aa5f191858b4ec1099aab4015bf45467_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

aa5f191858b4ec1099aab4015bf45467_JaffaCakes118
Size

146KB
MD5

aa5f191858b4ec1099aab4015bf45467
SHA1

7a84f0c8249e871ea1fc8d7022262ff77179d8a7
SHA256

60fe4ac252bf54b62c05f5fe045a0965581406f673b070a67412187cfebe4807
SHA512

18a9b90d47e4938b066ec2f4fd068dbe6b6e69570a34665cdc34bf773686eb9afd6abd781e8ab7bb9426b3d41b6d1dc5a82f5f927612b1e99e009168d119991e
SSDEEP

3072:IDKzgpACg/7axlrxdQBfi6/rmEZk2Z5luk5:QKM87MlQB//rDUO

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

aa5f191858b4ec1099aab4015bf45467_JaffaCakes118
.exe windows:5 windows x86 arch:x86

868223842d425ee63f4d87dae8309c46

Code Sign

10:18:15:eb:2f:8e:bb:a6:4b:31:01:01:7a:02:fb:32
Certificate

Issuer

CN=CJVSQSXA

Not Before

08-04-2019 18:00

Not After

31-12-2039 23:59

Subject

CN=CJVSQSXA

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3f:cf:d3:8b:16:d8:61:32:71:33:d6:b1:b8:a8:43:90:41:eb:68:27:cc:3e:a7:0a:96:9d:b8:61:2f:dd:f0:6b
Signer

Actual PE Digest

3f:cf:d3:8b:16:d8:61:32:71:33:d6:b1:b8:a8:43:90:41:eb:68:27:cc:3e:a7:0a:96:9d:b8:61:2f:dd:f0:6b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
SetCurrentDirectoryW
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
lstrcmpA
lstrcpyn
lstrlenA
lstrlenW
VirtualAllocEx
SetCurrentDirectoryA
SetConsoleDisplayMode
SetConsoleActiveScreenBuffer
SearchPathW
SearchPathA
RtlUnwind
ReadFile
RaiseException
QueryPerformanceCounter
Process32FirstW
MultiByteToWideChar
MulDiv
MapUserPhysicalPagesScatter
LoadLibraryW
LoadLibraryA
LeaveCriticalSection
LCMapStringW
AddConsoleAliasW
LCMapStringA
IsValidCodePage
IsDebuggerPresent
IsBadWritePtr
IsBadCodePtr
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryW
GetVersionExA
GetUserDefaultLangID
GetTimeFormatW
GetTimeFormatA
GetTickCount
GetTempPathW
GetSystemTimeAsFileTime
GetStringTypeW
GetStringTypeA
GetStdHandle
GetStartupInfoW
GetStartupInfoA
GetProcessHeap
GetProcAddress
GetOEMCP
GetNumberFormatW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileType
GetFileTime
GetFileSize
GetFileAttributesW
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentStringsW
GetEnvironmentStrings
GetDateFormatW
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetCurrentDirectoryA
GetConsoleOutputCP
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCP
GetCommandLineW
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
FindResourceExA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
FatalExit
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
ExitProcess
EraseTape
EnumSystemCodePagesW
EnumResourceTypesA
EnterCriticalSection
EndUpdateResourceW
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateProcessW
CreateProcessA
CreateMailslotA
CreateFileW
CreateFileA
CreateEventW
CreateEventA
CompareFileTime
CloseHandle
TlsSetValue

user32

IsWindow
IsWindowUnicode
IsWindowVisible
GetQueueStatus
DestroyMenu
VkKeyScanW
CopyIcon
GetCaretBlinkTime
CountClipboardFormats
IsWindowEnabled
GetMenuCheckMarkDimensions
GetOpenClipboardWindow
GetParent
GetFocus
IsMenu
LoadIconW
wsprintfW
wsprintfA
PostThreadMessageW
IsCharAlphaW
LoadStringW
GetMessageW
DispatchMessageW
CharToOemBuffA
CharNextW
CreatePopupMenu

gdi32

SetPixel
SetPaletteEntries
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc
SetPixelV
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject
EndPath
PathToRegion
GetTextCharacterExtra
GetPolyFillMode
GetDCBrushColor
DeleteMetaFile
GetLayout
FillPath
CreateMetaFileW

shell32

SHGetMalloc
CommandLineToArgvW
DragFinish
DragQueryFile
DragQueryFileA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconExA
SHAddToRecentDocs
SHBindToParent
SHCreateDirectoryExA
SHCreateDirectoryExW
SHFileOperationA
SHFormatDrive
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetFileInfo
SHGetFileInfoW
SHGetPathFromIDList
Shell_NotifyIconA
ShellHookProc
ShellExecuteW
ShellExecuteA
ShellAboutW
SHIsFileAvailableOffline
SHInvokePrinterCommandW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

shlwapi

StrStrIA
StrStrA
StrRChrA
StrCmpNW
StrChrW
StrStrIW

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

868223842d425ee63f4d87dae8309c46

Code Sign

10:18:15:eb:2f:8e:bb:a6:4b:31:01:01:7a:02:fb:32Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

3f:cf:d3:8b:16:d8:61:32:71:33:d6:b1:b8:a8:43:90:41:eb:68:27:cc:3e:a7:0a:96:9d:b8:61:2f:dd:f0:6bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

shlwapi

imm32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 58KB - Virtual size: 57KB

10:18:15:eb:2f:8e:bb:a6:4b:31:01:01:7a:02:fb:32
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

3f:cf:d3:8b:16:d8:61:32:71:33:d6:b1:b8:a8:43:90:41:eb:68:27:cc:3e:a7:0a:96:9d:b8:61:2f:dd:f0:6b
Signer

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 58KB - Virtual size: 57KB