ea7d4373da7e6566f95a2690b5334b2a0919e301b7b649e7090b06b970325c6a

Sharing

Copy URL

Twitter E-mail

General

Target

ea7d4373da7e6566f95a2690b5334b2a0919e301b7b649e7090b06b970325c6a
Size

272KB
MD5

ee780533b22873a5be86ee8ec6ab4e0b
SHA1

14690eacf6f362b43fbf2863dfcc79ea71f5b1ea
SHA256

ea7d4373da7e6566f95a2690b5334b2a0919e301b7b649e7090b06b970325c6a
SHA512

5b26d5245000a35fe674f596d85b5fe9a0e27f7f902afacb80d0423e916f155e62390e211a898c135691f5d3586c776fb3f34e1abdf62cc85e86ac12c9b796b5
SSDEEP

3072:Qli7xi3Qz51PZZbnq8n11yOIDArRzZp9ypKpBPWHQmALcSQ7pe8BbD:iiqm118D0Zp9ykPWHQWbBbD

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

ea7d4373da7e6566f95a2690b5334b2a0919e301b7b649e7090b06b970325c6a
.exe windows x86

3007824ebeec9fe536c532ed0ad980d5

Code Sign

8e:ab:b2:64:8e:f5:57:ab:73:5d:55:0c:42:56:95:25
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04-04-2020 00:00

Not After

04-04-2021 23:59

Subject

CN=Interoute Cloud Denmark ApS,O=Interoute Cloud Denmark ApS,POSTALCODE=1059,STREET=5 Niels Juels Gade,L=Kobenhavn,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:fb:e4:83:b4:de:61:dc:84:d5:86:05:ec:01:93:66:20:74:12:f6
Signer

Actual PE Digest

34:fb:e4:83:b4:de:61:dc:84:d5:86:05:ec:01:93:66:20:74:12:f6

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Interoute Cloud Denmark ApS,O=Interoute Cloud Denmark ApS,POSTALCODE=1059,STREET=5 Niels Juels Gade,L=Kobenhavn,C=DK

03-02-2022 03:05
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExW
MoveFileExW
GetFileAttributesW
RemoveDirectoryW
DeleteFileW
FindFirstFileW
SetEndOfFile
FlushFileBuffers
GetFileTime
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CancelIo
ReadDirectoryChangesW
GetFileInformationByHandle
GetOverlappedResult
LoadLibraryW
GetCurrentProcessId
SetErrorMode
InterlockedIncrement
InterlockedDecrement
CreateMutexW
SetThreadPriority
GetVersionExW
lstrlenW
GlobalFree
SystemTimeToFileTime
LocalFileTimeToFileTime
SetThreadExecutionState
ResumeThread
GetLocaleInfoW
GetNumberFormatW
SleepEx
GetCurrentThread
DuplicateHandle
GlobalSize
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsFree
TlsSetValue
FindNextFileW
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameW
GetStdHandle
ExitProcess
HeapCreate
GetStartupInfoW
HeapSetInformation
GetCommandLineW
CreateThread
ExitThread
SetConsoleCtrlHandler
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualProtect
DecodePointer
EncodePointer
HeapQueryInformation
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetFileSize
GlobalAlloc
GetNativeSystemInfo
GetThreadPriority
GetProcessAffinityMask
GlobalUnlock
GlobalLock
FormatMessageW
MultiByteToWideChar
LoadLibraryA
LocalAlloc
FindClose
GetExitCodeThread
CopyFileW
Sleep
FreeLibrary
IsDebuggerPresent
SetDllDirectoryW
OutputDebugStringW
WideCharToMultiByte
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
WaitForMultipleObjects
SetEvent
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
WaitForSingleObject
GetLastError
GetModuleHandleW
GetProcAddress
GetTickCount
InterlockedExchange
GetVersion
MulDiv
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
SetLastError
GetFileType
GetSystemTimeAsFileTime
RtlUnwind
GetConsoleCP
GetConsoleMode
LCMapStringW
GetStringTypeW
SetStdHandle
WriteConsoleW
TlsGetValue
GetEnvironmentStringsA
FindFirstFileExW
SetConsoleActiveScreenBuffer
LocalUnlock
GetNumberFormatA
GetComputerNameW
SetComputerNameExW
AreFileApisANSI
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
CreateNamedPipeW
GetCPInfoExA
FindNextVolumeW
BuildCommDCBW
GetConsoleDisplayMode
MoveFileWithProgressA
CompareStringA
GetConsoleAliasExesW
SetNamedPipeHandleState
ReleaseMutex
OpenProcess
LocalFree
GetModuleHandleA
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
TerminateThread
lstrcmpiW
LoadLibraryExW
DeviceIoControl
CreateFileA
GetPrivateProfileStringW
GetWindowsDirectoryW
lstrlenA
lstrcmpiA
lstrcmpA
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
LCMapStringA
GetStartupInfoA
CreateEventA
CreateWaitableTimerA
SetWaitableTimer
OpenEventA
GetModuleFileNameA
GetVolumeInformationW
DeleteAtom
GetSystemWindowsDirectoryW
CreateSemaphoreA
ReleaseSemaphore
DisconnectNamedPipe
ConnectNamedPipe
PeekNamedPipe
FindAtomW
AddAtomW
OpenThread
GetAtomNameW
GetSystemTime
GetFileSizeEx
SetFilePointerEx

user32

MsgWaitForMultipleObjects
GetKeyState
RegisterClipboardFormatW
wsprintfW
AllowSetForegroundWindow
EnumWindows
GetClassNameW
SetActiveWindow
CheckMenuRadioItem
CopyRect
GetWindowPlacement
IsIconic
OffsetRect
MonitorFromRect
IsWindowVisible
GetMenuItemCount
EnumThreadWindows
GetSystemMetrics
GetFocus
SetForegroundWindow
UnregisterClassA
SetClipboardData
SetMenuItemInfoW
GetMenuItemInfoW
IsChild
MoveWindow
GetDC
UpdateWindow
AdjustWindowRect
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetComboBoxInfo
EndDeferWindowPos
IsZoomed
DeferWindowPos
BeginDeferWindowPos
DrawEdge
DrawTextW
FillRect
CharUpperW
DestroyAcceleratorTable
LoadAcceleratorsW
TranslateAcceleratorW
MapDialogRect
GetDlgCtrlID
GetClientRect
GetActiveWindow
MapWindowPoints
CharLowerW
GetDlgItem
DialogBoxParamW
EndDialog
SetWindowLongW
SetLayeredWindowAttributes
BeginPaint
EndPaint
GetWindowDC
ReleaseDC
GetSysColor
DefWindowProcW
PostMessageW
ScreenToClient
ClientToScreen
GetWindowLongW
CallWindowProcW
DestroyWindow
CreateWindowExW
RegisterClassExW
GetClassInfoExW
LoadCursorW
TrackPopupMenu
GetMessagePos
DrawIconEx
DestroyIcon
SetFocus
SetCapture
LoadImageW
SetCursor
SetTimer
SetWindowPos
KillTimer
ShowWindow
GetScrollInfo
CreateDialogParamW
LoadIconW
MessageBoxW
GetWindowRect
EnableWindow
SetWindowTextW
IsWindowEnabled
EnumChildWindows
GetParent
MessageBeep
RegisterHotKey
UnregisterHotKey
SetDlgItemTextW
SendDlgItemMessageW
MapVirtualKeyW
CreatePopupMenu
AppendMenuW
DestroyMenu
MonitorFromPoint
GetMonitorInfoW
GetMenu
AdjustWindowRectEx
InvalidateRect
GetWindowTextW
WindowFromPoint
GetWindowThreadProcessId
IsDialogMessageW
IntersectRect
RegisterShellHookWindow
DeregisterShellHookWindow
RegisterWindowMessageW
UnregisterClassW
RegisterClassW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RedrawWindow
CloseClipboard
OpenClipboard
EmptyClipboard
IsCharAlphaW
TrackPopupMenuEx
IsClipboardFormatAvailable
GetClipboardData
SendMessageW
GetWindowLongA
WindowFromDC
DdeQueryConvInfo
GetMenuStringW
EnumDesktopWindows
WinHelpA
DrawTextExA
SetRect
ShowScrollBar
ValidateRgn
ShowWindowAsync
EnumPropsExA
SendNotifyMessageW
DdeGetLastError
ExcludeUpdateRgn
DialogBoxIndirectParamA
CreateDialogIndirectParamW
EnumWindowStationsA
SetDebugErrorLevel
LoadMenuIndirectA
SetProcessWindowStation
LoadStringW
FindWindowExW
GetClassInfoW
CharNextW
MonitorFromWindow
GetWindow
LoadIconA
GetMenuContextHelpId
ReleaseCapture
GetMessageTime
OpenIcon
CharNextA
GetSysColorBrush
OemKeyScan
EndMenu
GetClipboardOwner
GetTopWindow
IsCharLowerW
DestroyCursor
GetKeyboardLayout
IsCharAlphaNumericA
IsWindowUnicode
InSendMessage
GetKBCodePage
GetMessageExtraInfo
PaintDesktop
IsCharAlphaNumericW
GetCaretBlinkTime
EnumClipboardFormats
GetQueueStatus
CloseDesktop
CreateMenu
GetListBoxInfo
CloseWindowStation
GetProcessWindowStation
GetClipboardSequenceNumber
GetOpenClipboardWindow
GetClipboardViewer
GetDialogBaseUnits
GetThreadDesktop
IsCharAlphaA
LoadCursorFromFileA
GetCapture
IsMenu
GetDesktopWindow
IsCharLowerA
CountClipboardFormats
VkKeyScanA
CloseWindow
GetWindowContextHelpId
GetWindowTextLengthW
IsWindow
DrawMenuBar
AnyPopup
GetMenuCheckMarkDimensions
IsGUIThread
VkKeyScanW
LoadCursorFromFileW
CopyIcon
GetLastActivePopup
CharUpperA
GetInputState
CharLowerA
GetCursor
IsCharUpperW
GetForegroundWindow
ShowCaret
GetWindowTextLengthA
GetDoubleClickTime
GetAsyncKeyState
GetKeyboardType
GetShellWindow
IsCharUpperA

gdi32

CreateFontIndirectW
GetObjectW
DeleteObject
DeleteDC
SetWindowOrgEx
GetTextExtentPoint32W
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
SetBkColor
ExtTextOutW
SetBkMode
SetTextColor
SetDCBrushColor
GetStockObject
OffsetWindowOrgEx
RemoveFontResourceW
GdiQueryFonts
CreatePatternBrush
CreateFontA
GdiStartPageEMF
EngTextOut
EngFreeModule
BRUSHOBJ_pvAllocRbrush
GdiSetPixelFormat
UnrealizeObject
SetICMProfileA
GetDCPenColor
XLATEOBJ_hGetColorTransform
AddFontMemResourceEx
PATHOBJ_vEnumStartClipLines
EngFindResource
SetDCPenColor
PolyBezier
SetROP2
SetStretchBltMode
EndDoc
GetKerningPairsW
FONTOBJ_cGetAllGlyphHandles
GetPixel
GdiAddGlsBounds
GetTextExtentExPointA
DeleteColorSpace
GetROP2
GetMapMode
GetDCBrushColor
WidenPath
AddFontResourceW
GetBkMode
GetTextCharacterExtra
DeleteMetaFile
EndPage
GdiFlush
CancelDC
SwapBuffers
GetSystemPaletteUse
CloseFigure
CreateHalftonePalette
AddFontResourceA
UpdateColors
GetEnhMetaFileA
DeleteEnhMetaFile
CloseEnhMetaFile
GdiGetBatchLimit
EndPath
PathToRegion
CreateMetaFileW
GetTextColor
GetColorSpace
GetEnhMetaFileW
GetBkColor
CreateMetaFileA
StrokePath
SaveDC
CreateSolidBrush
RealizePalette
GetLayout
GetGraphicsMode
SetMetaRgn
CloseMetaFile
AbortPath
GetObjectType
GetStretchBltMode
GetTextCharset
GetPixelFormat
GetPolyFillMode
BeginPath
GetFontLanguageInfo
AbortDoc
FillPath
FlattenPath
GetTextAlign

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyW
RegCreateKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
CryptAcquireContextW
RegCreateKeyExW
CryptGetHashParam
CryptVerifySignatureW
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptImportKey
RegSetValueExW
RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyW
RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
RegOpenKeyA
RegSetValueExA
GetUserNameA

shell32

ShellExecuteExW
SHGetDesktopFolder
SHOpenFolderAndSelectItems
SHChangeNotify
DragAcceptFiles
DragFinish
ShellExecuteW
SHGetFolderPathW
Shell_NotifyIconA
SHGetSpecialFolderPathW
CheckEscapesW
WOWShellExecute
DoEnvironmentSubstW
CommandLineToArgvW
SHGetIconOverlayIndexA

ole32

OleUninitialize
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid
ReleaseStgMedium
OleGetClipboard
OleSetClipboard
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

shlwapi

SHAutoComplete
StrCmpLogicalW
SHDeleteKeyW
StrStrW
PathFileExistsW
PathRemoveFileSpecW
SHGetValueW
PathCombineW
PathAppendW
PathStripPathW
SHGetValueA
SHSetValueA

comctl32

ImageList_ReplaceIcon
ImageList_Add
ImageList_LoadImageW
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3007824ebeec9fe536c532ed0ad980d5

Code Sign

8e:ab:b2:64:8e:f5:57:ab:73:5d:55:0c:42:56:95:25Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

34:fb:e4:83:b4:de:61:dc:84:d5:86:05:ec:01:93:66:20:74:12:f6Signer

Signature Validations

Verification

03-02-2022 03:05 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 199KB - Virtual size: 199KB

.data Size: 45KB - Virtual size: 44KB

.rsrc Size: 1KB - Virtual size: 1KB

8e:ab:b2:64:8e:f5:57:ab:73:5d:55:0c:42:56:95:25
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

34:fb:e4:83:b4:de:61:dc:84:d5:86:05:ec:01:93:66:20:74:12:f6
Signer

03-02-2022 03:05
Valid: false

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 199KB - Virtual size: 199KB

.data
Size: 45KB - Virtual size: 44KB

.rsrc
Size: 1KB - Virtual size: 1KB