712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932 | Triage

Sharing

General

Target

712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932
Size

833KB
MD5

70ef6b2d2f01d1ff0732f7d9617b610e
SHA1

40bc8629f145c9092408482ca126e322a26eab47
SHA256

712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932
SHA512

8ceded8c21513d3e77ca66ea6c694e763f4c597d109b58dbecb4873ca97b1cea779eda14b03640db0adf5aa00a8ef6eeac67948057e0594d3fb395769547f981
SSDEEP

12288:kA+QuYAS3W3ea5ZqFfbIKGgiNz4gL3Y+AjZWQcpWFYK9751tjxt888888888888:kAXuYAS31sSdoz13Y+Ajsg97L

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

Files

712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932
.exe windows x64

d0dc29e181b87a55a4e206f78568776d

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
SetErrorMode
LoadLibraryA
GetModuleHandleA

user32

GetMenuItemCount
GetAsyncKeyState
GetClipboardViewer
CharLowerA
ReleaseCapture
IsWindowEnabled
GetQueueStatus
IsGUIThread
CountClipboardFormats
CloseClipboard
EndMenu
GetWindowContextHelpId
GetDoubleClickTime
GetMessagePos
GetShellWindow
CharNextA
CreateMenu
LoadIconA
ShowCaret

gdi32

UpdateColors
FlattenPath
CreateMetaFileW
GetColorSpace
EndPage
StrokePath
AddFontResourceW
GetBkColor
GdiFlush
GetTextAlign

advapi32

RegQueryValueExW
RegOpenKeyW

Sections

.text
Size: 781KB - Virtual size: 780KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data2
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ