7068a9b1749daed4ee27f076965df1781e1cb9a5d0a4bdc116c7e9f9006adbee

Sharing

Copy URL

Twitter E-mail

General

Target

7068a9b1749daed4ee27f076965df1781e1cb9a5d0a4bdc116c7e9f9006adbee
Size

2.3MB
MD5

7a02ac2bd0ea8a9f20246680e7cca71e
SHA1

f73d578daae66444d17991b25706a2894205e761
SHA256

7068a9b1749daed4ee27f076965df1781e1cb9a5d0a4bdc116c7e9f9006adbee
SHA512

1378ee9023442ffd81f636d851a80f2aebf265dbdd26f0303c4ccf6c6c29789a3689ee424076fed74f5da89163f4a4fcc7b29e9cfe2997dfb64d54fb13ad852e
SSDEEP

6144:CR4la96g6ca3nq8fD9FbAghlRtDnNzqshvhdrQXt6tG4n/vkyXn:G4Jhc0nq8b9FPtDF1FrQXt6ttvky

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

7068a9b1749daed4ee27f076965df1781e1cb9a5d0a4bdc116c7e9f9006adbee
.exe windows x86

6db3949c948f60d32962e9f6414a4482

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
lstrlenW
lstrcmpA
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
UnmapViewOfFile
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadContext
SetThreadAffinityMask
SetPriorityClass
SetLastError
SetFilePointer
SetEvent
ResumeThread
ResetEvent
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
PulseEvent
OutputDebugStringW
OpenProcess
OpenMutexW
OpenFileMappingA
OpenFileMappingW
OpenEventA
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryExW
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVolumeInformationA
GetVersionExA
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathW
GetSystemTime
GetSystemDirectoryA
GetSystemDirectoryW
GetStartupInfoW
GetProcessVersion
GetProcessAffinityMask
GetProcAddress
GetPriorityClass
GetModuleHandleA
GetModuleFileNameA
GetModuleFileNameW
GetLogicalDrives
GetLastError
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentStringsW
GetDriveTypeW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCommandLineA
FreeResource
InterlockedIncrement
InterlockedDecrement
FreeLibrary
FormatMessageA
FormatMessageW
FindResourceA
FindResourceW
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToDosDateTime
ExitProcess
EnumResourceNamesW
EnterCriticalSection
DuplicateHandle
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CompareStringW
CloseHandle
GetProfileSectionA
FatalExit
ExitThread
GetShortPathNameA
GetDiskFreeSpaceExA
GetLongPathNameA
GetConsoleTitleA
Heap32ListNext
IsValidLanguageGroup
FileTimeToSystemTime
RtlZeroMemory
_lclose
OpenJobObjectA
GetMailslotInfo
GetDriveTypeA
SwitchToThread
IsProcessorFeaturePresent
_lwrite
CommConfigDialogA
InterlockedExchange
InterlockedExchangeAdd
GetStartupInfoA

user32

LoadIconW
LoadCursorFromFileW
GetAsyncKeyState
GetForegroundWindow
GetKeyboardLayout
GetDC
GetSystemMetrics
GetDlgCtrlID
GetListBoxInfo
GetThreadDesktop
ShowCaret
DestroyWindow
GetClipboardViewer
GetTopWindow
CharLowerA
IsWindow
GetFocus
GetOpenClipboardWindow
CreateMenu
GetCapture
GetKBCodePage
LoadIconA
WaitForInputIdle
TranslateMessage
SystemParametersInfoW
AnimateWindow
ShowWindow
ShowOwnedPopups
SetWindowRgn
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetPropA
SetParent
SetForegroundWindow
SetCursorPos
SetClassLongW
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageCallbackA
SendMessageA
SendMessageW
RemovePropA
ReleaseDC
RegisterWindowMessageW
PostThreadMessageA
PostMessageA
PostMessageW
OffsetRect
MsgWaitForMultipleObjects
LoadImageW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsIconic
InvalidateRect
InflateRect
GetWindowThreadProcessId
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetSystemMenu
GetPropA
GetParent
GetWindow
GetMessageW
GetMenu
GetClientRect
GetClassNameA
GetClassLongW
FrameRect
FindWindowExA
FindWindowExW
FindWindowW
EnumWindows
EnumThreadWindows
EnableWindow
EnableMenuItem
DrawTextW
DrawFrameControl
DrawFocusRect
DispatchMessageW
DestroyIcon
ChildWindowFromPointEx
CharUpperW
CharLowerW
AttachThreadInput
AdjustWindowRectEx
ReplyMessage
wsprintfA
DdeEnableCallback
MonitorFromPoint
SetUserObjectInformationA
VkKeyScanExA
GetDlgItem
GetDesktopWindow
SetSysColors
DlgDirListComboBoxA
TabbedTextOutW
ExcludeUpdateRgn
LoadStringW
SetClipboardData
DdeCreateStringHandleW
EqualRect
OpenDesktopA
keybd_event
CharPrevExA
SendMessageCallbackW
DdeFreeDataHandle
MessageBeep
SetWindowsHookW
IMPQueryIMEA
EndMenu
InvertRect
SetMenu
VkKeyScanW

gdi32

GetStockObject
CreateMetaFileA
CreatePatternBrush
GetPolyFillMode
DeleteDC
FillPath
UnrealizeObject
AddFontResourceA
GetFontLanguageInfo
TranslateCharsetInfo
SelectObject
GetTextExtentPointW
GetTextExtentPoint32W
DeleteObject
CreateRoundRectRgn
CreateFontIndirectW
BitBlt
GetCharacterPlacementW
CreateDIBitmap
GdiDeleteSpoolFileHandle
GetPath
CLIPOBJ_cEnumStart
CreateEllipticRgnIndirect
CreateBitmapIndirect
GetCurrentObject

advapi32

RegOpenKeyA
RegQueryValueExA
SetSecurityDescriptorDacl
RegUnLoadKeyW
RegOpenKeyExA
RegLoadKeyW
RegCloseKey
OpenProcessToken
LookupAccountSidA
LookupAccountSidW
InitializeSecurityDescriptor
GetUserNameW
GetTokenInformation
GetLengthSid
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetKernelObjectSecurity
CryptSetProvParam
CryptGetProvParam
CryptDestroyHash
CryptSignHashA
CryptSetHashParam
CryptCreateHash
CryptImportKey
CryptExportKey
CryptReleaseContext
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextA
CryptDecrypt

shell32

SHGetFileInfoA
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathA
SHGetFolderPathW
ord155
SHGetSpecialFolderLocation
SHGetFolderLocation
SHGetPathFromIDListA
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIcon
ExtractIconA
SHBrowseForFolderA
SHLoadNonloadedIconOverlayIdentifiers
ShellAboutW
FindExecutableW
ShellExecuteA
SHLoadInProc
SHFileOperationA
Shell_NotifyIconA
DoEnvironmentSubstW
SHBindToParent
SHGetDesktopFolder
SHCreateDirectoryExA
ExtractIconExA
SHGetMalloc
CheckEscapesW
SHGetSpecialFolderPathA
ExtractAssociatedIconExW
DoEnvironmentSubstA
SHChangeNotify
SHGetDataFromIDListA
DragQueryFileAorW
SHGetIconOverlayIndexW
SHIsFileAvailableOffline
FindExecutableA
DragFinish
ExtractAssociatedIconW

ole32

CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
GetHGlobalFromStream
CoCreateGuid

shlwapi

StrStrIW
StrStrA
StrChrIA
StrRStrIA
StrChrA

comctl32

ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 558B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6db3949c948f60d32962e9f6414a4482

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 1024B - Virtual size: 558B

.data Size: 11KB - Virtual size: 11KB

.rsrc Size: 94KB - Virtual size: 94KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 1024B - Virtual size: 558B

.data
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 94KB - Virtual size: 94KB