dc24c89b3de78c71f89538b71542a042c67fb549b3f4bdb38094e93e955bccad

Sharing

Copy URL

Twitter E-mail

General

Target

dc24c89b3de78c71f89538b71542a042c67fb549b3f4bdb38094e93e955bccad
Size

2.0MB
MD5

25e2675a128c63a51134bdf681d0bc1f
SHA1

a73256db9ac17485fe3ee5cec5645aa626048bb7
SHA256

dc24c89b3de78c71f89538b71542a042c67fb549b3f4bdb38094e93e955bccad
SHA512

bd5d3bfd5a4e6cf88d13fdabdee94a79be9e156fb3b984f8d0d667ce728a555bdd4d01d12d8f431c1f64ab07b26e4b623d5586cda9fc4289bf271ea0845c9f18
SSDEEP

6144:vSKJnv0N4sc8UKOPDoGtCPv9usnW4iP9JyrEhYb:qKJnv0N4s4oCC39uOs9Jy4i

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

dc24c89b3de78c71f89538b71542a042c67fb549b3f4bdb38094e93e955bccad
.exe windows x86

adea4567f5582afbf946cc655aab4617

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
GetSystemTimeAsFileTime
HeapAlloc
RtlUnwind
ExitProcess
HeapReAlloc
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
SetUnhandledExceptionFilter
IsValidCodePage
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEnvironmentVariableA
UnhandledExceptionFilter
TerminateProcess
HeapFree
GetStartupInfoW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
lstrlenA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GetModuleHandleA
InterlockedDecrement
GlobalFindAtomW
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
MulDiv
GetCurrentProcessId
GlobalAddAtomW
SetLastError
GlobalUnlock
lstrlenW
WritePrivateProfileStringW
FreeResource
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetModuleFileNameW
ExpandEnvironmentStringsW
GetSystemInfo
GetModuleHandleW
GetProcAddress
LocalFree
FormatMessageW
Sleep
CreateThread
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetLastError
DeleteFileW
GetCommandLineW
FindResourceW
LoadResource
LockResource
GetOEMCP
SizeofResource
GetProcessIoCounters
ProcessIdToSessionId
GetProfileStringA
TryEnterCriticalSection
SetConsoleActiveScreenBuffer
ReleaseMutex
GetDefaultCommConfigA
FreeLibraryAndExitThread
DeleteFiber
GlobalAddAtomA
GetAtomNameA
WritePrivateProfileSectionW
GetProcessPriorityBoost
VerSetConditionMask
FindFirstChangeNotificationA
SetConsoleCursorInfo
SetDefaultCommConfigW
lstrcat
_lread
VirtualLock
_lopen
GlobalUnfix
SetVolumeLabelW
FindFirstFileExW
SleepEx
WritePrivateProfileStringA
IsValidLocale
EnumDateFormatsA
GetCommMask
GetCurrencyFormatA
EnumResourceNamesA
GetSystemWindowsDirectoryW
FreeConsole
OpenEventA
EnumCalendarInfoExA
Process32FirstW
EnumDateFormatsExW
IsProcessorFeaturePresent
PeekNamedPipe
GetFileInformationByHandle
GetWindowsDirectoryW
HeapQueryInformation
ExitThread
GetDriveTypeW
DecodePointer
EncodePointer
HeapSetInformation
FindResourceExW
SearchPathW
GetProfileIntW
GetNumberFormatW
GetTempPathW
GetTempFileNameW
GetFileAttributesExW
GetProcessHeap
lstrcmpiW
GlobalGetAtomNameW
GetCurrentDirectoryW
ReleaseActCtx
CreateActCtxW
WaitForSingleObject
ResumeThread
SetThreadPriority
GlobalSize
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
ActivateActCtx
DeactivateActCtx
VerifyVersionInfoW
GetNativeSystemInfo
CopyFileW
GetSystemDirectoryW

user32

PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
ReleaseCapture
LoadCursorW
SetCapture
CharUpperW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetLastActivePopup
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
RegisterClipboardFormatW
GetFocus
ModifyMenuW
UnregisterClassW
GetSysColorBrush
GetMenuState
EnableMenuItem
CheckMenuItem
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageW
MessageBoxW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageW
AppendMenuW
GetSystemMenu
LoadIconW
EnableWindow
MapWindowPoints
DdeDisconnectList
CheckMenuRadioItem
WINNLSEnableIME
GetClipboardFormatNameA
EnumDisplaySettingsA
LoadImageA
GetAncestor
EnumPropsA
CopyIcon
SetUserObjectInformationW
WindowFromPoint
GetLastInputInfo
CallMsgFilterA
DdeQueryConvInfo
DlgDirSelectExW
SetDlgItemTextW
TrackPopupMenu
SetCaretPos
GetWindowModuleFileName
CharLowerA
SetCaretBlinkTime
DefFrameProcA
FindWindowExW
VkKeyScanW
PeekMessageA
GetKBCodePage
DialogBoxParamA
SetSystemCursor
ModifyMenuA
GetWindowRgn
EnumPropsW
GetKeyNameTextW
wvsprintfA
CharUpperBuffW
FrameRect
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
CopyImage
GetIconInfo
HideCaret
InvertRect
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadImageW
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
DestroyIcon
GetMenuDefaultItem
SetMenuDefaultItem
GetMenuItemInfoW
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
RedrawWindow
SetWindowRgn
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
WaitMessage
DefFrameProcW
CheckDlgButton
BeginDeferWindowPos
EndDeferWindowPos
MonitorFromWindow
GetMonitorInfoW
ScrollWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DrawStateW
ShowOwnedPopups
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DestroyCursor
ScreenToClient
FillRect
GetMenuStringW
InsertMenuW
RemoveMenu
InflateRect
LoadIconA
GetThreadDesktop
GetCaretBlinkTime
CloseDesktop
GetShellWindow
ShowCaret
GetListBoxInfo
GetClipboardViewer

gdi32

GetStockObject
GetBkColor
ExtSelectClipRgn
GetMapMode
DeleteDC
GetTextColor
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetRgnBox
CreateRectRgnIndirect
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
EngAlphaBlend
GetBoundsRect
EngCreateSemaphore
GetNearestColor
LineDDA
GetTextCharsetInfo
GetTextExtentPoint32W
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CreateRoundRectRgn
CreateDIBSection
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
EnumFontFamiliesW
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetTextFaceW
SetPixelV
GetTextMetricsW
CreateCompatibleBitmap
CreateFontIndirectW
CreateDIBitmap
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
CreateCompatibleDC
CreatePatternBrush
OffsetWindowOrgEx
SetWindowOrgEx
Rectangle
GetPixel
BitBlt
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetROP2
SetPolyFillMode
SetBkMode
CreateDCW
CopyMetaFileW
GetEnhMetaFileA
UnrealizeObject
CreateMetaFileW
AddFontResourceW
GetGraphicsMode
GetSystemPaletteUse
GetDCPenColor
BeginPath
EndPath
GdiFlush
CreateMetaFileA

comdlg32

GetFileTitleW

advapi32

RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
CryptAcquireContextW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
OpenSCManagerW
CreateServiceW
CloseServiceHandle
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryValueExA

shell32

CommandLineToArgvW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteW
SHGetIconOverlayIndexW
ExtractAssociatedIconExA
SHLoadNonloadedIconOverlayIdentifiers
WOWShellExecute
ExtractIconA
DragFinish
DragQueryFile
SHFileOperation
SHQueryRecycleBinA
SHCreateProcessAsUserW
SHAppBarMessage
FindExecutableW
ExtractIconW
SHGetSpecialFolderPathW
SHGetIconOverlayIndexA
SHBrowseForFolderA
SHGetSpecialFolderPathA
ExtractIconExA
ShellExecuteA
SHChangeNotify
SHInvokePrinterCommandA
DragQueryPoint
ExtractAssociatedIconExW
SHFileOperationA
SHAddToRecentDocs
ExtractIconEx
Shell_NotifyIconA
SHIsFileAvailableOffline
SHBindToParent
ExtractAssociatedIconA
SHGetFolderPathW
DragQueryFileW
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleIsCurrentClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
DoDragDrop
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoUninitialize
OleDuplicateData
ReleaseStgMedium
CoCreateGuid

shlwapi

PathFileExistsW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
StrCmpNW
StrCmpNIW
StrRChrIW
StrStrA
StrRStrIW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 555B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adea4567f5582afbf946cc655aab4617

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

imm32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 1024B - Virtual size: 555B

.data Size: 126KB - Virtual size: 126KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 1024B - Virtual size: 555B

.data
Size: 126KB - Virtual size: 126KB

.rsrc
Size: 2KB - Virtual size: 1KB