df00adf1fb966829442c3933c08a85ad8cbdd1097d5a71422b8503d397f242a9

Sharing

Copy URL

Twitter E-mail

General

Target

df00adf1fb966829442c3933c08a85ad8cbdd1097d5a71422b8503d397f242a9
Size

1.9MB
MD5

aed9891bffd34b072018072f82aaec78
SHA1

4a51e246dd0bb889c02a7d20a7d518151a05370c
SHA256

df00adf1fb966829442c3933c08a85ad8cbdd1097d5a71422b8503d397f242a9
SHA512

31309e4fbf00daa77bb9ca4cd93561b8af5e44c3ac420316b596b8b4935b6c5a04692a38be2ff9542c14529876d3706fbb8f6a7681359773f74da2a300ee33ef
SSDEEP

6144:ztKJnv0N4sc6UKOahwyl2bbuBD9t4Piqqb5wVhFsbnNxef:pKJnv0N4sd7l1R9Ua5wVoW

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

df00adf1fb966829442c3933c08a85ad8cbdd1097d5a71422b8503d397f242a9
.exe windows x86

fe2ca1be3bda2a757036a89e54cc02db

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
lstrlenW
lstrcmpA
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
UnmapViewOfFile
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadContext
SetThreadAffinityMask
SetPriorityClass
SetLastError
SetFilePointer
SetEvent
ResumeThread
ResetEvent
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
PulseEvent
OutputDebugStringW
OpenProcess
OpenMutexW
OpenFileMappingA
OpenFileMappingW
OpenEventA
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryExW
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVolumeInformationA
GetVersionExA
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathW
GetSystemTime
GetSystemDirectoryA
GetSystemDirectoryW
GetStartupInfoW
GetProcessVersion
GetProcessAffinityMask
GetProcAddress
GetPriorityClass
GetModuleHandleA
GetModuleFileNameA
GetModuleFileNameW
GetLogicalDrives
GetLastError
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentStringsW
GetDriveTypeW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCommandLineA
FreeResource
InterlockedIncrement
InterlockedDecrement
FreeLibrary
FormatMessageA
FormatMessageW
FindResourceA
FindResourceW
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToDosDateTime
ExitProcess
EnumResourceNamesW
EnterCriticalSection
DuplicateHandle
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CompareStringW
CloseHandle
GetProfileSectionA
FatalExit
ExitThread
GetShortPathNameA
GetDiskFreeSpaceExA
GetLongPathNameA
GetConsoleTitleA
Heap32ListNext
IsValidLanguageGroup
FileTimeToSystemTime
RtlZeroMemory
_lclose
OpenJobObjectA
GetMailslotInfo
GetDriveTypeA
SwitchToThread
IsProcessorFeaturePresent
_lwrite
CommConfigDialogA
InterlockedExchange
InterlockedExchangeAdd
GetStartupInfoA

user32

LoadIconW
LoadCursorFromFileW
GetAsyncKeyState
GetForegroundWindow
GetKeyboardLayout
GetDC
GetSystemMetrics
GetDlgCtrlID
GetListBoxInfo
GetThreadDesktop
ShowCaret
DestroyWindow
GetClipboardViewer
GetTopWindow
CharLowerA
LoadIconA
WaitForInputIdle
TranslateMessage
SystemParametersInfoW
AnimateWindow
ShowWindow
ShowOwnedPopups
SetWindowRgn
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetPropA
SetParent
SetForegroundWindow
SetCursorPos
SetClassLongW
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageCallbackA
SendMessageA
SendMessageW
RemovePropA
ReleaseDC
RegisterWindowMessageW
PostThreadMessageA
PostMessageA
PostMessageW
OffsetRect
MsgWaitForMultipleObjects
LoadImageW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
InvalidateRect
InflateRect
GetWindowThreadProcessId
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetSystemMenu
GetPropA
GetParent
GetWindow
GetMessageW
GetMenu
GetClientRect
GetClassNameA
GetClassLongW
FrameRect
FindWindowExA
FindWindowExW
FindWindowW
EnumWindows
EnumThreadWindows
EnableWindow
EnableMenuItem
DrawTextW
DrawFrameControl
DrawFocusRect
DispatchMessageW
DestroyIcon
ChildWindowFromPointEx
CharUpperW
CharLowerW
AttachThreadInput
AdjustWindowRectEx

gdi32

GetStockObject
UnrealizeObject
CreateMetaFileA
CreatePatternBrush
GetPolyFillMode
DeleteDC
FillPath
TranslateCharsetInfo
SelectObject
GetTextExtentPointW
GetTextExtentPoint32W
DeleteObject
CreateRoundRectRgn
CreateFontIndirectW
BitBlt
GetCharacterPlacementW
CreateDIBitmap
GdiDeleteSpoolFileHandle
GetPath
CLIPOBJ_cEnumStart
CreateEllipticRgnIndirect
CreateBitmapIndirect
GetCurrentObject

advapi32

RegOpenKeyA
RegQueryValueExA
SetSecurityDescriptorDacl
RegUnLoadKeyW
RegOpenKeyExA
RegLoadKeyW
RegCloseKey
OpenProcessToken
LookupAccountSidA
LookupAccountSidW
InitializeSecurityDescriptor
GetUserNameW
GetTokenInformation
GetLengthSid
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetKernelObjectSecurity
CryptSetProvParam
CryptGetProvParam
CryptDestroyHash
CryptSignHashA
CryptSetHashParam
CryptCreateHash
CryptImportKey
CryptExportKey
CryptReleaseContext
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextA
CryptDecrypt

shell32

SHGetFileInfoA
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathA
SHGetFolderPathW
ord155
SHGetSpecialFolderLocation
SHGetFolderLocation
SHGetPathFromIDListA
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIcon
ExtractIconA
SHBrowseForFolderA
SHLoadNonloadedIconOverlayIdentifiers
ShellAboutW
FindExecutableW
ShellExecuteA
SHLoadInProc
SHFileOperationA
Shell_NotifyIconA
DoEnvironmentSubstW
SHBindToParent
SHGetDesktopFolder
SHCreateDirectoryExA
ExtractIconExA
SHGetMalloc
CheckEscapesW
SHGetSpecialFolderPathA
ExtractAssociatedIconExW
DoEnvironmentSubstA
SHChangeNotify
SHGetDataFromIDListA
DragQueryFileAorW
SHGetIconOverlayIndexW
SHIsFileAvailableOffline
FindExecutableA
DragFinish
ExtractAssociatedIconW

ole32

CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
GetHGlobalFromStream
CoCreateGuid

shlwapi

StrStrIW
StrStrA
StrChrIA
StrRStrIA
StrChrA

comctl32

ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe2ca1be3bda2a757036a89e54cc02db

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 512B - Virtual size: 201B

.data Size: 11KB - Virtual size: 10KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 512B - Virtual size: 201B

.data
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 3KB - Virtual size: 3KB