a222db8f9ff0e29f79e58a118ce7c9ec_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a222db8f9ff0e29f79e58a118ce7c9ec_JaffaCakes118
Size

920KB
MD5

a222db8f9ff0e29f79e58a118ce7c9ec
SHA1

33ecbb5082fc244ab7c5492b6ead04c4e6301b71
SHA256

5acec93c640ee499d02f78f646af7cf65605a56fc20add62c4dabdb402943114
SHA512

ef5232af0d58ccf0c856963dc82f80b99d2ab66661ff873b7a074421a1df01a6c110e1768984333b4aaafa316c0cad789e71b832d07b0c2cf4c78392d42f3565
SSDEEP

3072:pO1LzxGZ9Vag6ujkyamUoo7Or0WpVyTXTDTVDhdmA:pO1LsAyjZamroJGyTXTDTVDiA

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

a222db8f9ff0e29f79e58a118ce7c9ec_JaffaCakes118
.exe windows:1 windows x86 arch:x86

99c0c4f0bd11259a8f42b56e2b2b5066

Code Sign

23:62:d7:4c:5d:be:16:7c:b7:8d:49:9e:a5:a6:14:75
Certificate

Issuer

CN=BPIEHUCEMJDCAGIPYY

Not Before

22-09-2020 07:43

Not After

31-12-2039 23:59

Subject

CN=BPIEHUCEMJDCAGIPYY

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

aa:06:7f:39:93:9e:ac:e2:11:09:32:47:be:c9:6a:1c:07:fb:06:74
Signer

Actual PE Digest

aa:06:7f:39:93:9e:ac:e2:11:09:32:47:be:c9:6a:1c:07:fb:06:74

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
GetModuleHandleA
GetLastError
LoadLibraryA
GetProcAddress

user32

MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CharUpperW
IntersectRect
InflateRect
GetMenuStringW
InsertMenuW
RemoveMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
RedrawWindow
ValidateRect
OffsetRect
SystemParametersInfoW
SetWindowRgn
GetMenuItemID
CreateWindowExW
GetClassInfoExW
CreateMenu
IsClipboardFormatAvailable
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
SetWindowLongW
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
GetKeyState
GetCursorPos
WindowFromPoint
IsWindowEnabled
DestroyMenu
AppendMenuW
GetMenuItemCount
DeleteMenu
GetSubMenu
SetCapture
ReleaseCapture
SetCursorPos
DestroyCursor
GetMessageExtraInfo
IsCharAlphaNumericW
CopyIcon
GetKBCodePage
IsIconic
ShowCaret
GetParent
GetOpenClipboardWindow
GetSysColorBrush
IsWindowUnicode
GetCursor
LoadIconA

gdi32

GetEnhMetaFileW
GdiFlush
AddFontResourceA
EndDoc
PathToRegion
CreateHalftonePalette
CreateSolidBrush
CancelDC
GetGraphicsMode
GetDCPenColor
UnrealizeObject
GetEnhMetaFileA
GetTextAlign
GetBkColor

advapi32

RegOpenKeyW
RegQueryValueExW

Sections

.text
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 535KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dat2b
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dat2a
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99c0c4f0bd11259a8f42b56e2b2b5066

Code Sign

23:62:d7:4c:5d:be:16:7c:b7:8d:49:9e:a5:a6:14:75Certificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

aa:06:7f:39:93:9e:ac:e2:11:09:32:47:be:c9:6a:1c:07:fb:06:74Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 338KB - Virtual size: 337KB

.data Size: 535KB - Virtual size: 534KB

.dat2b Size: 3KB - Virtual size: 2KB

.dat2a Size: 22KB - Virtual size: 22KB

.rsrc Size: 15KB - Virtual size: 15KB

23:62:d7:4c:5d:be:16:7c:b7:8d:49:9e:a5:a6:14:75
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

aa:06:7f:39:93:9e:ac:e2:11:09:32:47:be:c9:6a:1c:07:fb:06:74
Signer

.text
Size: 338KB - Virtual size: 337KB

.data
Size: 535KB - Virtual size: 534KB

.dat2b
Size: 3KB - Virtual size: 2KB

.dat2a
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 15KB - Virtual size: 15KB