41579cba3354c9f5158564ef1afc7d30_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

41579cba3354c9f5158564ef1afc7d30_JaffaCakes118
Size

3.2MB
MD5

41579cba3354c9f5158564ef1afc7d30
SHA1

6635463968388815740fcbd3c853f03bc317ac96
SHA256

4715b76e69a2819b166f6b6a6209af65adf21e4a4960d969363a3e48ceb0270c
SHA512

79139df0b228d9fe75e52fc5bca648498fd84304a260f86e177f3424a958cf11335fdef937f467194e396f8e9e5f04f11892b58ded157ddd8b3f9108551c7be4
SSDEEP

49152:CpSGJ2TkEWEY4bl0LfzayTb+zLsp95OSW4YDZ+PS11G1YUkHfCH2O9z9A:CwGIR8CEzagkgp95O/46+PSXm9kaHi

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41579cba3354c9f5158564ef1afc7d30_JaffaCakes118

Files

41579cba3354c9f5158564ef1afc7d30_JaffaCakes118
.exe windows:4 windows x86 arch:x86

86b5990c727bf3b8d4a000376b041c15

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

SetEndOfFile
GetCPInfo
GetOEMCP
ExitThread
CreateThread
HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteConsoleA
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
OutputDebugStringA
TerminateProcess
CloseHandle
SetErrorMode
WaitForSingleObject
lstrcpyA
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
GetVersion
GetLastError
CompareStringA
InterlockedExchange
Sleep
GetTickCount
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
SetFilePointer
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalFlags
FormatMessageA
MulDiv
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
SetLastError
GlobalAddAtomA
GlobalUnlock
GlobalFree
WritePrivateProfileStringA
FindResourceA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalLock
GlobalAlloc
FreeLibrary
BeginUpdateResourceA
LoadLibraryA
MapViewOfFile
CreateFileMappingA
LoadResource
FlushFileBuffers
ConnectNamedPipe
GetCurrentProcess
GetVersionExA
GetLocalTime
lstrcpyW
LocalFree
lstrcmpA
LocalAlloc
ReadFile
GetFileSize
MoveFileExA
DeleteFileA
VirtualQueryEx
ReadProcessMemory
GetThreadContext
CreateProcessA
ResumeThread
SetThreadContext
VirtualProtectEx
VirtualAlloc
FreeResource
WriteFile
CreateFileA
LockResource
SizeofResource
GetConsoleOutputCP

user32

DestroyMenu
UnregisterClassA
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassNameA
SetPropA
GetPropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetClassLongA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
PostMessageA
GetClientRect
GetSystemMetrics
SendMessageA
IsIconic
LoadIconA
EnableWindow
DrawIcon
MessageBoxA
RemovePropA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueExA
CryptDestroyKey
CryptImportKey
CryptDestroyHash
CryptCreateHash
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptAcquireContextA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
CryptGetHashParam
CryptReleaseContext
RegCloseKey
CryptVerifySignatureA
CryptHashData

shell32

Shell_NotifyIconA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

wintrust

WinVerifyTrust

crypt32

CryptDecodeObject
CertGetNameStringA
CertFindCertificateInStore
CryptQueryObject
CryptMsgGetParam

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86b5990c727bf3b8d4a000376b041c15

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

wintrust

crypt32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 20KB - Virtual size: 37KB

.rsrc Size: 128KB - Virtual size: 126KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 20KB - Virtual size: 37KB

.rsrc
Size: 128KB - Virtual size: 126KB