e6cb3628e2443b514d5944e9d381fda134a8df5b5b5d5be8e88a9ef8428d6a6f

Sharing

Copy URL

Twitter E-mail

General

Target

e6cb3628e2443b514d5944e9d381fda134a8df5b5b5d5be8e88a9ef8428d6a6f
Size

1.9MB
MD5

24677df9e2e3b76ea49b727a1fe59f96
SHA1

6f58c397a3b36279731a69ad5d8fcb78a3990409
SHA256

e6cb3628e2443b514d5944e9d381fda134a8df5b5b5d5be8e88a9ef8428d6a6f
SHA512

8514d3db23aa4ae188204b3090f16471bdac542aaaf0277b5cba59ffe61ea8fdd92aca464107571381e4aad56330068c7f238977035f622f0d1d40e4f40c3967
SSDEEP

6144:ztKJnv0N4sc6UKOahwyl2bbuBD9t4Piqqb5wVhFsbnNsef:pKJnv0N4sd7l1R9Ua5wVo7

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

e6cb3628e2443b514d5944e9d381fda134a8df5b5b5d5be8e88a9ef8428d6a6f
.exe windows x86

fe2ca1be3bda2a757036a89e54cc02db

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
lstrlenW
lstrcmpA
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
UnmapViewOfFile
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadContext
SetThreadAffinityMask
SetPriorityClass
SetLastError
SetFilePointer
SetEvent
ResumeThread
ResetEvent
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
PulseEvent
OutputDebugStringW
OpenProcess
OpenMutexW
OpenFileMappingA
OpenFileMappingW
OpenEventA
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryExW
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVolumeInformationA
GetVersionExA
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathW
GetSystemTime
GetSystemDirectoryA
GetSystemDirectoryW
GetStartupInfoW
GetProcessVersion
GetProcessAffinityMask
GetProcAddress
GetPriorityClass
GetModuleHandleA
GetModuleFileNameA
GetModuleFileNameW
GetLogicalDrives
GetLastError
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentStringsW
GetDriveTypeW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCommandLineA
FreeResource
InterlockedIncrement
InterlockedDecrement
FreeLibrary
FormatMessageA
FormatMessageW
FindResourceA
FindResourceW
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToDosDateTime
ExitProcess
EnumResourceNamesW
EnterCriticalSection
DuplicateHandle
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CompareStringW
CloseHandle
GetProfileSectionA
FatalExit
ExitThread
GetShortPathNameA
GetDiskFreeSpaceExA
GetLongPathNameA
GetConsoleTitleA
Heap32ListNext
IsValidLanguageGroup
FileTimeToSystemTime
RtlZeroMemory
_lclose
OpenJobObjectA
GetMailslotInfo
GetDriveTypeA
SwitchToThread
IsProcessorFeaturePresent
_lwrite
CommConfigDialogA
InterlockedExchange
InterlockedExchangeAdd
GetStartupInfoA

user32

LoadIconW
LoadCursorFromFileW
GetAsyncKeyState
GetForegroundWindow
GetKeyboardLayout
GetDC
GetSystemMetrics
GetDlgCtrlID
GetListBoxInfo
GetThreadDesktop
ShowCaret
DestroyWindow
GetClipboardViewer
GetTopWindow
CharLowerA
LoadIconA
WaitForInputIdle
TranslateMessage
SystemParametersInfoW
AnimateWindow
ShowWindow
ShowOwnedPopups
SetWindowRgn
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetPropA
SetParent
SetForegroundWindow
SetCursorPos
SetClassLongW
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageCallbackA
SendMessageA
SendMessageW
RemovePropA
ReleaseDC
RegisterWindowMessageW
PostThreadMessageA
PostMessageA
PostMessageW
OffsetRect
MsgWaitForMultipleObjects
LoadImageW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
InvalidateRect
InflateRect
GetWindowThreadProcessId
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetSystemMenu
GetPropA
GetParent
GetWindow
GetMessageW
GetMenu
GetClientRect
GetClassNameA
GetClassLongW
FrameRect
FindWindowExA
FindWindowExW
FindWindowW
EnumWindows
EnumThreadWindows
EnableWindow
EnableMenuItem
DrawTextW
DrawFrameControl
DrawFocusRect
DispatchMessageW
DestroyIcon
ChildWindowFromPointEx
CharUpperW
CharLowerW
AttachThreadInput
AdjustWindowRectEx

gdi32

GetStockObject
UnrealizeObject
CreateMetaFileA
CreatePatternBrush
GetPolyFillMode
DeleteDC
FillPath
TranslateCharsetInfo
SelectObject
GetTextExtentPointW
GetTextExtentPoint32W
DeleteObject
CreateRoundRectRgn
CreateFontIndirectW
BitBlt
GetCharacterPlacementW
CreateDIBitmap
GdiDeleteSpoolFileHandle
GetPath
CLIPOBJ_cEnumStart
CreateEllipticRgnIndirect
CreateBitmapIndirect
GetCurrentObject

advapi32

RegOpenKeyA
RegQueryValueExA
SetSecurityDescriptorDacl
RegUnLoadKeyW
RegOpenKeyExA
RegLoadKeyW
RegCloseKey
OpenProcessToken
LookupAccountSidA
LookupAccountSidW
InitializeSecurityDescriptor
GetUserNameW
GetTokenInformation
GetLengthSid
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetKernelObjectSecurity
CryptSetProvParam
CryptGetProvParam
CryptDestroyHash
CryptSignHashA
CryptSetHashParam
CryptCreateHash
CryptImportKey
CryptExportKey
CryptReleaseContext
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextA
CryptDecrypt

shell32

SHGetFileInfoA
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathA
SHGetFolderPathW
ord155
SHGetSpecialFolderLocation
SHGetFolderLocation
SHGetPathFromIDListA
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIcon
ExtractIconA
SHBrowseForFolderA
SHLoadNonloadedIconOverlayIdentifiers
ShellAboutW
FindExecutableW
ShellExecuteA
SHLoadInProc
SHFileOperationA
Shell_NotifyIconA
DoEnvironmentSubstW
SHBindToParent
SHGetDesktopFolder
SHCreateDirectoryExA
ExtractIconExA
SHGetMalloc
CheckEscapesW
SHGetSpecialFolderPathA
ExtractAssociatedIconExW
DoEnvironmentSubstA
SHChangeNotify
SHGetDataFromIDListA
DragQueryFileAorW
SHGetIconOverlayIndexW
SHIsFileAvailableOffline
FindExecutableA
DragFinish
ExtractAssociatedIconW

ole32

CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
GetHGlobalFromStream
CoCreateGuid

shlwapi

StrStrIW
StrStrA
StrChrIA
StrRStrIA
StrChrA

comctl32

ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe2ca1be3bda2a757036a89e54cc02db

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 512B - Virtual size: 201B

.data Size: 11KB - Virtual size: 10KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 512B - Virtual size: 201B

.data
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 3KB - Virtual size: 3KB