
DialogBoxParamA
GetKeyState
PostThreadMessageA
LoadIconA
IntersectRect
IsRectEmpty
OffsetRect
CopyRect
InflateRect
GetIconInfo
GetDC
ReleaseDC
EnableWindow
EndDialog
PostMessageA
MessageBeep
LoadAcceleratorsA
SetFocus
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
SendMessageA
DestroyAcceleratorTable
SetWindowLongA
SetMenu
SetWindowPos
GetClassLongA
ClipCursor
GetCursorPos
ScreenToClient
GetMenu
DestroyMenu
IsIconic
DestroyWindow
PostQuitMessage
LoadCursorA
RegisterClassA
SetRect
AdjustWindowRect
GetSystemMetrics
LoadMenuA
CreateWindowExA
GetWindowLongA
GetWindowRect
GetDlgItem
SetRectEmpty
GetClientRect
DefWindowProcA
MessageBoxA
wsprintfA
GetKeyboardLayout
PtInRect
DrawTextA
GetAsyncKeyState
FillRect
PeekMessageA
LoadImageA

gdi32

CreateCompatibleDC
GetDIBits
GetObjectA
CreatePen
LineTo
MoveToEx
BitBlt
SetBkMode
GetFontLanguageInfo
SetMapMode
GetCharacterPlacementA
CreateCompatibleBitmap
CreateBitmap
TextOutA
SetWindowOrgEx
GetTextMetricsA
GetTextColor
SelectObject
DeleteObject
CreateDIBSection
SetTextColor
SetBkColor
SetTextAlign
DeleteDC
GetTextExtentPoint32A
ExtTextOutA
GetDeviceCaps
CreateFontA
CreateSolidBrush
GetStockObject

comctl32

ord17

advapi32

RegOpenKeyA
GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantInit

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

403625a0470e73fdfd1de37432db537a

Headers

File Characteristics

Imports

dbghelp

ws2_32

imm32

msimg32

dsound

d3d9

winmm

kernel32

user32

gdi32

comctl32

advapi32

shell32

ole32

oleaut32

version

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rsrc
Size: 8KB - Virtual size: 8KB