f9af24990129bb00953a59c0b56f6426f1a3130f309625fa9a35c89715081772

Sharing

Copy URL

Twitter E-mail

General

Target

f9af24990129bb00953a59c0b56f6426f1a3130f309625fa9a35c89715081772
Size

2.2MB
MD5

8628755ea0f5ecc4bcf3cc7c19004dbc
SHA1

1afe38ffc11a53c69069e500ace7cd7429f431d7
SHA256

f9af24990129bb00953a59c0b56f6426f1a3130f309625fa9a35c89715081772
SHA512

148996ba953a8dbe495f0efba09619dea5b8956c1d9533933714287693de86821c0c2b8d9d0d84c57cf20f75be54024bbd248ecbbbe3063a21642c450e323d1c
SSDEEP

6144:Ala96g9ZbXtDGA/+FA3nL+0Qr+ssUONLOOdE:AJeZbYAGFA3LlQr8FJtd

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

f9af24990129bb00953a59c0b56f6426f1a3130f309625fa9a35c89715081772
.exe windows x86

3abb26883211fe99463d33d03e0dff41

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
FlushFileBuffers
GetEnvironmentStrings
GetSystemInfo
LocalFree
GetCurrentProcess
lstrcpyW
ExpandEnvironmentStringsW
LocalReAlloc
LocalAlloc
lstrlenW
FindNextFileW
CompareStringW
FindClose
lstrcmpiW
GetLastError
FindFirstFileW
SetLastError
LeaveCriticalSection
EnterCriticalSection
ExitThread
GetEnvironmentVariableW
SetEvent
FindCloseChangeNotification
Sleep
WaitForMultipleObjects
FindNextChangeNotification
CloseHandle
CreateEventW
FindFirstChangeNotificationW
ResumeThread
SetThreadPriority
CreateThread
WaitForSingleObject
InitializeCriticalSection
SetProcessShutdownParameters
OpenEventW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
VirtualProtect
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoA
lstrcmp
GetConsoleAliasesLengthW
RemoveDirectoryW
ReadFileEx
EscapeCommFunction
GetComputerNameW
GlobalUnfix
lstrcatA
LocalHandle
InitAtomTable
OpenFile
GetThreadLocale
GlobalAlloc
_lclose
CreateProcessA
GetExitCodeProcess
CallNamedPipeA
CreateMutexW
CopyFileExW
GetFileSizeEx
UnregisterWaitEx
GetStringTypeExA
GetConsoleFontSize
ReplaceFileA
LocalCompact
GetUserDefaultUILanguage
EnumResourceTypesA
WaitForSingleObjectEx
GetFileInformationByHandle
BuildCommDCBA
EnumCalendarInfoExW
ReadConsoleW
RaiseException
IsBadReadPtr
lstrlenA
lstrcpyA
MulDiv
OutputDebugStringA
lstrcmpiA
GlobalSize
GlobalReAlloc
GlobalLock
GetLocalTime
MoveFileA
SetErrorMode
GetSystemTime
GetTimeZoneInformation
WinExec
GetSystemDefaultLangID
GetSystemDirectoryA
LockResource
SizeofResource
LoadResource
FreeResource
FindResourceA
_lread
SetEndOfFile
_lwrite
_llseek
GetWindowsDirectoryA
GlobalFlags
FatalAppExitA
SetEnvironmentVariableA
LocalLock
GlobalUnlock
LocalUnlock
GetVersion
FreeLibrary
GlobalHandle
GetProfileStringA
lstrcmpA
IsDBCSLeadByte
GlobalFree
ReadFile
CreateFileA
CompareStringA

user32

LoadIconA
CharLowerA
CharNextA
LoadCursorFromFileW
GetParent
ReleaseCapture
GetKeyboardLayout
GetDC
IsClipboardFormatAvailable
EndMenu
GetMessageTime
OpenIcon
WindowFromDC
CloseDesktop
CharUpperW
IsWindowVisible
IsCharLowerW
IsMenu
EnumClipboardFormats
IsCharUpperA
GetCapture
MsgWaitForMultipleObjectsEx
SetMenuItemInfoA
GetScrollPos
SetForegroundWindow
SetFocus
RealChildWindowFromPoint
SetWindowTextA
GetWindowModuleFileNameA
IsWindowEnabled
UnhookWinEvent
TileChildWindows
GetClassInfoExA
IsDialogMessageW
SetClipboardData
PostMessageA
DrawCaption
GetClipboardSequenceNumber
IMPQueryIMEW
SetMenu
GetPropA
SetCapture
GetShellWindow
MapVirtualKeyA
FindWindowExA
IsWindowUnicode
WinHelpA
GetMenuContextHelpId
CreateIconFromResourceEx
DefDlgProcA
DefFrameProcW
DragObject
GetClientRect
GetDlgCtrlID
DdeAccessData
SetWindowWord
MapVirtualKeyExA
RegisterHotKey
RegisterClassA
ToUnicodeEx
TrackPopupMenuEx
LoadAcceleratorsA
DestroyAcceleratorTable
InvalidateRect
SendDlgItemMessageA
GetDialogBaseUnits
IsDlgButtonChecked
CheckDlgButton
GetNextDlgTabItem
SetScrollRange
SetDlgItemTextA
GetDlgItemTextA
MapWindowPoints
CheckRadioButton
GetDoubleClickTime
RegisterClassW
GetWindowTextA
InvalidateRgn
ScrollDC
IsZoomed
AppendMenuA
GetSystemMenu
GetClassLongA
GetClassLongW
DispatchMessageA
DispatchMessageW
GetMessageW
GetMessageA
DefWindowProcW
VkKeyScanA
LoadKeyboardLayoutA
ActivateKeyboardLayout
GetKeyboardLayoutList
InvertRect
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
CloseClipboard
EmptyClipboard
OpenClipboard
GetClipboardData
HiliteMenuItem
GetMenuState
GetMenuItemID
DeleteMenu
DrawMenuBar
EqualRect
UnionRect
GetDesktopWindow
GetMessagePos
SetParent
GetClassInfoA
SetWindowPos
MessageBoxA
DialogBoxParamA
BringWindowToTop
OffsetRect
GetCaretBlinkTime
SetTimer
MessageBeep
CreateDialogParamA
SendMessageA
GetAsyncKeyState
EnableWindow
GetScrollRange
SetScrollPos
SetCursor
PtInRect
ShowCursor
GetMenuItemCount
LoadStringA
UpdateWindow
GetMenu
FindWindowA
GetKeyState
PeekMessageA
KillTimer
DefWindowProcA
LoadCursorA
IsDialogMessageA
GetFocus
BeginPaint
EndPaint
ScreenToClient
SetRect
FillRect
IntersectRect
CopyRect
SetWindowLongA
MoveWindow
DestroyWindow
CheckMenuItem
SetRectEmpty
RemoveMenu
GetSubMenu
CreateMenu
EnableMenuItem
GetMenuStringA
ModifyMenuA
InsertMenuA
TranslateMessage
PostQuitMessage
CreateWindowExA
LoadMenuA
IsIconic
GetWindowLongA
ClientToScreen
GetWindowRect
GetClassNameA
DestroyMenu
IsRectEmpty
IsWindow
ShowWindow
LoadBitmapA
GetSysColor
GetDlgItem
DrawTextA
wsprintfA
GetSystemMetrics
GetWindowDC
ReleaseDC
EndDialog
InflateRect
GetCursorPos
GetActiveWindow

gdi32

GetStockObject
GetFontLanguageInfo
GetTextCharacterExtra
AbortDoc
GdiGetBatchLimit
EndPage
SaveDC
GetTextAlign
AddFontResourceW
AddFontResourceA
GetBkMode
GdiAddFontResourceW
GetGlyphOutline
AngleArc
EngUnicodeToMultiByteN
CreateMetaFileW
SetColorSpace
GetWorldTransform
XLATEOBJ_cGetPalette
AddFontMemResourceEx
EngStretchBlt
RoundRect
CreateEnhMetaFileA
SwapBuffers
GetMetaFileA
GetCharWidthFloatA
SelectPalette
GdiConvertBitmapV5
CreateBrushIndirect
GetTextExtentPointI
GetSystemPaletteUse
CombineTransform
SetMetaFileBitsEx
SetSystemPaletteUse
CreateCompatibleBitmap
CreateFontIndirectA
LineTo
SetBkMode
CreatePen
MoveToEx
BitBlt
DeleteMetaFile
GetObjectA
GetDeviceCaps
SetBkColor
CopyMetaFileA
PatBlt
CreatePatternBrush
SetTextColor
PtVisible
GetTextFaceA
CreateBitmap
ExtTextOutA
SetMapMode
CreateFontA
GetCharWidthA
GetCharWidth32A
GetMapMode
GetCharWidth32W
GetBitmapBits
GetCharWidthW
TextOutW
SetTextAlign
TextOutA
Escape
CreateICA
GetTextMetricsA
EnumFontFamiliesExA
CreateSolidBrush
EnumFontsA
SelectClipRgn
SetRectRgn
CreateRectRgn
GetClipBox
RectVisible
CreateRectRgnIndirect
Ellipse
Polygon
SetROP2
SetMapperFlags
ExtTextOutW
Arc
SetWindowExtEx
SetWindowOrgEx
GetTextExtentPoint32A
CloseMetaFile
RestoreDC
CreateMetaFileA
StretchBlt
EnumMetaFile
PlayMetaFile
SetViewportExtEx
SetStretchBltMode
FillRgn
CombineRgn
GetMetaFileBitsEx
Rectangle
DeleteDC
CreateCompatibleDC
DeleteObject
SelectObject

advapi32

RegOpenKeyA
RegQueryValueExA
GetAce
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
SetSecurityInfo
GetSecurityInfo
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA

shell32

Shell_NotifyIconW
SHGetDiskFreeSpaceExW
SHGetSettings
ShellHookProc
SHGetDataFromIDListW
SHCreateProcessAsUserW
SHEmptyRecycleBinW
DuplicateIcon
SHGetIconOverlayIndexA
ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
DragFinish
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHGetPathFromIDListW
SHFileOperationW
SHGetSpecialFolderLocation
SHInvokePrinterCommandA
Shell_NotifyIcon
DragQueryFileW
SHBrowseForFolderW
DragQueryFileA
ExtractAssociatedIconA
SHGetPathFromIDList
SHGetDataFromIDListA
SHBrowseForFolderA
SHCreateDirectoryExW
SHEmptyRecycleBinA
SHGetDesktopFolder
SHQueryRecycleBinW
SHGetFileInfoW
DragAcceptFiles

ole32

CreateDataAdviseHolder
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
GetHGlobalFromILockBytes
CoDisconnectObject
CoLockObjectExternal
OleUninitialize
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
OleInitialize
CreateOleAdviseHolder
OleRegEnumFormatEtc
ReleaseStgMedium
WriteFmtUserTypeStg
OleTranslateAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
GetRunningObjectTable
CoGetMalloc
OleDuplicateData
OleGetClipboard
WriteClassStg
OleFlushClipboard
OleSetClipboard

shlwapi

StrStrA
StrStrW
StrRChrIW
StrRStrIA
StrRStrIW
StrChrW
StrRChrA

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3abb26883211fe99463d33d03e0dff41

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 14KB - Virtual size: 14KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 14KB - Virtual size: 14KB