b1cbc4c609da40c9c11b4bee58570374_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b1cbc4c609da40c9c11b4bee58570374_JaffaCakes118
Size

116KB
MD5

b1cbc4c609da40c9c11b4bee58570374
SHA1

32f8602423719f9cdc86dfb6f173ab1dafbc9568
SHA256

f9c10519ff6d3a53664fa72218d7e72a80cd9631ff26db0ce1a39fab504f1dd1
SHA512

1d570d694ec0466b70c078d6fcf297754e65eb78bc37d64409ea1fe12cd2eddafc0d6eb509dedd16b03e259c0356249931c7de2543121f45a65de53918fe035b
SSDEEP

3072:k8ENSRg5KrR52iOG7jWXlnYNav5KLdIIPst5tKRJ:k8KSRg5KPHOGErRKL6Gga

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

b1cbc4c609da40c9c11b4bee58570374_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1ec3bfe8eec34e810d7e68de32d124a7

Code Sign

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06
Certificate

Issuer

CN=MOEITMWPTGYIMDGFLU

Not Before

15/04/2019, 20:49

Not After

31/12/2039, 23:59

Subject

CN=MOEITMWPTGYIMDGFLU

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

99:42:2f:15:a1:59:14:12:6d:0e:f5:38:dd:2d:3f:b1:83:62:48:84:a4:07:d9:83:f4:50:5a:5a:b9:b8:b5:e8
Signer

Actual PE Digest

99:42:2f:15:a1:59:14:12:6d:0e:f5:38:dd:2d:3f:b1:83:62:48:84:a4:07:d9:83:f4:50:5a:5a:b9:b8:b5:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetVolumeInformationA
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
LCMapStringA
LCMapStringW
FindClose
GetExitCodeProcess
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
RemoveDirectoryA
RtlUnwind
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
LoadLibraryW
ExpandEnvironmentStringsA
ExitProcess
EnterCriticalSection
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetCPInfo
GetACP
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
FindNextFileA
LoadLibraryA
FindFirstFileA
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateMutexA
CreateFileA
CompareStringW
CompareStringA
LeaveCriticalSection
CloseHandle

user32

LoadIconW
ValidateRgn
UpdateWindow
UnloadKeyboardLayout
TranslateMessage
TranslateAcceleratorA
TileChildWindows
ShowWindow
SetWindowPos
SetRectEmpty
SetMenuItemInfoA
SetForegroundWindow
SetFocus
SetDlgItemTextA
SetCaretPos
SendMessageTimeoutA
SendMessageCallbackA
RegisterClassW
RegisterClassExA
PostQuitMessage
MapDialogRect
LoadMenuIndirectW
LoadIconA
LoadCursorA
GetWindowThreadProcessId
GetWindowLongW
GetUserObjectSecurity
GetMessageA
GetMenuState
GetForegroundWindow
GetDlgItemTextA
GetClipboardData
GetClipCursor
GetClassInfoExW
EnumPropsExA
EnumDisplaySettingsExA
EndDialog
DrawTextExW
DrawEdge
DispatchMessageA
DialogBoxParamA
DefWindowProcA
DdeQueryStringA
DdeNameService
DdeCmpStringHandles
CreateWindowExW
ActivateKeyboardLayout
AttachThreadInput
CallNextHookEx
CharToOemA
CreateMDIWindowA
CreateWindowExA
RegisterDeviceNotificationW

gdi32

AnyLinkedFonts
CLIPOBJ_bEnum
CreateCompatibleDC
CreateSolidBrush
Escape
FillRgn
GdiInitSpool
GdiIsMetaFileDC
GetEnhMetaFileA
GetObjectA
GetTextCharacterExtra
OffsetViewportOrgEx
SaveDC
SetMagicColors
SetWindowOrgEx
BRUSHOBJ_hGetColorTransform

advapi32

RegDeleteKeyW
RegSetValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegDeleteValueW
RegDeleteValueA
RegCloseKey
RegCreateKeyExW
RegDeleteKeyA

shell32

SHGetSpecialFolderPathW
SHInvokePrinterCommandW
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHPathPrepareForWriteA
SHQueryRecycleBinA
SHQueryRecycleBinW
ShellAboutW
ShellExecuteA
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
Shell_NotifyIcon
Shell_NotifyIconA
SHGetSettings
SHGetInstanceExplorer
SHGetFolderLocation
SHGetFileInfo
SHGetDiskFreeSpaceA
SHGetDataFromIDListA
SHFreeNameMappings
SHFileOperationW
SHFileOperationA
SHEmptyRecycleBinW
SHCreateProcessAsUserW
SHCreateDirectoryExW
SHBrowseForFolder
SHAppBarMessage
FindExecutableW
FindExecutableA
ExtractAssociatedIconW
ExtractAssociatedIconExA
DragQueryFileW
DragQueryFileA
DoEnvironmentSubstA
CheckEscapesW
SHGetSpecialFolderPathA

ole32

CoRegisterMessageFilter
CoReleaseServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CreateOleAdviseHolder
CreateStreamOnHGlobal
OleInitialize
OleLockRunning
OleRegEnumVerbs
OleRegGetMiscStatus
OleRegGetUserType
OleSaveToStream
OleUninitialize
ReadClassStm
StringFromCLSID
StringFromGUID2
WriteClassStm
CoInitializeEx
CoGetClassObject
CoCreateInstance
CoAddRefServerProcess
CLSIDFromString
CLSIDFromProgID
CoRegisterClassObject

shlwapi

StrChrIW
StrCmpNA
StrCmpNIA
StrRStrIA
StrRStrIW
StrChrIA

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ec3bfe8eec34e810d7e68de32d124a7

Code Sign

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

99:42:2f:15:a1:59:14:12:6d:0e:f5:38:dd:2d:3f:b1:83:62:48:84:a4:07:d9:83:f4:50:5a:5a:b9:b8:b5:e8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 572B

.rsrc Size: 31KB - Virtual size: 30KB

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

99:42:2f:15:a1:59:14:12:6d:0e:f5:38:dd:2d:3f:b1:83:62:48:84:a4:07:d9:83:f4:50:5a:5a:b9:b8:b5:e8
Signer

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 572B

.rsrc
Size: 31KB - Virtual size: 30KB