e0cd44f58465735069dc34b5fec2e3f7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e0cd44f58465735069dc34b5fec2e3f7_JaffaCakes118
Size

185KB
MD5

e0cd44f58465735069dc34b5fec2e3f7
SHA1

8db5312889edbed85db21b3e870bde944b158b2c
SHA256

ea23b5ed0da6ebb6dc90eb1fa2e5951edbf48555b5a7622ded42c5ee630c56a3
SHA512

f47270978e9fe0b1825307f026420f6bb06962b582b2fe65bc26402a3afe8a3f93c350a5bb024664496e34d89eec1fcf3db1eeedc653b6e26d9b10169e7b03a5
SSDEEP

3072:E8ENSRg5KrR52iOG7jWXlnYNav5K8dIIPF4j5dFP:E8KSRg5KPHOGErRK86GW

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

e0cd44f58465735069dc34b5fec2e3f7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7c9c585157998e34796c9fbbea371bb8

Code Sign

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06
Certificate

Issuer

CN=MOEITMWPTGYIMDGFLU

Not Before

15-04-2019 20:49

Not After

31-12-2039 23:59

Subject

CN=MOEITMWPTGYIMDGFLU

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07:56:41:40:42:40:f8:62:a3:6b:a8:25:ab:b4:f9:1c:ce:e5:31:5a:6f:24:4f:30:16:a3:a1:e2:af:41:fd:8c
Signer

Actual PE Digest

07:56:41:40:42:40:f8:62:a3:6b:a8:25:ab:b4:f9:1c:ce:e5:31:5a:6f:24:4f:30:16:a3:a1:e2:af:41:fd:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
DeleteCriticalSection
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
RemoveDirectoryA
RtlUnwind
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerifyVersionInfoW
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
CreateThread
CreateProcessA
CreateMutexA
CreateFileA
CompareStringW
CompareStringA
GetVolumeInformationA
CloseHandle

user32

InvalidateRect
IsIconic
IsWindowEnabled
IsWindowVisible
KillTimer
LoadCursorA
LoadCursorW
LoadIconA
LoadStringW
LockWindowUpdate
MapWindowPoints
MessageBoxW
MoveWindow
OemToCharA
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassExA
RegisterClipboardFormatW
ReleaseCapture
ReleaseDC
RemovePropW
SendMessageTimeoutA
SendMessageW
SetClassLongW
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetPropW
SetScrollInfo
SetTimer
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowsHookExW
ShowCaret
ShowWindow
SystemParametersInfoW
TranslateMessage
UnhookWindowsHookEx
UpdateLayeredWindow
UpdateWindow
WaitForInputIdle
LoadIconW
IntersectRect
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetWindow
GetSystemMetrics
GetSysColor
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetMessageA
GetIconInfo
GetForegroundWindow
GetDlgItemTextA
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClassNameW
GetClassLongW
GetCapture
GetActiveWindow
FrameRect
FindWindowW
FindWindowExW
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EndPaint
EndDialog
DrawTextW
DrawFrameControl
DispatchMessageW
DispatchMessageA
DialogBoxParamA
DestroyIcon
DefWindowProcW
DefWindowProcA
CreateWindowExA
CharToOemA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
GetClientRect

gdi32

CreateSolidBrush

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey

shell32

DoEnvironmentSubstA
DragQueryFileA
DragQueryFileW
ExtractAssociatedIconExA
ExtractAssociatedIconW
FindExecutableA
FindExecutableW
SHAppBarMessage
SHBrowseForFolder
SHCreateDirectoryExW
SHCreateProcessAsUserW
SHEmptyRecycleBinW
SHFileOperationA
SHFileOperationW
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDiskFreeSpaceA
SHGetFileInfo
SHGetFolderLocation
SHGetInstanceExplorer
SHGetSettings
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHInvokePrinterCommandW
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHPathPrepareForWriteA
SHQueryRecycleBinA
SHQueryRecycleBinW
ShellAboutW
ShellExecuteA
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
Shell_NotifyIcon
Shell_NotifyIconA
CheckEscapesW

shlwapi

StrChrIW
StrCmpNA
StrCmpNIA
StrRStrIA
StrRStrIW
StrChrIA

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c9c585157998e34796c9fbbea371bb8

Code Sign

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

07:56:41:40:42:40:f8:62:a3:6b:a8:25:ab:b4:f9:1c:ce:e5:31:5a:6f:24:4f:30:16:a3:a1:e2:af:41:fd:8cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 572B

.rsrc Size: 31KB - Virtual size: 30KB

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

07:56:41:40:42:40:f8:62:a3:6b:a8:25:ab:b4:f9:1c:ce:e5:31:5a:6f:24:4f:30:16:a3:a1:e2:af:41:fd:8c
Signer

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 572B

.rsrc
Size: 31KB - Virtual size: 30KB