83edda1d0bffaf8fabaa6863aaa48630661ba064b7e497a4f1f0c41b22982b9c

Sharing

Copy URL

Twitter E-mail

General

Target

83edda1d0bffaf8fabaa6863aaa48630661ba064b7e497a4f1f0c41b22982b9c
Size

1.9MB
MD5

36b8590b8c9bf98ebed5d66094a2a627
SHA1

48a545da79bb4e166e28729c6658dc1e8cae1e9f
SHA256

83edda1d0bffaf8fabaa6863aaa48630661ba064b7e497a4f1f0c41b22982b9c
SHA512

3ad407dc6f9e52fbb28f60b8e848c1de060c67a96b046f4d16c743ae0d9cb37423fb3f9d2d5119344b18e18ae4a094fe7e9dd485183b80059f5209c2cb3fdb68
SSDEEP

6144:3/JeE4Pgr7xMS24Q8eTCNn6xg6YnWwhi5:3/QYr6S247eTCNL6YnWCi5

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

83edda1d0bffaf8fabaa6863aaa48630661ba064b7e497a4f1f0c41b22982b9c
.exe windows x86

266372bf7d6254a658c12556261006a8

Code Sign

2d:a3:da:26:22:db:93:85:47:8f:a2:4e:74:03:ad:d4
Certificate

Issuer

CN=LGESEQEGSXZAQNNUWA

Not Before

22-03-2020 09:46

Not After

31-12-2039 23:59

Subject

CN=LGESEQEGSXZAQNNUWA

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1e:eb:9d:6f:11:a2:f0:04:01:c2:2b:ca:ab:86:26:a0:dd:18:3b:f7
Signer

Actual PE Digest

1e:eb:9d:6f:11:a2:f0:04:01:c2:2b:ca:ab:86:26:a0:dd:18:3b:f7

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LGESEQEGSXZAQNNUWA

27-03-2020 09:03
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
SetErrorMode
GetSystemDefaultLCID
GetACP
GetUserDefaultLangID
GetSystemDefaultUILanguage
GetSystemDefaultLangID
LoadLibraryW
GetModuleFileNameW
GetStringTypeExW
GetLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetLastError
GetCommandLineW
lstrlenW
GlobalFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetTempPathA
GetTempFileNameA
QueryPerformanceCounter
VirtualProtect
GetUserDefaultUILanguage
GetCalendarInfoW
EnumSystemLocalesW
EnumUILanguagesW
IsProcessorFeaturePresent
ReleaseSemaphore
GlobalMemoryStatus
GetCurrentThread
GetProcessHeap
HeapFree
HeapSize
HeapValidate
HeapAlloc
HeapReAlloc
GetModuleHandleA
RaiseException
TlsSetValue
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
VirtualFree
TlsGetValue
TlsFree
DeleteCriticalSection
GetProcAddress
GetFileAttributesW
GetVersion
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
OutputDebugStringA
MulDiv
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
IsValidLocale
FreeLibrary
WaitForSingleObject
ReleaseMutex
CloseHandle
GetSystemTimeAsFileTime
GetTickCount
WriteFile
SetFileAttributesW
FlushFileBuffers
DeleteFileW
GetFileType
CreateFileW
GetLocaleInfoW
ExpandEnvironmentStringsW
GetProcessTimes
GetCurrentProcess
CreateMutexA
OpenMutexA
CreateSemaphoreA
GetShortPathNameA
GetModuleFileNameA
LoadLibraryExW
GetSystemDirectoryW
GetVersionExW
GetTimeZoneInformation
GetDiskFreeSpaceExW
GetSystemInfo
GetUserDefaultLCID
LocalFree
LocalAlloc
CreateProcessA
Sleep
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GlobalAlloc
IsDBCSLeadByte
IsValidCodePage
CompareStringW
InitializeCriticalSection
CreateDirectoryW
CancelIo
EnumCalendarInfoExA
GetDiskFreeSpaceA
lstrcmpiW
GetSystemDirectoryA
WaitForMultipleObjectsEx
WriteConsoleOutputAttribute
CreateDirectoryExA
GetStdHandle
GetConsoleMode
ReadConsoleW
AllocConsole
FreeConsole
WriteConsoleW
ResumeThread
CreateThread
TerminateThread
GetThreadTimes
SearchPathW
WaitForMultipleObjects
FormatMessageW
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
QueryPerformanceFrequency
SetStdHandle
SetEndOfFile
SetFilePointer
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExW
MoveFileW
RemoveDirectoryW
GetComputerNameW
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetTimeFormatW
FindClose
FindFirstFileW
FindNextFileW
SetHandleInformation
GetHandleInformation
RtlUnwind
ExitProcess
GetCommandLineA
InterlockedIncrement
InterlockedDecrement
FatalAppExitA
SetConsoleCtrlHandler
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
GetCPInfo
GetOEMCP
GetConsoleCP
LCMapStringA
LCMapStringW
CreateFileA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
EnumSystemLocalesA
WriteConsoleA
GetConsoleOutputCP
CompareStringA
SetEnvironmentVariableA
MapViewOfFile
CreateFileMappingW
DuplicateHandle
UnmapViewOfFile
ReadFile
GlobalLock
GlobalUnlock
OpenProcess
ResetEvent
CreateEventW
SetEvent
SetProcessShutdownParameters

user32

LoadIconW
GetDlgItem
LoadCursorW
RegisterClassExW
GetDC
GetWindowTextW
SetWindowPos
ReleaseDC
DialogBoxParamW
BeginPaint
GetClientRect
GetSysColor
GetFocus
DrawFocusRect
EndPaint
InvalidateRect
DefWindowProcW
GetParent
SendMessageW
GetClassNameA
SendMessageA
IsWindowUnicode
GetWindowLongA
GetWindowLongW
SetRectEmpty
MapWindowPoints
GetWindowRect
MoveWindow
IsWindowVisible
SendDlgItemMessageW
IsWindow
CreateWindowExA
CreateDialogIndirectParamA
DrawTextA
DrawTextW
DestroyWindow
MapDialogRect
GetSystemMetrics
SystemParametersInfoA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMonitorInfoA
EnumDisplayMonitors
GetKeyboardLayout
MessageBoxW
LoadStringW
SetWindowTextW
GetDlgCtrlID
GetWindow
EndDialog
SetFocus
CharLowerBuffA
SetActiveWindow
RegisterClipboardFormatA
GetMenuItemRect
SetMenuItemInfoA
DrawIcon
GetScrollInfo
DdeCmpStringHandles
EnumDesktopsA
DefDlgProcW
PtInRect
WindowFromDC
DrawStateA
TileChildWindows
DdeNameService
CreateIconIndirect
GetClassInfoA
EnumChildWindows
LoadImageA
RealGetWindowClass
MessageBeep
IsZoomed
LoadCursorFromFileW
DefWindowProcA
ScrollWindowEx
UnregisterClassW
RedrawWindow
GetWindowTextLengthW
CallWindowProcW
WindowFromPoint
CreateWindowExW
GetDesktopWindow
GetClipboardData
EmptyClipboard
SetClipboardData
OpenClipboard
CloseClipboard
PostMessageW
FindWindowW
FillRect
SetThreadDesktop
CloseDesktop
GetThreadDesktop
OpenInputDesktop
OpenDesktopW
GetUserObjectInformationW
UnhookWinEvent
SetWinEventHook
AdjustWindowRect
SetRect
GetTopWindow
SetTimer
ShowWindow
RegisterClassW
CloseWindowStation
GetProcessWindowStation
ChangeDisplaySettingsW
EnumDisplaySettingsW
SetScrollInfo
EnumDesktopsW
GetAsyncKeyState
ToAsciiEx
ToUnicodeEx
VkKeyScanExA
VkKeyScanExW
GetKeyboardLayoutList
GetWindowDC
mouse_event
GetIconInfo
EnumDisplayDevicesA
EnumWindows
GetClassNameW
EnumDisplaySettingsA
ChangeDisplaySettingsExA
EnumDisplayDevicesW
MapVirtualKeyW
keybd_event
GetKeyState
GetKeyboardState
SendMessageTimeoutW
ExitWindowsEx
SystemParametersInfoW
GetGUIThreadInfo
GetForegroundWindow
GetWindowThreadProcessId
IsIconic
IsRectEmpty
EnumDesktopWindows
PostQuitMessage
SetClipboardViewer
ChangeClipboardChain
GetAncestor
PeekMessageW
SetWindowLongW
ClientToScreen
PostThreadMessageW
GetCursorPos
GetClipboardOwner
TranslateMessage
DispatchMessageW
CopyImage
MsgWaitForMultipleObjects
DrawIconEx

gdi32

GetStockObject
DeleteDC
GetDeviceCaps
GetObjectW
CreateFontIndirectW
GetObjectA
CreateFontIndirectA
GetTextFaceW
GetTextMetricsA
GetOutlineTextMetricsA
CreateSolidBrush
TranslateCharsetInfo
SelectObject
GetTextExtentPoint32W
CreatePen
SetBkColor
SetTextColor
SetTextAlign
TextOutW
MoveToEx
LineTo
DeleteObject
CreateDCA
SetMetaFileBitsEx
SetBoundsRect
DPtoLP
GetObjectType
EngLineTo
ResizePalette
GdiConvertBitmapV5
SetPixel
SetDIBitsToDevice
BitBlt
GetSystemPaletteEntries
GetBitmapBits
GetTextMetricsW
SetMapMode
CreateCompatibleBitmap
GdiFlush
SetDIBColorTable
SetPixelV
CreateBitmap
CreateDIBSection
StretchBlt
SetWindowOrgEx
GetClipBox
CreateCompatibleDC
CreateDCW
GetDIBits
ExtEscape
GdiAlphaBlend

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
CryptDestroyKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
CopySid
GetTokenInformation
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
CheckTokenMembership
IsValidSid
AllocateAndInitializeSid
OpenThreadToken
SetEntriesInAclW
GetAclInformation
SetSecurityDescriptorSacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
SetNamedSecurityInfoW
CryptGenRandom
GetUserNameW
RegDeleteKeyW
GetSecurityInfo
RegDeleteValueW
RegEnumKeyExW
SetSecurityInfo
RegNotifyChangeKeyValue
DuplicateTokenEx
SetTokenInformation
LookupAccountNameW
LookupAccountSidW
EqualSid
GetSidIdentifierAuthority

shell32

SHFreeNameMappings
SHBindToParent
ExtractAssociatedIconExW
SHBrowseForFolder
SHGetIconOverlayIndexA
SHGetFileInfoA
SHLoadInProc
SHFileOperationW

ole32

CoInitialize
CoUninitialize
CoCreateGuid
CoCreateInstance
OleInitialize
OleUninitialize
CoInitializeEx

shlwapi

wnsprintfA
StrChrIA
StrStrIW
StrStrIA
StrRChrW
StrRChrIA

comctl32

InitCommonControlsEx
_TrackMouseEvent

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

266372bf7d6254a658c12556261006a8

Code Sign

2d:a3:da:26:22:db:93:85:47:8f:a2:4e:74:03:ad:d4Certificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

1e:eb:9d:6f:11:a2:f0:04:01:c2:2b:ca:ab:86:26:a0:dd:18:3b:f7Signer

Signature Validations

Verification

27-03-2020 09:03 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 512B - Virtual size: 164B

.data Size: 16KB - Virtual size: 15KB

2d:a3:da:26:22:db:93:85:47:8f:a2:4e:74:03:ad:d4
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

1e:eb:9d:6f:11:a2:f0:04:01:c2:2b:ca:ab:86:26:a0:dd:18:3b:f7
Signer

27-03-2020 09:03
Valid: false

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 512B - Virtual size: 164B

.data
Size: 16KB - Virtual size: 15KB