6f0c54d1c99adcc5dadc2b1272530c02_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6f0c54d1c99adcc5dadc2b1272530c02_JaffaCakes118
Size

4.1MB
MD5

6f0c54d1c99adcc5dadc2b1272530c02
SHA1

1804408508f6db2e9d6e5eb2b58812821f8ffcdf
SHA256

db212959206c3d0ebada951744b815e239409af35da4838ecb975bac3db96ad7
SHA512

3e052f93ed5c80aa723858877f0287e2170a40bfd1fc5f2f350cb5e19b373d132dc25d1d9d2467bac9fefa3fa2c7c86def685b4e412032e9440c7ae58a41d366
SSDEEP

49152:guDEfnwnShywexlDZh3mit6OXBK8afR9ZUIIXGm3bQAv25U7Djot/lBfRTv0e:jDEfnwnSAldh8Oe9OII33bNet/3fae

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f0c54d1c99adcc5dadc2b1272530c02_JaffaCakes118

Files

6f0c54d1c99adcc5dadc2b1272530c02_JaffaCakes118
.exe windows:4 windows x86 arch:x86

21a62171db5f5e9ea8116d447f49953c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

dbghelp

SymSetOptions
SymGetOptions
SymInitialize
MiniDumpWriteDump
SymGetModuleBase
SymFunctionTableAccess
StackWalk
SymFromAddr
UnDecorateSymbolName
SymGetLineFromAddr64
SymCleanup

ws2_32

inet_addr
gethostbyname
htons
gethostname
WSAAsyncSelect
inet_ntoa
WSACleanup
WSAStartup
socket
send
recv
WSAConnect
WSASocketA
closesocket

imm32

ImmGetContext
ImmSetCompositionWindow
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetCompositionStringA
ImmSetCandidateWindow
ImmAssociateContext
ImmGetProperty
ImmNotifyIME
ImmReleaseContext

msimg32

TransparentBlt

dsound

ord11

d3d9

Direct3DCreate9

winmm

mmioOpenA
timeGetTime
mmioAscend
mmioRead
mmioDescend
mmioGetInfo
mmioClose
mmioAdvance
mmioSeek

kernel32

CreateThread
ExitThread
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
RtlUnwind
VirtualProtect
HeapReAlloc
GetTimeZoneInformation
InterlockedDecrement
InterlockedIncrement
GetTickCount
LeaveCriticalSection
EnterCriticalSection
lstrlenA
lstrcatA
lstrcpyA
Sleep
lstrcpynA
MulDiv
CloseHandle
CreateFileA
GetFullPathNameA
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetFileAttributesA
ReadFile
GetFileSize
GetACP
GetPrivateProfileIntA
GetPrivateProfileStringA
IsDBCSLeadByteEx
InterlockedExchange
GetVersionExA
GetLocaleInfoA
OpenEventA
WaitForMultipleObjects
CompareStringW
CompareStringA
RaiseException
lstrcmpiA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryA
GetThreadContext
GetCurrentThread
SetUnhandledExceptionFilter
ExitProcess
GetCurrentProcess
VirtualQuery
GetCurrentThreadId
GetLocalTime
SetFilePointer
OutputDebugStringA
WriteFile
GetCurrentProcessId
SetThreadPriority
GetModuleHandleA
GlobalMemoryStatus
GetSystemInfo
GetSystemTimeAsFileTime
IsBadWritePtr
GetSystemTime
WritePrivateProfileStringA
MoveFileA
DeleteFileA
CreateMutexA
GetCurrentDirectoryA
CreateDirectoryA
SetPriorityClass
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
CreateEventA
SetEvent
WaitForSingleObject
ResetEvent
IsProcessorFeaturePresent
CreateFileW
InterlockedCompareExchange
VirtualFree
VirtualAlloc
HeapAlloc
GetProcessHeap
HeapFree
FindCloseChangeNotification
FindFirstChangeNotificationA
GetVolumeInformationA
LocalAlloc
GetStartupInfoA
GetCommandLineA
TerminateProcess
LCMapStringA
LCMapStringW
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetStdHandle
HeapDestroy
HeapCreate
HeapSize
SetHandleCount
GetFileType
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
SetEndOfFile
GetLocaleInfoW
SetEnvironmentVariableA
FindNextChangeNotification

user32

UnregisterClassA
DrawEdge
wvsprintfA
SetCursor
SetDlgItemTextA
DialogBoxParamA
GetKeyState
PostThreadMessageA
LoadIconA
IntersectRect
IsRectEmpty
OffsetRect
CopyRect
InflateRect
GetIconInfo
GetDC
ReleaseDC
EnableWindow
EndDialog
PostMessageA
MessageBeep
LoadAcceleratorsA
SetFocus
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
SendMessageA
DestroyAcceleratorTable
SetWindowLongA
SetMenu
SetWindowPos
GetClassLongA
ClipCursor
GetCursorPos
ScreenToClient
GetMenu
DestroyMenu
IsIconic
DestroyWindow
PostQuitMessage
LoadCursorA
RegisterClassA
SetRect
AdjustWindowRect
GetSystemMetrics
LoadMenuA
CreateWindowExA
GetWindowLongA
GetWindowRect
GetDlgItem
SetRectEmpty
GetClientRect
DefWindowProcA
MessageBoxA
wsprintfA
GetKeyboardLayout
PtInRect
DrawTextA
GetAsyncKeyState
FillRect
PeekMessageA
LoadImageA

gdi32

CreateCompatibleDC
GetDIBits
GetObjectA
CreatePen
LineTo
MoveToEx
BitBlt
SetBkMode
GetFontLanguageInfo
SetMapMode
GetCharacterPlacementA
CreateCompatibleBitmap
CreateBitmap
TextOutA
SetWindowOrgEx
GetTextMetricsA
GetTextColor
SelectObject
DeleteObject
CreateDIBSection
SetTextColor
SetBkColor
SetTextAlign
DeleteDC
GetTextExtentPoint32A
ExtTextOutA
GetDeviceCaps
CreateFontA
CreateSolidBrush
GetStockObject

comctl32

ord17

extended

RegOpenKeyA
GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantInit

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

0
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

21a62171db5f5e9ea8116d447f49953c

Headers

File Characteristics

Imports

dbghelp

ws2_32

imm32

msimg32

dsound

d3d9

winmm

kernel32

user32

gdi32

comctl32

extended

shell32

ole32

oleaut32

version

Sections

0 Size: 4.0MB - Virtual size: 4.0MB

1 Size: 8KB - Virtual size: 8KB

2 Size: 72KB - Virtual size: 72KB

3 Size: 4KB - Virtual size: 4KB

4 Size: 32KB - Virtual size: 32KB

0
Size: 4.0MB - Virtual size: 4.0MB

1
Size: 8KB - Virtual size: 8KB

2
Size: 72KB - Virtual size: 72KB

3
Size: 4KB - Virtual size: 4KB

4
Size: 32KB - Virtual size: 32KB