3d67dc68ce9f346d87acc993ecbb92ac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d67dc68ce9f346d87acc993ecbb92ac_JaffaCakes118
Size

4.0MB
MD5

3d67dc68ce9f346d87acc993ecbb92ac
SHA1

03275fba8058efd1836d8ac872dca1a9a48c232c
SHA256

faa3bd3afe13ff3d92c40c7ab57fc5452d8be6b93ab2123b1b8dc0b01268a59e
SHA512

44dea87da0df6b607646c48ccc2710a3c8455abe0a99d2c7ba0721be9b5ef0d302fa6cf1ee624abbaed42f11359fc50a19d34430490af737594025cd1db27fd7
SSDEEP

49152:euDEfnwnShywexlDZh3mit6OXBK8afR9ZUIIXGm3bQAv25U7Djot/lXiRTv:dDEfnwnSAldh8Oe9OII33bNet/hi

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d67dc68ce9f346d87acc993ecbb92ac_JaffaCakes118

Files

3d67dc68ce9f346d87acc993ecbb92ac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2bbec199abecebb75aa3a3f6788fd089

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

SymSetOptions
SymGetOptions
SymInitialize
MiniDumpWriteDump
SymGetModuleBase
SymFunctionTableAccess
StackWalk
SymFromAddr
UnDecorateSymbolName
SymGetLineFromAddr64
SymCleanup

ws2_32

inet_addr
gethostbyname
htons
gethostname
WSAAsyncSelect
inet_ntoa
WSACleanup
WSAStartup
socket
send
recv
WSAConnect
WSASocketA
closesocket

imm32

ImmGetContext
ImmSetCompositionWindow
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetCompositionStringA
ImmSetCandidateWindow
ImmAssociateContext
ImmGetProperty
ImmNotifyIME
ImmReleaseContext

msimg32

TransparentBlt

dsound

ord11

d3d9

Direct3DCreate9

winmm

mmioOpenA
timeGetTime
mmioAscend
mmioRead
mmioDescend
mmioGetInfo
mmioClose
mmioAdvance
mmioSeek

kernel32

CreateThread
ExitThread
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
RtlUnwind
VirtualProtect
HeapReAlloc
GetTimeZoneInformation
InterlockedDecrement
InterlockedIncrement
GetTickCount
LeaveCriticalSection
EnterCriticalSection
lstrlenA
lstrcatA
lstrcpyA
Sleep
lstrcpynA
MulDiv
CloseHandle
CreateFileA
GetFullPathNameA
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetFileAttributesA
ReadFile
GetFileSize
GetACP
GetPrivateProfileIntA
GetPrivateProfileStringA
IsDBCSLeadByteEx
InterlockedExchange
GetVersionExA
GetLocaleInfoA
OpenEventA
WaitForMultipleObjects
CompareStringW
CompareStringA
RaiseException
lstrcmpiA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryA
GetThreadContext
GetCurrentThread
SetUnhandledExceptionFilter
ExitProcess
GetCurrentProcess
VirtualQuery
GetCurrentThreadId
GetLocalTime
SetFilePointer
OutputDebugStringA
WriteFile
GetCurrentProcessId
SetThreadPriority
GetModuleHandleA
GlobalMemoryStatus
GetSystemInfo
GetSystemTimeAsFileTime
IsBadWritePtr
GetSystemTime
WritePrivateProfileStringA
MoveFileA
DeleteFileA
CreateMutexA
GetCurrentDirectoryA
CreateDirectoryA
SetPriorityClass
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
CreateEventA
SetEvent
WaitForSingleObject
ResetEvent
IsProcessorFeaturePresent
CreateFileW
InterlockedCompareExchange
VirtualFree
VirtualAlloc
HeapAlloc
GetProcessHeap
HeapFree
FindCloseChangeNotification
FindFirstChangeNotificationA
GetVolumeInformationA
LocalAlloc
GetStartupInfoA
GetCommandLineA
TerminateProcess
LCMapStringA
LCMapStringW
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetStdHandle
HeapDestroy
HeapCreate
HeapSize
SetHandleCount
GetFileType
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
SetEndOfFile
GetLocaleInfoW
SetEnvironmentVariableA
FindNextChangeNotification

user32

UnregisterClassA
DrawEdge
wvsprintfA
SetCursor
SetDlgItemTextA
DialogBoxParamA
GetKeyState
PostThreadMessageA
LoadIconA
IntersectRect
IsRectEmpty
OffsetRect
CopyRect
InflateRect
GetIconInfo
GetDC
ReleaseDC
EnableWindow
EndDialog
PostMessageA
MessageBeep
LoadAcceleratorsA
SetFocus
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
SendMessageA
DestroyAcceleratorTable
SetWindowLongA
SetMenu
SetWindowPos
GetClassLongA
ClipCursor
GetCursorPos
ScreenToClient
GetMenu
DestroyMenu
IsIconic
DestroyWindow
PostQuitMessage
LoadCursorA
RegisterClassA
SetRect
AdjustWindowRect
GetSystemMetrics
LoadMenuA
CreateWindowExA
GetWindowLongA
GetWindowRect
GetDlgItem
SetRectEmpty
GetClientRect
DefWindowProcA
MessageBoxA
wsprintfA
GetKeyboardLayout
PtInRect
DrawTextA
GetAsyncKeyState
FillRect
PeekMessageA
LoadImageA

gdi32

CreateCompatibleDC
GetDIBits
GetObjectA
CreatePen
LineTo
MoveToEx
BitBlt
SetBkMode
GetFontLanguageInfo
SetMapMode
GetCharacterPlacementA
CreateCompatibleBitmap
CreateBitmap
TextOutA
SetWindowOrgEx
GetTextMetricsA
GetTextColor
SelectObject
DeleteObject
CreateDIBSection
SetTextColor
SetBkColor
SetTextAlign
DeleteDC
GetTextExtentPoint32A
ExtTextOutA
GetDeviceCaps
CreateFontA
CreateSolidBrush
GetStockObject

comctl32

ord17

protectc

RegOpenKeyA
GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantInit

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nPack
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2bbec199abecebb75aa3a3f6788fd089

Headers

File Characteristics

Imports

dbghelp

ws2_32

imm32

msimg32

dsound

d3d9

winmm

kernel32

user32

gdi32

comctl32

protectc

shell32

ole32

oleaut32

version

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rsrc Size: 8KB - Virtual size: 8KB

.nPack Size: 4KB - Virtual size: 4KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rsrc
Size: 8KB - Virtual size: 8KB

.nPack
Size: 4KB - Virtual size: 4KB