86954f76b5c0fbb1cb6ea492711869e2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

86954f76b5c0fbb1cb6ea492711869e2_JaffaCakes118
Size

1.3MB
MD5

86954f76b5c0fbb1cb6ea492711869e2
SHA1

081e3460fc0c6e6e6cd1b17b4a8f6b949a88db02
SHA256

ffd6ae5e716b2cade6d3365fb9440a5a67f37d3c249d78bdea9e5ef3d39ce52c
SHA512

4b77cff3caf6966c50bcde7185173ae5c536058e1cd29d05bf439b6021572d856e40af547f22270c7c91bd13aaf3f76941eab9bc298a52724e965067d9825e69
SSDEEP

6144:MCiOT+RDQ/0jnNESgfcDLd9a5tLQDB6FgD6b/3nE8FfcMTMazN9IGo:sOT+RbjmedytLJFA6T3nE8Fzpg

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
86954f76b5c0fbb1cb6ea492711869e2_JaffaCakes118

Files

86954f76b5c0fbb1cb6ea492711869e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bc827c35959260d70a78223738d147b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetModuleHandleA
VirtualAllocEx
LockResource
CreatePipe
PeekNamedPipe
GetFileAttributesA
GetPrivateProfileIntA
GetComputerNameW
ExpandEnvironmentStringsA
GetProcessIoCounters
SetFileApisToANSI
GetCommandLineW
SetSystemPowerState
GetConsoleAliasA
SetEndOfFile
GlobalFindAtomW
GetStdHandle
GetCurrentThreadId
EnumCalendarInfoA
IsValidLanguageGroup
GetPrivateProfileStringW
WaitNamedPipeA
MulDiv
FindFirstVolumeMountPointW
GetEnvironmentVariableW
VirtualAlloc
GetSystemPowerStatus
GetCPInfo
GetUserDefaultLCID
FindFirstFileExA
GetTapePosition
DisableThreadLibraryCalls
GetConsoleAliasExesLengthA
Process32Next
CancelTimerQueueTimer
SetStdHandle
GlobalFix
VerifyVersionInfoW
PurgeComm
CopyFileA
SetTimeZoneInformation
EnumResourceNamesA
InterlockedIncrement
InterlockedDecrement
GetLastError
CreateTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
SetEvent
GetCurrentProcessId
WaitForSingleObject
TerminateThread
CloseHandle
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LoadLibraryW
GetModuleHandleW
lstrcmpiW
SearchPathW
CreateTimerQueueTimer
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
FlushInstructionCache
CreateEventW
CreateThread
WaitForMultipleObjects
GetSystemWindowsDirectoryW
SetLastError
DeleteCriticalSection
Sleep
TlsAlloc
TlsFree
SystemTimeToFileTime
GetSystemTime
LocalFree
LocalAlloc
GetFileSize
ReadFile
WriteFile
GetFileAttributesW
CreateFileW
SetFilePointer
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
GetStartupInfoW
InterlockedCompareExchange
VirtualFree
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
InterlockedExchange
GetVersionExA
GetCurrentProcess

user32

AnyPopup
LoadIconW
CharUpperA
GetDC
DestroyMenu
InSendMessage
IsCharAlphaW
GetDialogBaseUnits
GetCapture
CountClipboardFormats
GetMessageExtraInfo
CopyIcon
PaintDesktop
IsIconic
GetSystemMetrics
CloseWindow
IsCharUpperA
GetWindowContextHelpId
GetInputState
GetKeyboardType
CreateWindowExA
SetWindowsHookExA
GetClassInfoExW
RealChildWindowFromPoint
SetFocus
SetLastErrorEx
InvalidateRgn
RegisterClassExW
GetKeyboardLayoutList
CreateWindowExW
GetMenuItemCount
DdeAbandonTransaction
GetMessageTime
DlgDirListW
EnableWindow
SetWindowTextW
SetMenuInfo
CreateDesktopW
UpdateWindow
SetSystemCursor
LoadKeyboardLayoutW
GetWindowRect
DdeAccessData
DialogBoxParamW
GetCursorPos
PostThreadMessageA
LoadMenuW
EnableMenuItem
CallWindowProcA
BroadcastSystemMessageW
CharNextW
SendMessageW
PostThreadMessageW
AllowSetForegroundWindow
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
SetWindowLongW
LoadCursorW
DestroyWindow
PostQuitMessage
LoadStringW
GetMenuItemInfoW
TrackPopupMenuEx
SetForegroundWindow
RemoveMenu
EndMenu
DefWindowProcW
GetWindowLongW
CallWindowProcW
InsertMenuItemW
CreatePopupMenu
UnregisterClassW
UnregisterClassA

gdi32

GetObjectType
CreatePatternBrush
StrokePath
CloseFigure
CreateMetaFileW
CancelDC
DeleteColorSpace
GetGraphicsMode
GetMapMode
GdiFlush
FlattenPath
GetStockObject
UnrealizeObject
GetWorldTransform
OffsetViewportOrgEx
EnumFontsW
PolyPatBlt
PolyPolygon
FixBrushOrgEx
DeviceCapabilitiesExA
GetBitmapBits
ResizePalette
GetTextFaceW

comdlg32

GetSaveFileNameA

advapi32

RegQueryValueExA
RegSetValueExA
TraceMessage
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW

shell32

Shell_NotifyIconA
SHGetPathFromIDListA
SHGetFileInfo
SHGetInstanceExplorer
SHFormatDrive
DragQueryFileW
SHAppBarMessage
DoEnvironmentSubstA
ExtractAssociatedIconExA
SHGetFileInfoA
SHEmptyRecycleBinA
ShellExecuteA
SHEmptyRecycleBinW
ShellExecuteExW
DragQueryPoint
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
CoResumeClassObjects
CoCreateInstance

shlwapi

StrChrW
StrCmpNIA
StrRChrW

comctl32

ImageList_SetIconSize

imm32

ImmSetCompositionWindow

Sections

.text
Size: 690KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t4xt15
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.t4xt14
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.t4xt13
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.t4xt12
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc827c35959260d70a78223738d147b0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

imm32

Sections

.text Size: 690KB - Virtual size: 690KB

.data Size: 204KB - Virtual size: 204KB

.t4xt15 Size: 1KB - Virtual size: 1KB

.t4xt14 Size: 1KB - Virtual size: 1KB

.t4xt13 Size: 1KB - Virtual size: 1KB

.t4xt12 Size: 349KB - Virtual size: 349KB

.rsrc Size: 43KB - Virtual size: 43KB

.text
Size: 690KB - Virtual size: 690KB

.data
Size: 204KB - Virtual size: 204KB

.t4xt15
Size: 1KB - Virtual size: 1KB

.t4xt14
Size: 1KB - Virtual size: 1KB

.t4xt13
Size: 1KB - Virtual size: 1KB

.t4xt12
Size: 349KB - Virtual size: 349KB

.rsrc
Size: 43KB - Virtual size: 43KB