40a4f7184aee555b871823a677a8ac7278856f735f8fd0080322f8c67e8be4f2

Sharing

Copy URL

Twitter E-mail

General

Target

40a4f7184aee555b871823a677a8ac7278856f735f8fd0080322f8c67e8be4f2
Size

2.0MB
MD5

e5607c54c026676782b24856d4214d58
SHA1

a0e576281fa43368f48a93b6009f4329ed35aa34
SHA256

40a4f7184aee555b871823a677a8ac7278856f735f8fd0080322f8c67e8be4f2
SHA512

c7317c8caf82a0cebf63ad70f0095aeb6d884b93495f9b2c576dc4d8672ffb2c88ef0be4ae8d8c187bbc0476179598a95452a9c52b45b1ef9a493be94c376a13
SSDEEP

6144:PFKJnv0N4sciUKOvelSgh2GAyyotHAk7cUeApxyz3CnN7:tKJnv0N4sTlwygqeEIz3Cp

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

40a4f7184aee555b871823a677a8ac7278856f735f8fd0080322f8c67e8be4f2
.exe windows x86

4a670d0f20e3642367b0d90ebf3dde81

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
GetDiskFreeSpaceExW
HeapAlloc
HeapSize
GetProcessHeap
HeapFree
WideCharToMultiByte
HeapReAlloc
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrcpyW
GlobalUnlock
GlobalFree
GlobalHandle
GlobalLock
DebugBreak
GlobalAlloc
GetLastError
GetPrivateProfileIntW
MultiByteToWideChar
FreeLibrary
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
GetSystemDirectoryW
SetCurrentDirectoryW
GetFileAttributesW
GetModuleFileNameW
GetSystemDefaultLangID
GetComputerNameW
GetCurrentDirectoryA
GetVersionExW
LocalAlloc
LocalFree
MulDiv
CloseHandle
CreateFileW
GetTickCount
WriteFile
GetCurrentThreadId
lstrlenW
SetLastError
GetSystemInfo
GetLocalTime
WinExec
CreateProcessW
GetDriveTypeW
GetStartupInfoW
FileTimeToSystemTime
GetVersion
DeleteFileW
GlobalSize
FindNextFileA
DeleteFileA
FindClose
FindFirstFileA
lstrcpyA
GetFileAttributesA
SearchPathA
GetTempPathA
lstrlenA
SetFilePointer
CreateFileA
ResumeThread
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
GetModuleFileNameA
RemoveDirectoryA
lstrcmpiA
GetSystemDirectoryA
SetStdHandle
LoadLibraryA
GetStringTypeW
GetStringTypeA
LCMapStringW
FlushFileBuffers
LCMapStringA
lstrcatA
GetCurrentProcess
RtlUnwind
VirtualFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate

user32

LoadIconW
LoadIconA
LoadCursorFromFileW
GetSystemMetrics
GetDlgCtrlID
GetListBoxInfo
GetThreadDesktop
ShowCaret
DestroyWindow
GetClipboardViewer
GetTopWindow
CharLowerA

gdi32

GetStockObject
UnrealizeObject
CreateMetaFileA
CreatePatternBrush
GetPolyFillMode
DeleteDC
FillPath

advapi32

RegOpenKeyA
RegQueryValueExA

ole32

CoInitializeSecurity
CoUninitialize

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a670d0f20e3642367b0d90ebf3dde81

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 512B - Virtual size: 201B

.data Size: 112KB - Virtual size: 112KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 512B - Virtual size: 201B

.data
Size: 112KB - Virtual size: 112KB

.rsrc
Size: 2KB - Virtual size: 2KB