3c2d98cc0446e5e5af99b5a148d12a2be9d78e01b31afeaf649939847ce2e59e

Sharing

Copy URL

Twitter E-mail

General

Target

3c2d98cc0446e5e5af99b5a148d12a2be9d78e01b31afeaf649939847ce2e59e
Size

2.0MB
MD5

7369e8164df0ec7c641c21ce393533b4
SHA1

bb58daad1b6b036e90e644337f61cf1ccbb6fbe8
SHA256

3c2d98cc0446e5e5af99b5a148d12a2be9d78e01b31afeaf649939847ce2e59e
SHA512

ec5973225cece848bf4c766ba51306348a084fdf056e78553b2b967fe8bf79f7deca6dffd231bfd071c53dae899daa6aa89dd1d9fd6ccdae924d7fc9a50daf9a
SSDEEP

6144:+OtKJnv0N4scLUKO4FHfpLe9OKiAOHm9zVPbienNzEUy2EW03WkdcDUR6KjKPNG:+4KJnv0N4sG/pLk8A+Obb/2r

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

3c2d98cc0446e5e5af99b5a148d12a2be9d78e01b31afeaf649939847ce2e59e
.exe windows x86

948c85e2086993e4c021b4e756c3fe9c

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
ExitProcess
SetFilePointer
FileTimeToDosDateTime
FileTimeToLocalFileTime
SetErrorMode
SetCurrentDirectoryA
GetModuleFileNameA
CloseHandle
CreateThread
LocalFree
FormatMessageA
LocalAlloc
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetLastError
CreateMutexA
GetVersionExA
GetVersion
LoadLibraryA
DeleteCriticalSection
WaitForSingleObject
lstrlenA
lstrcmpiA
LeaveCriticalSection
GetFileAttributesA
CreateFileA
GetCurrentDirectoryA
InitializeCriticalSection
lstrcpyA
HeapFree
HeapAlloc
SetLastError
GetDiskFreeSpaceA
CopyFileA
CreateDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetEnvironmentVariableA
lstrcpynA
DeleteFileA
SetFileAttributesA
lstrcatA
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GetDriveTypeA
ExpandEnvironmentStringsA
FreeLibrary
LoadLibraryExA
DeviceIoControl
TerminateProcess
OpenProcess
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
lstrcmpA
SetEvent
CreateEventA
ResetEvent
WriteFile
SetCommState
GetCommState
SetCommTimeouts
ReadFile
ExitThread
WaitForMultipleObjects
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetProcessHeap
DebugBreak
IsDBCSLeadByte
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
GetTempFileNameA
GetTempPathA
EnterCriticalSection
GetFileInformationByHandle
UnregisterWaitEx
GetCompressedFileSizeA
VerSetConditionMask
WritePrivateProfileStructW
SetConsoleTextAttribute
ReadProcessMemory
CreateConsoleScreenBuffer
FlushInstructionCache
CompareStringA
GetSystemDefaultLangID
SizeofResource
LoadResource
FindResourceA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
OutputDebugStringA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
HeapSize
HeapCreate
HeapDestroy
GetStdHandle
GetStringTypeW
GetStringTypeA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
IsDebuggerPresent
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualFree
IsProcessorFeaturePresent
InterlockedIncrement
GetFileSize
InterlockedDecrement
RaiseException
CreateRemoteThread
CreateToolhelp32Snapshot
Process32First
Process32Next
InterlockedCompareExchange

user32

LoadIconW
LoadCursorFromFileW
GetAsyncKeyState
GetForegroundWindow
GetKeyboardLayout
GetDC
GetSystemMetrics
GetDlgCtrlID
GetListBoxInfo
GetThreadDesktop
ShowCaret
DestroyWindow
GetClipboardViewer
GetTopWindow
CharLowerA
LoadIconA
GetClientRect
CopyRect
IsWindow
InvalidateRect
GetSysColor
SendDlgItemMessageA
SetFocus
SetWindowLongA
RedrawWindow
LoadImageA
EnumChildWindows
GetWindowLongA
GetWindowRect
ScreenToClient
SetWindowPos
ShowWindow
SystemParametersInfoA
ReleaseDC
wsprintfA
GetParent
PostMessageA
DialogBoxParamA
EnableWindow
EndDialog
GetDlgItem
SetTimer
FindWindowA
RegisterClassExA
LoadStringA
MessageBoxA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
SetForegroundWindow
EnumThreadWindows
PostQuitMessage
DefWindowProcA
ExitWindowsEx
GetWindowModuleFileNameA
DdeAbandonTransaction
GetCursor
DdeFreeStringHandle
RemovePropA
DlgDirSelectComboBoxExW
DrawMenuBar
PaintDesktop
RegisterClassExW
CascadeChildWindows
SendMessageTimeoutA
UnhookWindowsHookEx
SetClassLongA
GetLastInputInfo
RegisterDeviceNotificationW
CloseWindowStation
DdeClientTransaction
ToAsciiEx
GetTabbedTextExtentA
DdeAddData
GetClipboardData
CreateDialogIndirectParamW
VkKeyScanW
SetSystemCursor
SetWindowTextA
UpdateLayeredWindow
CheckMenuRadioItem
AppendMenuW
UnpackDDElParam
LoadAcceleratorsA
SetWindowsHookExW
DlgDirListComboBoxA
CreateDesktopA
DeleteMenu
WaitForInputIdle
CharNextA
GetWindowTextA
GetWindowTextLengthA
GetDlgItemTextA
CallWindowProcA
CreateDialogParamA
PeekMessageA
GetFocus
GetCapture
ReleaseCapture
EndPaint
BeginPaint
GetCursorPos
SetCursor
DrawFocusRect
FillRect
PtInRect
UnregisterClassA
SetCapture
IsWindowEnabled
UpdateWindow
GetClassNameA
LoadCursorA
SetRectEmpty
IsDialogMessageA
OffsetRect
DrawTextA
GetWindow
MapWindowPoints
SetDlgItemTextA

gdi32

GetStockObject
UnrealizeObject
CreateMetaFileA
CreatePatternBrush
GetPolyFillMode
DeleteDC
FillPath
GetDeviceCaps
CreateFontIndirectA
AddFontResourceA
GetCharacterPlacementA
GetRgnBox
DeleteEnhMetaFile
EnumFontFamiliesExW
UpdateICMRegKeyA
GetTextExtentPointW
GdiIsMetaPrintDC
GetObjectW
Polygon
SetTextColor
SetBkMode
SelectObject
GetObjectA
DeleteObject

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyA
RegQueryValueExA
LookupPrivilegeValueA
OpenProcessToken
LookupAccountSidA
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
RegCloseKey
RegEnumKeyA
RegQueryValueA
RegEnumKeyExA
RegSetValueExA
AdjustTokenPrivileges
RegOpenKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegCreateKeyExA
RegDeleteValueA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
DragQueryFileAorW
SHIsFileAvailableOffline
DragFinish
WOWShellExecute
SHGetFileInfo
SHEmptyRecycleBinW
SHFormatDrive
SHFileOperationW
SHCreateProcessAsUserW
SHGetSettings
ShellExecuteW
ExtractIconExA
SHGetIconOverlayIndexW
ShellExecuteEx
SHGetPathFromIDList
ShellExecuteA

ole32

OleUninitialize
OleInitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CoUninitialize
CoTaskMemRealloc

shlwapi

StrChrIA
SHGetValueA
PathIsDirectoryA
StrDupA
PathCombineA
StrCmpNIA
PathIsRootA
PathAppendA
StrCmpNW
StrStrW
StrChrIW
StrStrA
StrRChrW
StrRChrA
PathFileExistsA

comctl32

InitCommonControlsEx
_TrackMouseEvent

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

948c85e2086993e4c021b4e756c3fe9c

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 512B - Virtual size: 201B

.data Size: 11KB - Virtual size: 10KB

.rsrc Size: 131KB - Virtual size: 131KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 512B - Virtual size: 201B

.data
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 131KB - Virtual size: 131KB