f352d0ffcbdd0e16445a1753246664ca_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f352d0ffcbdd0e16445a1753246664ca_JaffaCakes118
Size

360KB
MD5

f352d0ffcbdd0e16445a1753246664ca
SHA1

2f37c5db726a9db9a0e88c5800f5dfd9f8666457
SHA256

894086b75688a1108d0a73f49ad12ca19f718c142222836980293422fba1c172
SHA512

8dbe50bbb20e661bcf030b8468b10eb9424a994aef45c42329631ce9ff8a86174e2f7e86147b3df86aa8e166d23eed8e182f01eff83616138775e9f3ef3d3e0e
SSDEEP

3072:cA2O3T9702oCXeca1BmaKGDbEJglbr4nSeN5WEghgVI8AFMK/U:bT9702oCOcImaKGDbEOGSerEhgVIXFM5

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

f352d0ffcbdd0e16445a1753246664ca_JaffaCakes118
.exe windows:5 windows x86 arch:x86

52a3022ee6c5045aac46c15e9996e502

Code Sign

7e:71:44:cd:db:6f:67:b5:41:17:ed:b5:a8:60:eb:2d
Certificate

Issuer

CN=XRIYHVWS

Not Before

14-03-2019 17:11

Not After

31-12-2039 23:59

Subject

CN=XRIYHVWS

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

70:2c:b0:b5:a0:c2:29:41:6a:48:a1:dc:fd:db:b1:c1:45:de:2a:73:c5:48:c9:59:6a:6d:55:af:0c:c2:2c:dd
Signer

Actual PE Digest

70:2c:b0:b5:a0:c2:29:41:6a:48:a1:dc:fd:db:b1:c1:45:de:2a:73:c5:48:c9:59:6a:6d:55:af:0c:c2:2c:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
Module32NextW
MultiByteToWideChar
OpenProcess
OutputDebugStringW
PeekConsoleInputW
QueryPerformanceCounter
ReadConsoleOutputCharacterW
ReadConsoleW
RemoveDirectoryW
RtlUnwind
SearchPathA
SetConsoleMode
SetFilePointerEx
SetLastError
SetNamedPipeHandleState
SetProcessPriorityBoost
SetProcessShutdownParameters
SetStdHandle
LoadLibraryExA
SetThreadLocale
SetUnhandledExceptionFilter
SizeofResource
Sleep
SwitchToFiber
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProfileStringW
_llseek
lstrcatW
lstrcmpiA
lstrcpynW
lstrlenA
LoadLibraryA
LeaveCriticalSection
LCMapStringW
LCMapStringA
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
IsBadCodePtr
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
Heap32ListNext
GlobalAlloc
GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryA
GetSystemDefaultLangID
GetStringTypeW
GetStdHandle
GetStartupInfoW
GetStartupInfoA
GetProfileStringW
GetProcessHeap
GetProcAddress
GetOEMCP
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW
GetMailslotInfo
GetLastError
GetFileType
GetExitCodeProcess
GetEnvironmentStringsW
GetDriveTypeW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetConsoleTitleW
GetConsoleScreenBufferInfo
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetCommandLineW
GetCalendarInfoW
GetCPInfo
GetAtomNameW
GetACP
FreeLibrary
FreeEnvironmentStringsW
FormatMessageW
FormatMessageA
FlushFileBuffers
ExitProcess
EnterCriticalSection
EncodePointer
DeleteCriticalSection
DecodePointer
CreateProcessW
CreateProcessA
CreateFileW
CopyFileW
CloseHandle
BuildCommDCBAndTimeoutsW
GetModuleHandleA
SetThreadAffinityMask
VirtualAlloc

user32

EnumDisplayMonitors
EnumDisplaySettingsW
FillRect
FindWindowExW
FindWindowW
FlashWindow
GetActiveWindow
GetAsyncKeyState
EndPaint
GetClassNameW
GetClientRect
GetClipboardData
GetClipboardFormatNameW
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgItem
GetDoubleClickTime
GetForegroundWindow
GetGUIThreadInfo
GetIconInfo
GetKeyState
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringA
GetMessagePos
GetMessageTime
GetMessageW
GetParent
GetScrollInfo
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetUpdateRect
GetUpdateRgn
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
HideCaret
IMPQueryIMEW
InflateRect
InsertMenuItemW
InsertMenuW
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageA
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxTimeoutW
MessageBoxW
ModifyMenuW
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterHotKey
RegisterWindowMessageW
ReleaseDC
RemoveMenu
ScreenToClient
ScrollWindow
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetRect
SetRectEmpty
SetScrollInfo
SetShellWindow
SetTimer
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCursor
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateAcceleratorW
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassW
UnregisterHotKey
UpdateWindow
ValidateRect
ValidateRgn
VkKeyScanW
WaitForInputIdle
WindowFromPoint
keybd_event
wsprintfW
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextW
DrawStateW
DrawMenuBar
DrawIconEx
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DestroyMenu
DestroyIcon
DestroyCursor
DestroyAcceleratorTable
DeferWindowPos
DefWindowProcW
DdeUninitialize
DdeQueryStringW
DdePostAdvise
DdeNameService
DdeInitializeW
DdeGetLastError
DdeGetData
DdeFreeStringHandle
DdeFreeDataHandle
DdeDisconnect
DdeCreateStringHandleW
DdeCreateDataHandle
DdeConnect
DdeClientTransaction
CreateWindowStationW
CreateWindowExW
CreatePopupMenu
CreateIconIndirect
CreateDialogParamW
CreateDialogIndirectParamW
CreateAcceleratorTableW
CopyRect
CopyImage
CloseClipboard
ClientToScreen
ChildWindowFromPointEx
ChildWindowFromPoint
CheckMenuRadioItem
CheckMenuItem
ChangeDisplaySettingsW
CascadeChildWindows
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
BeginDeferWindowPos
AttachThreadInput
AppendMenuW
AdjustWindowRectEx
GetFocus
OpenIcon
IsMenu
DestroyWindow
WindowFromDC
CloseWindowStation
GetListBoxInfo
CloseDesktop
CloseWindow
CreateMenu
IsCharAlphaNumericW
ReleaseCapture
GetCapture

gdi32

BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateFontIndirectW
CreateSolidBrush
DeleteDC
DeleteObject
EngDeletePalette
EnumICMProfilesW
EnumObjects
Escape
ExtTextOutW
GdiConvertBitmapV5
GdiEntry4
GdiEntry6
GdiFixUpHandle
GdiRealizationInfo
GdiSetPixelFormat
GdiStartDocEMF
GdiSwapBuffers
GetClipBox
GetClipRgn
GetDeviceCaps
GetGlyphIndicesW
GetObjectW
GetPixel
GetRegionData
GetStockObject
GetTextAlign
GetTextCharacterExtra
BeginPath
GetTextFaceW
OffsetViewportOrgEx
PolyPolyline
PolyTextOutA
PtVisible
RectVisible
ResetDCA
RestoreDC
STROBJ_dwGetCodePage
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectObject
SetAbortProc
SetBitmapBits
SetBkColor
SetBkMode
SetColorSpace
SetGraphicsMode
SetLayout
SetMapMode
SetPixel
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
StretchDIBits
TextOutW
UpdateICMRegKeyW
XLATEOBJ_piVector
bInitSystemAndFontsDirectoriesW
GetObjectType
GetTextExtentPoint32W
CreatePatternBrush

advapi32

RegQueryValueExA
RegOpenKeyA

ole32

OleUninitialize
OleInitialize

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52a3022ee6c5045aac46c15e9996e502

Code Sign

7e:71:44:cd:db:6f:67:b5:41:17:ed:b5:a8:60:eb:2dCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

70:2c:b0:b5:a0:c2:29:41:6a:48:a1:dc:fd:db:b1:c1:45:de:2a:73:c5:48:c9:59:6a:6d:55:af:0c:c2:2c:ddSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 155KB - Virtual size: 155KB

.rsrc Size: 144KB - Virtual size: 144KB

7e:71:44:cd:db:6f:67:b5:41:17:ed:b5:a8:60:eb:2d
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

70:2c:b0:b5:a0:c2:29:41:6a:48:a1:dc:fd:db:b1:c1:45:de:2a:73:c5:48:c9:59:6a:6d:55:af:0c:c2:2c:dd
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 155KB - Virtual size: 155KB

.rsrc
Size: 144KB - Virtual size: 144KB