20ebc8c8a59c8c0555473ea7dceb3917_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

20ebc8c8a59c8c0555473ea7dceb3917_JaffaCakes118
Size

108KB
MD5

20ebc8c8a59c8c0555473ea7dceb3917
SHA1

2ab4d6ea573388e7f5ecb040c01833309a9cb75d
SHA256

e46e31f18fff347507b937316f34f214b5a7701917edfe26c0aa0cfea4f299f5
SHA512

9128f6d50a687b365f2e9d6d982db55980520677794f407ffbaffc76909004fc2e17338c0a9a3bc62e2902a27afe068c6f39a3569f8695a8ef14a0c3747eb47e
SSDEEP

3072:mCrRG9LEWHyMp6awrpEoNLna7EP7N5Ltgxx:mCrs0JaYvnDPdgf

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

20ebc8c8a59c8c0555473ea7dceb3917_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9275efde03c2c0e26841ab9eeca178fa

Code Sign

6d:41:ef:f2:9f:38:ad:46:b3:1e:18:49:99:7e:6e:8d
Certificate

Issuer

CN=TXEEIIHYPDLIUTTDUL

Not Before

16-04-2019 17:38

Not After

31-12-2039 23:59

Subject

CN=TXEEIIHYPDLIUTTDUL

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6c:ce:4c:39:68:84:dc:b2:df:fb:4f:24:7e:eb:5d:32:83:10:57:13:08:83:ab:75:3d:20:3a:b5:64:40:40:9d
Signer

Actual PE Digest

6c:ce:4c:39:68:84:dc:b2:df:fb:4f:24:7e:eb:5d:32:83:10:57:13:08:83:ab:75:3d:20:3a:b5:64:40:40:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
FindFirstFileExA
FindNextFileA
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetComputerNameExW
GetComputerNameW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExW
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedDecrement
EnumSystemLocalesA
IsBadStringPtrW
FindClose
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenEventA
OpenEventW
OpenProcess
OutputDebugStringW
PostQueuedCompletionStatus
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseMutex
ResetEvent
RtlUnwind
SetConsoleActiveScreenBuffer
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleScreenBufferSize
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFilePointer
SetFilePointerEx
SetHandleCount
SetHandleInformation
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcatA
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyA
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
FileTimeToSystemTime
ExpandEnvironmentStringsW
IsDebuggerPresent
ExitProcess
DecodePointer
CreateThread
CreateProcessA
CreatePipe
CreateNamedPipeA
CreateMutexA
CreateIoCompletionPort
CreateFileW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryA
CreateConsoleScreenBuffer
ConnectNamedPipe
CompareStringW
CompareStringA
CloseHandle
InterlockedIncrement
AddAtomA

user32

LoadIconW
GetDesktopWindow

gdi32

GetStockObject
GetObjectA
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A

advapi32

RegQueryValueExA
CopySid
EqualSid
GetLengthSid
SystemFunction036
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegSetValueExA
AllocateAndInitializeSid
RegOpenKeyA
RegCreateKeyA
RegCloseKey
InitializeSecurityDescriptor
GetUserNameA

shell32

SHQueryRecycleBinA
SHIsFileAvailableOffline
SHInvokePrinterCommandA
SHGetSpecialFolderPathA
SHGetMalloc
SHGetIconOverlayIndexW
SHGetFileInfoA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHFileOperationW
SHCreateDirectoryExW
SHCreateDirectoryExA
SHChangeNotify
SHBrowseForFolderA
FindExecutableW
ExtractIconW
ExtractIconExW
ExtractIconExA
ExtractIconEx
DragQueryPoint
DragQueryFileA
DragAcceptFiles
CommandLineToArgvW
Shell_NotifyIconA
Shell_NotifyIcon
ShellExecuteExA
ShellAboutA
SHQueryRecycleBinW

ole32

CoTaskMemAlloc

shlwapi

StrRChrIW
StrRStrIA
StrStrA
StrStrIA
StrStrW
StrCmpNIW
StrChrA
StrRChrIA

comctl32

ImageList_Destroy
ImageList_Create
ImageList_DrawIndirect
ImageList_GetImageCount
ImageList_LoadImageW
InitCommonControlsEx
ImageList_AddMasked

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9275efde03c2c0e26841ab9eeca178fa

Code Sign

6d:41:ef:f2:9f:38:ad:46:b3:1e:18:49:99:7e:6e:8dCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

6c:ce:4c:39:68:84:dc:b2:df:fb:4f:24:7e:eb:5d:32:83:10:57:13:08:83:ab:75:3d:20:3a:b5:64:40:40:9dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 572B

.rsrc Size: 2KB - Virtual size: 1KB

6d:41:ef:f2:9f:38:ad:46:b3:1e:18:49:99:7e:6e:8d
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

6c:ce:4c:39:68:84:dc:b2:df:fb:4f:24:7e:eb:5d:32:83:10:57:13:08:83:ab:75:3d:20:3a:b5:64:40:40:9d
Signer

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 572B

.rsrc
Size: 2KB - Virtual size: 1KB