3d0f043627dea5de72eae3fd54dd228dcc4320e8802200dbf21bcbe1cce0bf4a

Sharing

Copy URL

Twitter E-mail

General

Target

3d0f043627dea5de72eae3fd54dd228dcc4320e8802200dbf21bcbe1cce0bf4a
Size

308KB
MD5

49df3279ba75201fd07b6f3b72eda8c4
SHA1

088274fa4220f7b19d7c25587398b545b144703d
SHA256

3d0f043627dea5de72eae3fd54dd228dcc4320e8802200dbf21bcbe1cce0bf4a
SHA512

7bcb34e10477ff52a5a6290d136e1a6ca0558881f1d930d42519c8fce017164377651a77b9af16be8eab660fe58201abfe3af32561cf0a16699856773226e66b
SSDEEP

6144:NCA4NjQzhvtj28R/W7IznI+CGCtNrMRkuLYG:LzhhL/UITJCDNr9G

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

3d0f043627dea5de72eae3fd54dd228dcc4320e8802200dbf21bcbe1cce0bf4a
.exe windows x86

5cc71ea43c0a3a5a235d40a389b9a11b

Code Sign

5e:66:99:32:ed:fa:3c:50:b1:47:43:40:e3:4f:99:91
Certificate

Issuer

CN=YVXTOAKKHFHCALJJDJ

Not Before

07-03-2020 07:17

Not After

31-12-2039 23:59

Subject

CN=YVXTOAKKHFHCALJJDJ

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:aa:5f:da:66:a1:09:64:c6:ba:84:91:4d:46:8a:33:fe:8d:eb:10
Signer

Actual PE Digest

5d:aa:5f:da:66:a1:09:64:c6:ba:84:91:4d:46:8a:33:fe:8d:eb:10

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=YVXTOAKKHFHCALJJDJ

19-03-2020 17:37
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
WideCharToMultiByte
LocalFree
GetStdHandle
FormatMessageW
GetModuleHandleA
GetVersionExA
HeapFree
HeapAlloc
ExitProcess
GetProcAddress
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsFree
SetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSection
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
RtlUnwind
VirtualProtect
GetSystemInfo
VirtualQuery
HeapUnlock
InterlockedExchange
GetPrivateProfileStructA
Thread32Next
GetTempFileNameW
VirtualAllocEx
GetModuleHandleW

user32

CascadeWindows
DrawTextW
GetSystemMenu
UnhookWinEvent
BroadcastSystemMessageW
GetWindowThreadProcessId
CreateMenu
DdeReconnect
EnableWindow
IsCharAlphaNumericW
GetKeyState
LoadKeyboardLayoutW
EnumPropsExW
EnumDisplaySettingsW
SendMessageA
CharNextA
DragDetect
ReleaseCapture
DdeInitializeW
SetMenuItemBitmaps
DefDlgProcW
CharPrevExA
DdeCreateDataHandle
SetShellWindow
CharUpperW
wsprintfW
EnumDisplaySettingsExW
GetWindowTextLengthA
SetMessageQueue
ToAsciiEx
WindowFromPoint
LoadCursorW
LoadIconA

gdi32

GetBrushOrgEx
GetMetaFileA
EngCreateBitmap
EngTransparentBlt
GetTextExtentPointW
CreateBitmapIndirect
GetColorAdjustment
Pie
GdiQueryFonts
SetStretchBltMode
FONTOBJ_pifi
AddFontResourceExA
FONTOBJ_cGetGlyphs
SetLayoutWidth
EngMultiByteToWideChar
LineTo
GetWindowOrgEx
Polyline
GetCharWidthA
GetStockObject

advapi32

RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cc71ea43c0a3a5a235d40a389b9a11b

Code Sign

5e:66:99:32:ed:fa:3c:50:b1:47:43:40:e3:4f:99:91Certificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

5d:aa:5f:da:66:a1:09:64:c6:ba:84:91:4d:46:8a:33:fe:8d:eb:10Signer

Signature Validations

Verification

19-03-2020 17:37 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 235KB - Virtual size: 235KB

.data Size: 23KB - Virtual size: 23KB

.rsrc Size: 43KB - Virtual size: 43KB

5e:66:99:32:ed:fa:3c:50:b1:47:43:40:e3:4f:99:91
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

5d:aa:5f:da:66:a1:09:64:c6:ba:84:91:4d:46:8a:33:fe:8d:eb:10
Signer

19-03-2020 17:37
Valid: false

.text
Size: 235KB - Virtual size: 235KB

.data
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 43KB - Virtual size: 43KB