c40644540e6a8fa57f5c4d2c0fadc246cfe30d42cfe090effeb4999210c18d56

Sharing

Copy URL

Twitter E-mail

General

Target

c40644540e6a8fa57f5c4d2c0fadc246cfe30d42cfe090effeb4999210c18d56
Size

2.3MB
MD5

a3e677d1495f9e379a2cfc313be21440
SHA1

881a9bf890d9a9e4ce838220afce3bba95ad561f
SHA256

c40644540e6a8fa57f5c4d2c0fadc246cfe30d42cfe090effeb4999210c18d56
SHA512

c3a1d5770fd8d301928bfc61e0bfb2a55cd37c5a12d192a3dc384ba215502a192eec2b192382e04dc2179a772916c39d8fe18a70ef7a9a909a29027429856d25
SSDEEP

12288:+Jhc0nq8b90nc2P97TNFpiAMUEHTnIDTUZky:+Lc0q8hV2JApPTnIDJy

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

c40644540e6a8fa57f5c4d2c0fadc246cfe30d42cfe090effeb4999210c18d56
.exe windows x86

3d9dadcc03c7be7ca46b59011d44ead0

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
lstrlenW
lstrcmpA
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
UnmapViewOfFile
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadContext
SetThreadAffinityMask
SetPriorityClass
SetLastError
SetFilePointer
SetEvent
ResumeThread
ResetEvent
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
PulseEvent
OutputDebugStringW
OpenProcess
OpenMutexW
OpenFileMappingA
OpenFileMappingW
OpenEventA
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryExW
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVolumeInformationA
GetVersionExA
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathW
GetSystemTime
GetSystemDirectoryA
GetSystemDirectoryW
GetStartupInfoW
GetProcessVersion
GetProcessAffinityMask
GetProcAddress
GetPriorityClass
GetModuleHandleA
GetModuleFileNameA
GetModuleFileNameW
GetLogicalDrives
GetLastError
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentStringsW
GetDriveTypeW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCommandLineA
FreeResource
InterlockedIncrement
InterlockedDecrement
FreeLibrary
FormatMessageA
FormatMessageW
FindResourceA
FindResourceW
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToDosDateTime
ExitProcess
EnumResourceNamesW
EnterCriticalSection
DuplicateHandle
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CompareStringW
CloseHandle
GetProfileSectionA
FatalExit
ExitThread
GetShortPathNameA
GetDiskFreeSpaceExA
GetLongPathNameA
GetConsoleTitleA
Heap32ListNext
IsValidLanguageGroup
FileTimeToSystemTime
RtlZeroMemory
_lclose
OpenJobObjectA
GetMailslotInfo
GetDriveTypeA
SwitchToThread
IsProcessorFeaturePresent
_lwrite
CommConfigDialogA
InterlockedExchange
InterlockedExchangeAdd
GetStartupInfoA

user32

LoadIconW
LoadCursorFromFileW
GetAsyncKeyState
GetForegroundWindow
GetKeyboardLayout
GetDC
GetSystemMetrics
GetDlgCtrlID
GetListBoxInfo
GetThreadDesktop
ShowCaret
DestroyWindow
GetClipboardViewer
GetTopWindow
CharLowerA
IsWindow
GetFocus
GetOpenClipboardWindow
CreateMenu
GetCapture
GetKBCodePage
LoadIconA
WaitForInputIdle
TranslateMessage
SystemParametersInfoW
AnimateWindow
ShowWindow
ShowOwnedPopups
SetWindowRgn
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetPropA
SetParent
SetForegroundWindow
SetCursorPos
SetClassLongW
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageCallbackA
SendMessageA
SendMessageW
RemovePropA
ReleaseDC
RegisterWindowMessageW
PostThreadMessageA
PostMessageA
PostMessageW
OffsetRect
MsgWaitForMultipleObjects
LoadImageW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsIconic
InvalidateRect
InflateRect
GetWindowThreadProcessId
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetSystemMenu
GetPropA
GetParent
GetWindow
GetMessageW
GetMenu
GetClientRect
GetClassNameA
GetClassLongW
FrameRect
FindWindowExA
FindWindowExW
FindWindowW
EnumWindows
EnumThreadWindows
EnableWindow
EnableMenuItem
DrawTextW
DrawFrameControl
DrawFocusRect
DispatchMessageW
DestroyIcon
ChildWindowFromPointEx
CharUpperW
CharLowerW
AttachThreadInput
AdjustWindowRectEx
ReplyMessage
wsprintfA
DdeEnableCallback
MonitorFromPoint
SetUserObjectInformationA
VkKeyScanExA
GetDlgItem
GetDesktopWindow
SetSysColors
DlgDirListComboBoxA
TabbedTextOutW
ExcludeUpdateRgn
LoadStringW
SetClipboardData
DdeCreateStringHandleW
EqualRect
OpenDesktopA
keybd_event
CharPrevExA
SendMessageCallbackW
DdeFreeDataHandle
MessageBeep
SetWindowsHookW
IMPQueryIMEA
EndMenu
InvertRect
SetMenu
VkKeyScanW

gdi32

GetStockObject
UnrealizeObject
CreateMetaFileA
CreatePatternBrush
GetPolyFillMode
DeleteDC
FillPath
AddFontResourceA
GetFontLanguageInfo
TranslateCharsetInfo
SelectObject
GetTextExtentPointW
GetTextExtentPoint32W
DeleteObject
CreateRoundRectRgn
CreateFontIndirectW
BitBlt
GetCharacterPlacementW
CreateDIBitmap
GdiDeleteSpoolFileHandle
GetPath
CLIPOBJ_cEnumStart
CreateEllipticRgnIndirect
CreateBitmapIndirect
GetCurrentObject

advapi32

RegOpenKeyA
RegQueryValueExA

shell32

SHBrowseForFolderW
Shell_NotifyIcon
ExtractIconA
SHBrowseForFolderA
SHLoadNonloadedIconOverlayIdentifiers
ShellAboutW
FindExecutableW
ShellExecuteA
SHLoadInProc
SHFileOperationA
Shell_NotifyIconA
DoEnvironmentSubstW
SHBindToParent
SHGetDesktopFolder
SHCreateDirectoryExA
SHGetSpecialFolderLocation
ExtractIconExA
SHGetMalloc
CheckEscapesW
SHGetSpecialFolderPathA
ExtractAssociatedIconExW
SHGetFileInfoA
DoEnvironmentSubstA
SHChangeNotify
SHGetDataFromIDListA
DragQueryFileAorW
SHGetIconOverlayIndexW
SHIsFileAvailableOffline
FindExecutableA
DragFinish
ExtractAssociatedIconW

ole32

CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
GetHGlobalFromStream
CoCreateGuid

shlwapi

StrStrIW
StrStrA
StrChrIA
StrRStrIA
StrChrA

comctl32

ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 558B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d9dadcc03c7be7ca46b59011d44ead0

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 1024B - Virtual size: 558B

.data Size: 10KB - Virtual size: 10KB

.rsrc Size: 94KB - Virtual size: 94KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 1024B - Virtual size: 558B

.data
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 94KB - Virtual size: 94KB