d2205fb386a508899ba9e1a6d4654ed2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d2205fb386a508899ba9e1a6d4654ed2_JaffaCakes118
Size

509KB
MD5

d2205fb386a508899ba9e1a6d4654ed2
SHA1

d3937f1d1900f7cac13b328c051b3bcaf577226a
SHA256

e2ec00adb32aea4d650f12ebb07e5c30ea4db55e5a8ef4e84f1b5d166f3c70b5
SHA512

31c584c7e04ea73df541a33a8cfbfe3424646d52c7734b5ff694047234d644a5de6882c916c37a8b72f32c496ff47b699f17e664cb65046f129b44ac2de4d3e9
SSDEEP

12288:aXIg+Sg9Wq/kNrR8HEvr+CzEue/zHZbQcv56D3:PSgZ/eCCzu5f56T

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

d2205fb386a508899ba9e1a6d4654ed2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5535617d3265e14bcc5563931b548993

Code Sign

38:c5:59:41:c3:60:b9:b4:49:73:5e:cd:9a:47:f0:fc
Certificate

Issuer

CN=LDEOGTUOMQWENAXKTR

Not Before

20/06/2020, 20:56

Not After

31/12/2039, 23:59

Subject

CN=LDEOGTUOMQWENAXKTR

Extended Key Usages

ExtKeyUsageCodeSigning

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:12:e5:cb:ae:01:5f:cb:15:ea:d3:32:9c:27:52:e4:61:43:62:3c
Signer

Actual PE Digest

a4:12:e5:cb:ae:01:5f:cb:15:ea:d3:32:9c:27:52:e4:61:43:62:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalSize
HeapCreate
IsBadCodePtr
IsBadWritePtr
GetTempPathW
SetFileTime
GetExitCodeProcess
GetCurrentThreadId
CompareFileTime
GetFileTime
FindClose
GetTickCount
EnumSystemCodePagesW
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
lstrcmpA
GetProcessHeap
GetVersionExA
GetACP
GetOEMCP
GetUserDefaultLangID
GetLocaleInfoA
GetStartupInfoA
CreateEventA
GetLastError
WaitForSingleObject
FreeLibrary
MulDiv
SetEvent
CloseHandle
GlobalLock
GlobalUnlock
Sleep
ExitProcess
GetTimeFormatA
GetTimeFormatW
GetDateFormatA
GetDateFormatW
CreateProcessA
CreateProcessW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
SearchPathA
SearchPathW
GetFullPathNameA
GetFullPathNameW
GetModuleHandleW
LoadLibraryA
LoadLibraryW
SetCurrentDirectoryA
SetCurrentDirectoryW
FindFirstFileA
FindFirstFileW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesW
DeleteFileA
DeleteFileW
CreateFileA
CreateFileW
GetModuleFileNameA
GetModuleFileNameW
GetCurrentDirectoryA
GetCurrentDirectoryW
FindNextFileA
FindNextFileW
WideCharToMultiByte
GetWindowsDirectoryW
GetModuleHandleA
GetProcAddress
GetFileAttributesA
WriteFile
ReadFile
SetFilePointer
GetFileSize
lstrlenA
lstrlenW
MultiByteToWideChar
GlobalFree
HeapDestroy
GlobalAlloc
EndUpdateResourceW
DeleteFiber
ConvertDefaultLocale
AllocateUserPhysicalPages
FreeLibraryAndExitThread
GetThreadLocale
GetVolumeInformationW
lstrcpynW
FoldStringW
OpenMutexW
GetStringTypeExW
SetThreadPriority
EnumResourceLanguagesW
lstrcmpiA
AddConsoleAliasW
GetProcessIoCounters
FlushViewOfFile
InterlockedIncrement
MoveFileExW
GetDriveTypeW
ReadConsoleW
SetCommState
lstrcmp
FreeResource
GetVersion
GetSystemDefaultLangID
GetSystemTimeAdjustment
GetEnvironmentVariableA
SetCommTimeouts
GetSystemInfo
SetEnvironmentVariableA
GetConsoleCursorInfo
FormatMessageA
GlobalUnfix
EnumLanguageGroupLocalesW
SetConsoleScreenBufferSize

user32

CreatePopupMenu
GetKeyState
DefFrameProcW
PostQuitMessage
ModifyMenuW
DestroyIcon
DestroyCursor
SetTimer
GetWindow
DefFrameProcA
CheckMenuItem
GetQueueStatus
GetKeyboardState
CheckMenuRadioItem
GetSystemMetrics
DrawMenuBar
DeleteMenu
GetSubMenu
LoadCursorA
GetKeyboardLayout
IsWindowVisible
GetClassNameW
GetClassNameA
SetWindowPos
SetScrollInfo
GetScrollInfo
ReleaseCapture
CallNextHookEx
MapVirtualKeyW
MapVirtualKeyA
UnhookWindowsHookEx
GetDlgItem
EndDialog
IsChild
RedrawWindow
MoveWindow
SetCapture
ActivateKeyboardLayout
SetForegroundWindow
GetForegroundWindow
SystemParametersInfoA
LoadMenuA
LoadMenuW
LoadAcceleratorsA
LoadAcceleratorsW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
CreateDialogParamW
CreateDialogParamA
DialogBoxParamW
DialogBoxParamA
EnumThreadWindows
WaitForInputIdle
BringWindowToTop
EnableWindow
CloseClipboard
GetClipboardData
OpenClipboard
MessageBeep
SetCursorPos
DrawTextW
DrawTextA
GetKeyboardLayoutList
EnumWindows
SetActiveWindow
GetActiveWindow
EndPaint
DrawFrameControl
BeginPaint
GetCapture
FrameRect
SetDlgItemInt
GetDlgItemInt
SetWindowsHookExA
CharUpperA
RegisterClipboardFormatA
HideCaret
SetMenuDefaultItem
IsClipboardFormatAvailable
SetCaretPos
SetClipboardData
EmptyClipboard
UnregisterClassA
UnregisterClassW
CreateCaret
DestroyCaret
ScrollWindow
ShowScrollBar
GetDoubleClickTime
GetMessageTime
GetUpdateRect
IntersectRect
InsertMenuA
InsertMenuW
AppendMenuA
AppendMenuW
SetDlgItemTextA
SetDlgItemTextW
SetWindowTextA
SetWindowTextW
FindWindowExA
FindWindowExW
CreateMDIWindowA
CreateMDIWindowW
CreateWindowExA
CreateWindowExW
RegisterClassA
RegisterClassW
ScreenToClient
TrackPopupMenu
GetSystemMenu
KillTimer
SetCursor
GetMenuStringA
GetMenuStringW
LoadStringA
LoadStringW
SendMessageW
IsDialogMessageA
IsDialogMessageW
TranslateAcceleratorA
TranslateAcceleratorW
DispatchMessageA
DispatchMessageW
PeekMessageA
PeekMessageW
GetMessageA
GetMessageW
GetDlgItemTextA
GetDlgItemTextW
GetWindowTextA
GetWindowTextW
GetWindowTextLengthA
GetWindowTextLengthW
SetWindowLongA
SetWindowLongW
GetWindowLongA
GetWindowLongW
SetClassLongA
SetClassLongW
GetClassLongA
GetClassLongW
GetKeyNameTextA
GetKeyNameTextW
DefWindowProcA
DefWindowProcW
InvalidateRect
UpdateWindow
ValidateRect
GetDC
GetClientRect
GetSysColorBrush
FillRect
DrawEdge
GetFocus
DrawFocusRect
DestroyMenu
DefMDIChildProcA
DefMDIChildProcW
SetFocus
ClientToScreen
EnableMenuItem
ShowWindow
TranslateMessage
ShowCaret
ModifyMenuA
IsWindowEnabled
GetSysColor
DrawStateA
ReleaseDC
IsWindowUnicode
CallWindowProcA
CallWindowProcW
GetDlgCtrlID
GetParent
PostMessageA
GetCursorPos
PtInRect
GetWindowRect
DestroyWindow
SendMessageA
MessageBoxW
DestroyAcceleratorTable
GetUpdateRgn
DdeGetData
LoadCursorW

gdi32

PlayEnhMetaFile
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
DeleteEnhMetaFile
CloseEnhMetaFile
CreateEnhMetaFileW
CreateEnhMetaFileA
CreateDIBSection
GetBkMode
BitBlt
TextOutA
TextOutW
SetBkMode
SetBkColor
SetTextColor
GetObjectA
GetTextMetricsA
GetObjectW
GetTextMetricsW
CreateRectRgn
StartPage
EndPage
EndDoc
GetTextExtentPoint32W
GetTextAlign
SetTextAlign
ExtTextOutW
CreateBitmap
CreatePatternBrush
PatBlt
DeleteDC
CreateDCW
CreateDCA
GetDeviceCaps
GetStockObject
StartDocA
StartDocW
CreateFontIndirectA
CreateFontIndirectW
CreatePen
SelectObject
MoveToEx
LineTo
ExtTextOutA
DeleteObject
PATHOBJ_bEnumClipLines
SetDIBColorTable
GdiReleaseDC
GetEnhMetaFileBits
SetAbortProc
EngAssociateSurface
FONTOBJ_pfdg
CombineTransform
GetCurrentObject
SetWinMetaFileBits
GetColorAdjustment
SetBrushOrgEx
GetCharWidth32A
EngDeleteSemaphore
GetGlyphIndicesW
GetGlyphOutlineA
GdiEntry15
FillPath
SetBitmapDimensionEx
SetROP2
EngDeleteSurface
SetBoundsRect
CombineRgn
EngWideCharToMultiByte
AddFontResourceW
GetLayout
SetDCBrushColor
SelectPalette
BRUSHOBJ_hGetColorTransform
GdiQueryTable
SetPaletteEntries
DeleteMetaFile
GetEnhMetaFileA

comdlg32

PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
ChooseColorW
PrintDlgW
PrintDlgA
ChooseFontA
ChooseFontW
GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW
ChooseColorA

advapi32

RegSetValueExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegEnumValueW
RegCreateKeyExW
RegCreateKeyExA
RegEnumKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyA

shell32

ShellExecuteExW
SHChangeNotify
SHGetMalloc
DragAcceptFiles
ShellExecuteA
ShellExecuteW
DragQueryFileA
DragQueryFileW
DragFinish
ExtractAssociatedIconW
SHBrowseForFolderA
SHFileOperationW
ExtractIconExW
SHGetPathFromIDList
SHGetFolderPathA
SHEmptyRecycleBinW
SHGetIconOverlayIndexA
SHInvokePrinterCommandW
SHGetInstanceExplorer
DuplicateIcon
DoEnvironmentSubstA
SHGetPathFromIDListA
SHLoadNonloadedIconOverlayIdentifiers
SHGetSpecialFolderLocation
ShellAboutW
SHCreateDirectoryExW
Shell_NotifyIconA
FindExecutableW
SHGetDesktopFolder
ExtractAssociatedIconA
CommandLineToArgvW
FindExecutableA
ShellExecuteExA
SHGetIconOverlayIndexW

ole32

ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleInitialize
OleUninitialize
DoDragDrop

shlwapi

StrChrW
StrRStrIA
StrCmpNIW
StrCmpNW
StrChrIA
StrRChrIW

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Create
PropertySheetW
ImageList_Destroy
PropertySheetA

imm32

ImmSetCompositionFontA
ImmSetCompositionFontW
ImmGetCompositionStringW
ImmEscapeW
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

Sections

.text
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5535617d3265e14bcc5563931b548993

Code Sign

38:c5:59:41:c3:60:b9:b4:49:73:5e:cd:9a:47:f0:fcCertificate

Extended Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

a4:12:e5:cb:ae:01:5f:cb:15:ea:d3:32:9c:27:52:e4:61:43:62:3cSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

imm32

Sections

.text Size: 369KB - Virtual size: 369KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 112KB - Virtual size: 112KB

.rsrc Size: 20KB - Virtual size: 20KB

38:c5:59:41:c3:60:b9:b4:49:73:5e:cd:9a:47:f0:fc
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

a4:12:e5:cb:ae:01:5f:cb:15:ea:d3:32:9c:27:52:e4:61:43:62:3c
Signer

.text
Size: 369KB - Virtual size: 369KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 112KB - Virtual size: 112KB

.rsrc
Size: 20KB - Virtual size: 20KB