f37c950e329c221ccb6d9184d39e73e0b56924bec963e20766148b630dea93ac

Sharing

Copy URL

Twitter E-mail

General

Target

f37c950e329c221ccb6d9184d39e73e0b56924bec963e20766148b630dea93ac
Size

1.8MB
MD5

bb62584b9838309fb13e405930ad6d06
SHA1

aa66fc36cadb293bde8f675d5d43d2c28f679eab
SHA256

f37c950e329c221ccb6d9184d39e73e0b56924bec963e20766148b630dea93ac
SHA512

d80a97e9dd89ffa02248459a6dbb5596bd63a96153315d7702dabc3093a235c7d40992ecf131bb19de8b2fc67b5d69b5f4df8cf372a8c838b676091bb5189f03
SSDEEP

6144:8/JeE4PgrWYR0qL8NW8ZDRMD8ZHWJZ1kv4X7WyFy:8/QYrr9LZ8sD85wZj7Woy

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

f37c950e329c221ccb6d9184d39e73e0b56924bec963e20766148b630dea93ac
.exe windows x86

0493dd751761a397e3ee8228b754ac75

Code Sign

2d:a3:da:26:22:db:93:85:47:8f:a2:4e:74:03:ad:d4
Certificate

Issuer

CN=LGESEQEGSXZAQNNUWA

Not Before

22-03-2020 09:46

Not After

31-12-2039 23:59

Subject

CN=LGESEQEGSXZAQNNUWA

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c9:cf:e3:fd:de:1a:73:7e:65:8d:75:f7:ad:fc:cc:bb:02:bf:c7:bd
Signer

Actual PE Digest

c9:cf:e3:fd:de:1a:73:7e:65:8d:75:f7:ad:fc:cc:bb:02:bf:c7:bd

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LGESEQEGSXZAQNNUWA

24-03-2020 12:18
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
SetErrorMode
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
lstrcpyA
lstrcmpA
WritePrivateProfileStringA
WaitForSingleObject
Sleep
SizeofResource
SetThreadLocale
SetFilePointer
SetFileAttributesA
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
MulDiv
MoveFileExA
LockResource
LoadResource
LoadLibraryA
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExA
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetTempPathA
GetSystemInfo
GetStringTypeExA
GetPrivateProfileStringA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentProcessId
GetComputerNameA
GetCPInfo
GetACP
FreeResource
InterlockedExchange
FormatMessageA
FindResourceA
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
EnumCalendarInfoA
DeleteFileA
CreateProcessA
CreateMutexA
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle

user32

LoadIconW

gdi32

GetStockObject

advapi32

GetUserNameW
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0493dd751761a397e3ee8228b754ac75

Code Sign

2d:a3:da:26:22:db:93:85:47:8f:a2:4e:74:03:ad:d4Certificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

c9:cf:e3:fd:de:1a:73:7e:65:8d:75:f7:ad:fc:cc:bb:02:bf:c7:bdSigner

Signature Validations

Verification

24-03-2020 12:18 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 512B - Virtual size: 164B

.data Size: 4KB - Virtual size: 4KB

2d:a3:da:26:22:db:93:85:47:8f:a2:4e:74:03:ad:d4
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

c9:cf:e3:fd:de:1a:73:7e:65:8d:75:f7:ad:fc:cc:bb:02:bf:c7:bd
Signer

24-03-2020 12:18
Valid: false

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 512B - Virtual size: 164B

.data
Size: 4KB - Virtual size: 4KB