df40ac59f1022b97894abf0582662ff8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

df40ac59f1022b97894abf0582662ff8_JaffaCakes118
Size

920KB
MD5

df40ac59f1022b97894abf0582662ff8
SHA1

98fdf7535a017bea950e9124f5022617b4787f34
SHA256

1765e5f0ee49b2b6cf4a7361bbaac484f15c6c1d003de02338fffdb615e831d8
SHA512

4d5ef29ac454462f5fcb91e27c71949caa36f016edd86d32c5e8a22f9cb86027799fce805cffac9e3b0b4f3d93aa4c412cd34480551ff3e6a9128825416665e7
SSDEEP

3072:AO1LzxGZ9Vag6ujkyamUoo7Or0WpVJTtTDTvDhZmJ8:AO1LsAyjZamroJGJTtTDTvD6J8

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

df40ac59f1022b97894abf0582662ff8_JaffaCakes118
.exe windows:1 windows x86 arch:x86

299dda6b71ffd02480452afa820ccb40

Code Sign

23:62:d7:4c:5d:be:16:7c:b7:8d:49:9e:a5:a6:14:75
Certificate

Issuer

CN=BPIEHUCEMJDCAGIPYY

Not Before

22-09-2020 07:43

Not After

31-12-2039 23:59

Subject

CN=BPIEHUCEMJDCAGIPYY

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:a0:c2:91:41:3d:ab:30:91:63:9f:bf:7b:1d:72:93:2e:87:c7:c1
Signer

Actual PE Digest

61:a0:c2:91:41:3d:ab:30:91:63:9f:bf:7b:1d:72:93:2e:87:c7:c1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
GetLastError
LoadLibraryA
GetProcAddress
GetModuleHandleA

user32

MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CharUpperW
IntersectRect
InflateRect
GetMenuStringW
InsertMenuW
RemoveMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
RedrawWindow
ValidateRect
OffsetRect
SystemParametersInfoW
SetWindowRgn
GetMenuItemID
CreateWindowExW
GetClassInfoExW
CreateMenu
IsClipboardFormatAvailable
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
SetWindowLongW
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
GetKeyState
GetCursorPos
WindowFromPoint
IsWindowEnabled
DestroyMenu
AppendMenuW
GetMenuItemCount
DeleteMenu
GetSubMenu
SetCapture
ReleaseCapture
SetCursorPos
DestroyCursor
LoadIconA
GetMessageExtraInfo
IsCharAlphaNumericW
CopyIcon
GetKBCodePage
IsIconic
ShowCaret
GetParent
GetOpenClipboardWindow
GetSysColorBrush
IsWindowUnicode
GetCursor

gdi32

GetEnhMetaFileW
GdiFlush
AddFontResourceA
EndDoc
PathToRegion
CreateHalftonePalette
CreateSolidBrush
CancelDC
GetGraphicsMode
GetDCPenColor
UnrealizeObject
GetEnhMetaFileA
GetTextAlign
GetBkColor

advapi32

RegOpenKeyW
RegQueryValueExW

Sections

.text
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 535KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dat2b
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dat2a
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

299dda6b71ffd02480452afa820ccb40

Code Sign

23:62:d7:4c:5d:be:16:7c:b7:8d:49:9e:a5:a6:14:75Certificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

61:a0:c2:91:41:3d:ab:30:91:63:9f:bf:7b:1d:72:93:2e:87:c7:c1Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 338KB - Virtual size: 337KB

.data Size: 535KB - Virtual size: 534KB

.dat2b Size: 3KB - Virtual size: 2KB

.dat2a Size: 22KB - Virtual size: 22KB

.rsrc Size: 15KB - Virtual size: 15KB

23:62:d7:4c:5d:be:16:7c:b7:8d:49:9e:a5:a6:14:75
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

61:a0:c2:91:41:3d:ab:30:91:63:9f:bf:7b:1d:72:93:2e:87:c7:c1
Signer

.text
Size: 338KB - Virtual size: 337KB

.data
Size: 535KB - Virtual size: 534KB

.dat2b
Size: 3KB - Virtual size: 2KB

.dat2a
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 15KB - Virtual size: 15KB