416556c9f085ae56e13f32d7c8c99f03efc6974b2897070f46ef5f9736443e8e | Triage

Sharing

General

Target

416556c9f085ae56e13f32d7c8c99f03efc6974b2897070f46ef5f9736443e8e
Size

277KB
MD5

d60d91c24570770af42816602ac19c97
SHA1

0d17845f19dc2fc1e38934864424c23d8bcc7644
SHA256

416556c9f085ae56e13f32d7c8c99f03efc6974b2897070f46ef5f9736443e8e
SHA512

b2fdac5145f9cfdfe06d10518198aadcb9a3d5bd26f9dcb9c8af5f3be8b1e4aa82895876ed24d39225510006d134cd31e3a588513e7ab9010cb8f9482958c7bc
SSDEEP

3072:tuJ99SJdnwT3EPBWEGyc9RdxZEZExFWBhdgQVNC:tjJq3EJWEA9VyZiFadZVN

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

Files

416556c9f085ae56e13f32d7c8c99f03efc6974b2897070f46ef5f9736443e8e
.exe windows x86

a2c71df5b568cd0c435be69516af42cc

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
FindClose
FileTimeToSystemTime
VirtualAlloc
LoadLibraryA
GetProcAddress
SetErrorMode

user32

GetMenuContextHelpId
GetActiveWindow
GetSysColorBrush
CharLowerW
IsCharAlphaNumericW
GetDesktopWindow
GetProcessWindowStation
GetClipboardData
ReleaseCapture
GetParent
GetDlgCtrlID
IsCharLowerA
EndMenu
EnumClipboardFormats
IsGUIThread
CloseClipboard
CharNextA
GetMessageTime
DestroyWindow
GetInputState
GetCapture
GetQueueStatus
CountClipboardFormats
CreateMenu
GetCursor
GetDialogBaseUnits
LoadIconA

gdi32

CloseMetaFile
AbortDoc
GdiFlush
UnrealizeObject
GetROP2
CreateHalftonePalette
BeginPath
GetEnhMetaFileA
SwapBuffers
GetColorSpace
DeleteDC
AddFontResourceW
GetPixelFormat
UpdateColors

advapi32

RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 291B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ