9c76a29d9349d21165a916b11ded6139a3cc066d3c59880a5b9016d42ea948fd

Sharing

Copy URL

Twitter E-mail

General

Target

9c76a29d9349d21165a916b11ded6139a3cc066d3c59880a5b9016d42ea948fd
Size

2.4MB
MD5

0f72869956627879b0ae5bbf36458d4e
SHA1

7d54df00b0132c05551f077cdd9264d1b9f5cbad
SHA256

9c76a29d9349d21165a916b11ded6139a3cc066d3c59880a5b9016d42ea948fd
SHA512

d6f1ec2c6a6bfbafed2190bfc5fb2907df4f3e824f9dcfcf1e924e9873ebd4d9665b10b64a7ba53088c90fe0266e424d9cc4f172653d96f852b8edbc86f21652
SSDEEP

6144:NeI/YwxwYCrUrvc5wHy11hemuccWYXYEPXBa4C6F4q:NeIVwYNc5wHybFoYEPXO6F4

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

9c76a29d9349d21165a916b11ded6139a3cc066d3c59880a5b9016d42ea948fd
.exe windows x86

3db6a8b93941dedb1c87a0bc73cb7ea3

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
LocalFree
WideCharToMultiByte
FormatMessageW
GetModuleHandleA
LocalAlloc
SetEndOfFile
GetProcessPriorityBoost
GetCurrentThread
Heap32Next
GlobalGetAtomNameW
Thread32Next
SetCurrentDirectoryW
GetConsoleAliasesLengthA
GetCPInfo
GetOEMCP
RtlUnwind
ExitProcess
TerminateProcess
HeapFree
RaiseException
HeapReAlloc
HeapSize
HeapAlloc
GetACP
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetProcAddress
SetLastError
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
GlobalHandle
InterlockedExchange
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
lstrcpynA
GetModuleFileNameA
lstrcpyA
lstrcatA
SetErrorMode
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
GetStdHandle
CreateFileA
ReadFile
SetFilePointer
WriteFile
FreeEnvironmentStringsA
CloseHandle

user32

LoadIconA
EnableScrollBar
BroadcastSystemMessage
GetMenuBarInfo
ReleaseDC
WINNLSGetEnableStatus
HideCaret
EnumPropsExA
ReleaseCapture
DrawIconEx
GrayStringA
SetClassLongA
SendNotifyMessageA
IntersectRect
DrawFrameControl
SetMenu
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
ShowWindow
LoadCursorA
GetSysColorBrush
DestroyMenu
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
LoadStringA
DrawTextA
TabbedTextOutA
GetDC
GetMenuItemCount
wsprintfA
UnhookWindowsHookEx
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowLongA
GetClassNameA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
SendMessageA
PostQuitMessage
PostMessageA
GetDlgItem
GetMessagePos
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
EnableWindow

gdi32

GetStockObject
AnimatePalette
PolyDraw
GetETM
EnumICMProfilesW
GetTextMetricsW
SetTextAlign
GdiGetPageHandle
Polygon
GetBoundsRect
FONTOBJ_pifi
GetHFONT
GdiInitializeLanguagePack
GetViewportExtEx
EudcUnloadLinkW
GetRgnBox
StretchDIBits
CreatePenIndirect
StretchBlt
ExtCreateRegion
ResetDCW
EngFillPath
SaveDC
SetColorAdjustment
GetMetaFileA
GetEnhMetaFilePaletteEntries
GdiEntry5
GetBkMode
BRUSHOBJ_pvAllocRbrush
GetWindowExtEx
CreateColorSpaceW
GetEnhMetaFileDescriptionW
ExtSelectClipRgn
DescribePixelFormat
TextOutA
FONTOBJ_pQueryGlyphAttrs
GetTextCharset
ResizePalette
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
ExtTextOutA
Escape
GetObjectA
SetBkColor
SelectObject
RestoreDC
DeleteDC
CreateBitmap
DeleteObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

shell32

SHGetDiskFreeSpaceA
SHLoadInProc
SHGetIconOverlayIndexA
SHCreateDirectoryExW
SHGetDiskFreeSpaceExW
DragQueryFileW
SHLoadNonloadedIconOverlayIdentifiers
SHGetSpecialFolderPathW
SHAddToRecentDocs
SHGetFileInfo
SHGetPathFromIDListA
SHAppBarMessage
SHGetFolderPathA
SHGetPathFromIDList
SHGetSettings
ExtractAssociatedIconA
ExtractIconEx
SHGetIconOverlayIndexW
SHGetMalloc
SHGetDiskFreeSpaceExA
SHPathPrepareForWriteA
SHGetFileInfoW
CommandLineToArgvW
WOWShellExecute
DragFinish
CheckEscapesW
ShellAboutW
SHInvokePrinterCommandW
FindExecutableW

shlwapi

StrRChrIW
StrCmpNIW
StrRChrIA
StrChrIW
StrRStrIW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3db6a8b93941dedb1c87a0bc73cb7ea3

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.data Size: 8KB - Virtual size: 8KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 8KB - Virtual size: 8KB