af62641d0be903ea60f9e26caf913f886b21460f7ccacab2df809e6de0a72dbf | Triage

Sharing

General

Target

af62641d0be903ea60f9e26caf913f886b21460f7ccacab2df809e6de0a72dbf
Size

454KB
MD5

6a996ad9b92e21065fa2e482281eaa58
SHA1

2c058d0ffd86f97a666e84a24e5be373128ab1d1
SHA256

af62641d0be903ea60f9e26caf913f886b21460f7ccacab2df809e6de0a72dbf
SHA512

ca7c4eb14f41f156af235472d86951ef8deea2c2329452fa89a1a3928482c73aa81664c4862ec4c9b5486ab803d69d67a1e6d7ef5975e9f45cb5c20059f48b95
SSDEEP

6144:m1hBcnT1XOaDwSjwLEAmBg6INh2lGqAVd9x2cecLJyQjOpkpq5Xgcin2W:iXGA9Y87mBpeh25AVd9x2TcFySo5X

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

af62641d0be903ea60f9e26caf913f886b21460f7ccacab2df809e6de0a72dbf
.dll windows x86

27e85364193169ce3e5d6e95988b9c93

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleHandleW

gdi32

StrokePath
PathToRegion
GetStockObject

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ