c0157e0dccbf0ff1007c733d6fb6c5942dd3182b524e68a068fdff2f4e05eaa3

Sharing

Copy URL

Twitter E-mail

General

Target

c0157e0dccbf0ff1007c733d6fb6c5942dd3182b524e68a068fdff2f4e05eaa3
Size

2.1MB
MD5

2cfc51a33dd53cd00b7f82dd2b056e53
SHA1

b24f0bb2fe16f5c866f6a81cdd71ce0d9ede939f
SHA256

c0157e0dccbf0ff1007c733d6fb6c5942dd3182b524e68a068fdff2f4e05eaa3
SHA512

ecc92c5098c1900d571b1944a0f4eae7d017e456fa149fd441ddaf56ba5bcebb5e5ab9bb20746441713c6d9cfafd9cafa0b5f764fc80893eec27bcf57eb02a2e
SSDEEP

3072:SVjFZb92atmGDdsiYpv3YynigZgvbhV8+aDIWPJLF/0rbl60kgM2zqHlhK1XO2e:iZbXtDo3dnxKvb5W/0rbl60ks+bsXe6

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

c0157e0dccbf0ff1007c733d6fb6c5942dd3182b524e68a068fdff2f4e05eaa3
.exe windows x86

3db6a8b93941dedb1c87a0bc73cb7ea3

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
LocalFree
WideCharToMultiByte
FormatMessageW
GetModuleHandleA
LocalAlloc
SetEndOfFile
GetProcessPriorityBoost
GetCurrentThread
Heap32Next
GlobalGetAtomNameW
Thread32Next
SetCurrentDirectoryW
GetConsoleAliasesLengthA
GetCPInfo
GetOEMCP
RtlUnwind
ExitProcess
TerminateProcess
HeapFree
RaiseException
HeapReAlloc
HeapSize
HeapAlloc
GetACP
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetProcAddress
SetLastError
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
GlobalHandle
InterlockedExchange
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
lstrcpynA
GetModuleFileNameA
lstrcpyA
lstrcatA
SetErrorMode
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
GetStdHandle
CreateFileA
ReadFile
SetFilePointer
WriteFile
FreeEnvironmentStringsA
CloseHandle

user32

LoadIconA
EnableScrollBar
BroadcastSystemMessage
GetMenuBarInfo
ReleaseDC
WINNLSGetEnableStatus
HideCaret
EnumPropsExA
ReleaseCapture
DrawIconEx
GrayStringA
SetClassLongA
SendNotifyMessageA
IntersectRect
DrawFrameControl
SetMenu
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
ShowWindow
LoadCursorA
GetSysColorBrush
DestroyMenu
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
LoadStringA
DrawTextA
TabbedTextOutA
GetDC
GetMenuItemCount
wsprintfA
UnhookWindowsHookEx
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowLongA
GetClassNameA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
SendMessageA
PostQuitMessage
PostMessageA
GetDlgItem
GetMessagePos
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
EnableWindow

gdi32

GetStockObject
AnimatePalette
PolyDraw
GetETM
EnumICMProfilesW
GetTextMetricsW
SetTextAlign
GdiGetPageHandle
Polygon
GetBoundsRect
FONTOBJ_pifi
GetHFONT
GdiInitializeLanguagePack
GetViewportExtEx
EudcUnloadLinkW
GetRgnBox
StretchDIBits
CreatePenIndirect
StretchBlt
ExtCreateRegion
ResetDCW
EngFillPath
SaveDC
SetColorAdjustment
GetMetaFileA
GetEnhMetaFilePaletteEntries
GdiEntry5
GetBkMode
BRUSHOBJ_pvAllocRbrush
GetWindowExtEx
CreateColorSpaceW
GetEnhMetaFileDescriptionW
ExtSelectClipRgn
DescribePixelFormat
TextOutA
FONTOBJ_pQueryGlyphAttrs
GetTextCharset
ResizePalette
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
ExtTextOutA
Escape
GetObjectA
SetBkColor
SelectObject
RestoreDC
DeleteDC
CreateBitmap
DeleteObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

shell32

SHGetDiskFreeSpaceA
SHLoadInProc
SHGetIconOverlayIndexA
SHCreateDirectoryExW
SHGetDiskFreeSpaceExW
DragQueryFileW
SHLoadNonloadedIconOverlayIdentifiers
SHGetSpecialFolderPathW
SHAddToRecentDocs
SHGetFileInfo
SHGetPathFromIDListA
SHAppBarMessage
SHGetFolderPathA
SHGetPathFromIDList
SHGetSettings
ExtractAssociatedIconA
ExtractIconEx
SHGetIconOverlayIndexW
SHGetMalloc
SHGetDiskFreeSpaceExA
SHPathPrepareForWriteA
SHGetFileInfoW
CommandLineToArgvW
WOWShellExecute
DragFinish
CheckEscapesW
ShellAboutW
SHInvokePrinterCommandW
FindExecutableW

shlwapi

StrRChrIW
StrCmpNIW
StrRChrIA
StrChrIW
StrRStrIW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3db6a8b93941dedb1c87a0bc73cb7ea3

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.data Size: 8KB - Virtual size: 8KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 8KB - Virtual size: 8KB