f337bcd0e40d143fc4b82dc9c71dcc8f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f337bcd0e40d143fc4b82dc9c71dcc8f_JaffaCakes118
Size

920KB
MD5

f337bcd0e40d143fc4b82dc9c71dcc8f
SHA1

e3e9950b0c2d365f356b379a31a580476278ac6e
SHA256

f43fa7b7115450b5a3b8b97c6f578afe6c55692a06d1f872415d547c570da288
SHA512

346867c2889c6dd8fbd175cd62c1c81ed849b0680e42ed398b5a1639788fb06cd1733924a7d03090c5ca6f781606034c1960b449c9832820193a7e8c0ebe0c0b
SSDEEP

3072:gO1LzxGZ9Vag6ujkyamUoo7Or0WpVJTtTDT/Dhkm9:gO1LsAyjZamroJGJTtTDT/D99

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

f337bcd0e40d143fc4b82dc9c71dcc8f_JaffaCakes118
.exe windows:1 windows x86 arch:x86

299dda6b71ffd02480452afa820ccb40

Code Sign

23:62:d7:4c:5d:be:16:7c:b7:8d:49:9e:a5:a6:14:75
Certificate

Issuer

CN=BPIEHUCEMJDCAGIPYY

Not Before

22/09/2020, 07:43

Not After

31/12/2039, 23:59

Subject

CN=BPIEHUCEMJDCAGIPYY

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

33:ca:64:6e:4c:0e:80:d2:1b:d9:75:26:a4:dd:6b:55:75:d5:d7:fb
Signer

Actual PE Digest

33:ca:64:6e:4c:0e:80:d2:1b:d9:75:26:a4:dd:6b:55:75:d5:d7:fb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
GetLastError
LoadLibraryA
GetProcAddress
GetModuleHandleA

user32

MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CharUpperW
IntersectRect
InflateRect
GetMenuStringW
InsertMenuW
RemoveMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
RedrawWindow
ValidateRect
OffsetRect
SystemParametersInfoW
SetWindowRgn
GetMenuItemID
CreateWindowExW
GetClassInfoExW
CreateMenu
IsClipboardFormatAvailable
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
SetWindowLongW
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
GetKeyState
GetCursorPos
WindowFromPoint
IsWindowEnabled
DestroyMenu
AppendMenuW
GetMenuItemCount
DeleteMenu
GetSubMenu
SetCapture
ReleaseCapture
SetCursorPos
DestroyCursor
LoadIconA
GetMessageExtraInfo
IsCharAlphaNumericW
CopyIcon
GetKBCodePage
IsIconic
ShowCaret
GetParent
GetOpenClipboardWindow
GetSysColorBrush
IsWindowUnicode
GetCursor

gdi32

GetEnhMetaFileW
GdiFlush
AddFontResourceA
EndDoc
PathToRegion
CreateHalftonePalette
CreateSolidBrush
CancelDC
GetGraphicsMode
GetDCPenColor
UnrealizeObject
GetEnhMetaFileA
GetTextAlign
GetBkColor

advapi32

RegOpenKeyW
RegQueryValueExW

Sections

.text
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 535KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dat2b
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dat2a
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

299dda6b71ffd02480452afa820ccb40

Code Sign

23:62:d7:4c:5d:be:16:7c:b7:8d:49:9e:a5:a6:14:75Certificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

33:ca:64:6e:4c:0e:80:d2:1b:d9:75:26:a4:dd:6b:55:75:d5:d7:fbSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 338KB - Virtual size: 337KB

.data Size: 535KB - Virtual size: 534KB

.dat2b Size: 3KB - Virtual size: 2KB

.dat2a Size: 22KB - Virtual size: 22KB

.rsrc Size: 15KB - Virtual size: 15KB

23:62:d7:4c:5d:be:16:7c:b7:8d:49:9e:a5:a6:14:75
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

33:ca:64:6e:4c:0e:80:d2:1b:d9:75:26:a4:dd:6b:55:75:d5:d7:fb
Signer

.text
Size: 338KB - Virtual size: 337KB

.data
Size: 535KB - Virtual size: 534KB

.dat2b
Size: 3KB - Virtual size: 2KB

.dat2a
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 15KB - Virtual size: 15KB