fde448298685e05f493c89b552420f683c8b7c50a22b8a4c477f20d4c3a1c6b9

Sharing

Copy URL

Twitter E-mail

General

Target

fde448298685e05f493c89b552420f683c8b7c50a22b8a4c477f20d4c3a1c6b9
Size

2.2MB
MD5

ceba7e7a9011c9b02b8ab4c4939fee05
SHA1

6fa528cefd9222c39fa848d0d3cf8fa1aa82a7c9
SHA256

fde448298685e05f493c89b552420f683c8b7c50a22b8a4c477f20d4c3a1c6b9
SHA512

345ab50b3cbdb75fda4eb63eff66d25336684614e0d71bbf71c0a020822a4da7f0efb682583b0475433ba928c652f428ce4a83b2b5b60abbd5a4b8ec8f8009b8
SSDEEP

6144:r/la96gGca3nq8fD9l+VyeolDWYFLlmLybxjc9SqcC1QvmxL:r/Jtc0nq8b9l+VdSFxmLJPLQux

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

fde448298685e05f493c89b552420f683c8b7c50a22b8a4c477f20d4c3a1c6b9
.exe windows x86

b8c14bc897613c1128c2fc7265378546

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
FlushFileBuffers
GetEnvironmentStrings
GetSystemInfo
LocalFree
GetCurrentProcess
lstrcpyW
ExpandEnvironmentStringsW
LocalReAlloc
LocalAlloc
lstrlenW
FindNextFileW
CompareStringW
FindClose
lstrcmpiW
GetLastError
FindFirstFileW
SetLastError
LeaveCriticalSection
EnterCriticalSection
ExitThread
GetEnvironmentVariableW
SetEvent
FindCloseChangeNotification
Sleep
WaitForMultipleObjects
FindNextChangeNotification
CloseHandle
CreateEventW
FindFirstChangeNotificationW
ResumeThread
SetThreadPriority
CreateThread
WaitForSingleObject
InitializeCriticalSection
SetProcessShutdownParameters
OpenEventW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
VirtualProtect
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoA
GetTempPathA
DnsHostnameToComputerNameW
DeleteTimerQueue
GetFullPathNameW
VirtualFreeEx
SetNamedPipeHandleState
WaitNamedPipeA
GetDateFormatA
RtlFillMemory
ReplaceFileA
GetPrivateProfileStringW
BackupRead
SuspendThread
ClearCommError
SleepEx
FormatMessageW
GetDevicePowerState
GetSystemPowerStatus

user32

LoadIconA
LoadCursorFromFileW
GetAsyncKeyState
GetForegroundWindow
GetKeyboardLayout
GetDC
GetSystemMetrics
GetDlgCtrlID
GetListBoxInfo
GetThreadDesktop
ShowCaret
DestroyWindow
GetClipboardViewer
GetTopWindow
CharLowerA
IsWindow
GetFocus
GetOpenClipboardWindow
CreateMenu
GetCapture
GetKBCodePage
LoadStringW
SendMessageW
SetWindowPos
GetDesktopWindow
GetParent
GetWindowLongW
GetWindowRect
SetForegroundWindow
CheckDlgButton
GetClientRect
EndDialog
PostMessageW
GetDlgItem
IsDlgButtonChecked
SendDlgItemMessageW
SetDlgItemTextW
KillTimer
SetTimer
LoadImageW
DialogBoxParamW
MessageBoxW
DefWindowProcW
LoadIconW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassW
GetDlgItemTextA
PackDDElParam
ShowCursor
WinHelpA
CreateDialogIndirectParamA
DlgDirListComboBoxW
SetMenuContextHelpId
DdeCmpStringHandles
GetMenuContextHelpId
LoadMenuIndirectW
ChangeDisplaySettingsExA
GetWindowTextLengthA
EnableScrollBar
CloseWindowStation
SetWindowTextW
CreateMDIWindowA
SetScrollPos
SetShellWindow
CreateIconIndirect
GetMenuDefaultItem
GetClipboardSequenceNumber
WINNLSEnableIME
SendNotifyMessageW
BroadcastSystemMessageA
CreateAcceleratorTableW
GetWindowTextW
ReleaseDC
EnumDesktopWindows
GetLastActivePopup

gdi32

GetStockObject
CreateMetaFileA
CreatePatternBrush
GetPolyFillMode
DeleteDC
FillPath
UnrealizeObject
AddFontResourceA
GetFontLanguageInfo
SetICMProfileW
GdiEntry3
SetGraphicsMode
XLATEOBJ_iXlate
GetTextMetricsA
InvertRgn
AnyLinkedFonts
AddFontResourceW
CopyEnhMetaFileW
GdiComment
DescribePixelFormat
GdiIsMetaPrintDC
RemoveFontResourceExA
EngLockSurface
FONTOBJ_vGetInfo
SetAbortProc
SetMetaRgn
AddFontResourceExW
GetROP2
EngBitBlt
STROBJ_vEnumStart

advapi32

RegOpenKeyA
RegQueryValueExA
GetAce
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
SetSecurityInfo
GetSecurityInfo
RegOpenKeyExA

shell32

Shell_NotifyIconW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8c14bc897613c1128c2fc7265378546

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 7KB - Virtual size: 6KB

.rsrc Size: 15KB - Virtual size: 14KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 15KB - Virtual size: 14KB