ea29b8325436ef52d94bcf82442ddf1af4210087d4872c1f0c22e46826390f33

Sharing

Copy URL

Twitter E-mail

General

Target

ea29b8325436ef52d94bcf82442ddf1af4210087d4872c1f0c22e46826390f33
Size

2.1MB
MD5

bf6608b3969388a44aec67f8757ccb00
SHA1

6fe04c4f41c68ef2bbea46dcafaf5947190052d3
SHA256

ea29b8325436ef52d94bcf82442ddf1af4210087d4872c1f0c22e46826390f33
SHA512

d92b25935334a9a1d6987c90b8f17af7d3ff53c211d45dff30a9a6da141609339e7945b810cf2c6f5cff8d468834c5fe3e28427335c3766d1d3df41654fce561
SSDEEP

6144:1ZbXtD6P6puRkuGN75d5ScKHRC19GItKBDP7be5LP1:1Zb8ymkuG55dZKHRC19yCL

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

ea29b8325436ef52d94bcf82442ddf1af4210087d4872c1f0c22e46826390f33
.exe windows x86

3db6a8b93941dedb1c87a0bc73cb7ea3

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
LocalFree
WideCharToMultiByte
FormatMessageW
GetModuleHandleA
LocalAlloc
SetEndOfFile
GetProcessPriorityBoost
GetCurrentThread
Heap32Next
GlobalGetAtomNameW
Thread32Next
SetCurrentDirectoryW
GetConsoleAliasesLengthA
GetCPInfo
GetOEMCP
RtlUnwind
ExitProcess
TerminateProcess
HeapFree
RaiseException
HeapReAlloc
HeapSize
HeapAlloc
GetACP
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetProcAddress
SetLastError
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
GlobalHandle
InterlockedExchange
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
lstrcpynA
GetModuleFileNameA
lstrcpyA
lstrcatA
SetErrorMode
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
GetStdHandle
CreateFileA
ReadFile
SetFilePointer
WriteFile
FreeEnvironmentStringsA
CloseHandle

user32

LoadIconA
EnableScrollBar
BroadcastSystemMessage
GetMenuBarInfo
ReleaseDC
WINNLSGetEnableStatus
HideCaret
EnumPropsExA
ReleaseCapture
DrawIconEx
GrayStringA
SetClassLongA
SendNotifyMessageA
IntersectRect
DrawFrameControl
SetMenu
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
ShowWindow
LoadCursorA
GetSysColorBrush
DestroyMenu
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
LoadStringA
DrawTextA
TabbedTextOutA
GetDC
GetMenuItemCount
wsprintfA
UnhookWindowsHookEx
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowLongA
GetClassNameA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
SendMessageA
PostQuitMessage
PostMessageA
GetDlgItem
GetMessagePos
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
EnableWindow

gdi32

GetStockObject
AnimatePalette
PolyDraw
GetETM
EnumICMProfilesW
GetTextMetricsW
SetTextAlign
GdiGetPageHandle
Polygon
GetBoundsRect
FONTOBJ_pifi
GetHFONT
GdiInitializeLanguagePack
GetViewportExtEx
EudcUnloadLinkW
GetRgnBox
StretchDIBits
CreatePenIndirect
StretchBlt
ExtCreateRegion
ResetDCW
EngFillPath
SaveDC
SetColorAdjustment
GetMetaFileA
GetEnhMetaFilePaletteEntries
GdiEntry5
GetBkMode
BRUSHOBJ_pvAllocRbrush
GetWindowExtEx
CreateColorSpaceW
GetEnhMetaFileDescriptionW
ExtSelectClipRgn
DescribePixelFormat
TextOutA
FONTOBJ_pQueryGlyphAttrs
GetTextCharset
ResizePalette
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
ExtTextOutA
Escape
GetObjectA
SetBkColor
SelectObject
RestoreDC
DeleteDC
CreateBitmap
DeleteObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

shell32

SHGetDiskFreeSpaceA
SHLoadInProc
SHGetIconOverlayIndexA
SHCreateDirectoryExW
SHGetDiskFreeSpaceExW
DragQueryFileW
SHLoadNonloadedIconOverlayIdentifiers
SHGetSpecialFolderPathW
SHAddToRecentDocs
SHGetFileInfo
SHGetPathFromIDListA
SHAppBarMessage
SHGetFolderPathA
SHGetPathFromIDList
SHGetSettings
ExtractAssociatedIconA
ExtractIconEx
SHGetIconOverlayIndexW
SHGetMalloc
SHGetDiskFreeSpaceExA
SHPathPrepareForWriteA
SHGetFileInfoW
CommandLineToArgvW
WOWShellExecute
DragFinish
CheckEscapesW
ShellAboutW
SHInvokePrinterCommandW
FindExecutableW

shlwapi

StrRChrIW
StrCmpNIW
StrRChrIA
StrChrIW
StrRStrIW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3db6a8b93941dedb1c87a0bc73cb7ea3

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.data Size: 8KB - Virtual size: 8KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 8KB - Virtual size: 8KB