5259ff740eb9cfdbcb64bfe4c942f48479a578f2ac332da18812a13bf41d03f3

Sharing

Copy URL

Twitter E-mail

General

Target

5259ff740eb9cfdbcb64bfe4c942f48479a578f2ac332da18812a13bf41d03f3
Size

2.3MB
MD5

9b8ee3848ba31aeaa8aa3defbd4cbe6f
SHA1

c7ae710907035107eac8a434c7d31e0d89fb370b
SHA256

5259ff740eb9cfdbcb64bfe4c942f48479a578f2ac332da18812a13bf41d03f3
SHA512

d57d1c1a2e1981f542059d3dc5efd24f309a7a32adcd8d113b428c9fc1dee10e5f4b15221cea3ef62abd26fa112c6c8d7a94c108402521137fa6affb932190fa
SSDEEP

12288:qJJfZb/JZ8/XQkxVhHfwFV8jLFPMdV4Fgw:qJUfQkxVxfwFV8jJkdV4Kw

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

5259ff740eb9cfdbcb64bfe4c942f48479a578f2ac332da18812a13bf41d03f3
.exe windows x86

83f0f02d7e17a74482f41f84b34eebdc

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
lstrcmp
GetConsoleAliasesLengthW
RemoveDirectoryW
ReadFileEx
EscapeCommFunction
GetComputerNameW
GlobalUnfix
GetCurrentProcessId
lstrcatA
LocalHandle
InitAtomTable
OpenFile
GetThreadLocale
GlobalAlloc
_lclose
CreateProcessA
GetExitCodeProcess
CallNamedPipeA
CreateMutexW
SetFilePointer
CopyFileExW
GetFileSizeEx
UnregisterWaitEx
GetStringTypeExA
GetConsoleFontSize
ReplaceFileA
FreeEnvironmentStringsA
LocalCompact
GetUserDefaultUILanguage
EnumResourceTypesA
WaitForSingleObjectEx
RtlUnwind
GetFileInformationByHandle
LocalReAlloc
BuildCommDCBA
EnumCalendarInfoExW
ReadConsoleW
GetStringTypeA
GetFileType
FlushFileBuffers
WriteFile
GetStdHandle
GetOEMCP
SetHandleCount
CompareStringW
GetStringTypeW
SetStdHandle
GetEnvironmentStrings
RaiseException
IsBadReadPtr
lstrlenA
lstrcpyA
MulDiv
LocalAlloc
OutputDebugStringA
lstrcmpiA
GlobalSize
GlobalReAlloc
GlobalLock
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentProcess
UnhandledExceptionFilter
CloseHandle
TerminateProcess
ExitProcess
HeapCreate
VirtualFree
LCMapStringA
HeapDestroy
LCMapStringW
GetStartupInfoA
GetCommandLineA
HeapFree
GetModuleHandleA
HeapAlloc
GetLocalTime
MoveFileA
GetLastError
SetErrorMode
GetSystemTime
GetTimeZoneInformation
WinExec
GetSystemDefaultLangID
GetCPInfo
GetLocaleInfoA
WideCharToMultiByte
GetSystemDirectoryA
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FreeResource
FindResourceA
_lread
SetEndOfFile
_lwrite
GetModuleFileNameA
_llseek
GetWindowsDirectoryA
GlobalFlags
GetTickCount
FatalAppExitA
SetEnvironmentVariableA
LocalLock
GlobalUnlock
LocalUnlock
GetProcAddress
LocalFree
GetACP
GetVersion
FreeLibrary
LoadLibraryA
GlobalHandle
GetProfileStringA
lstrcmpA
HeapReAlloc
IsDBCSLeadByte
GlobalFree
ReadFile
CreateFileA
CompareStringA

user32

LoadIconA
LoadCursorFromFileW
GetAsyncKeyState
GetForegroundWindow
GetKeyboardLayout
GetDC
GetSystemMetrics
GetDlgCtrlID
GetListBoxInfo
GetThreadDesktop
ShowCaret
DestroyWindow
GetClipboardViewer
GetTopWindow
CharLowerA
IsWindow
GetFocus
GetOpenClipboardWindow
CreateMenu
GetCapture
GetKBCodePage
InvalidateRect
SendDlgItemMessageA
GetDialogBaseUnits
IsDlgButtonChecked
CheckDlgButton
GetNextDlgTabItem
SetScrollRange
SetDlgItemTextA
GetDlgItemTextA
MapWindowPoints
CheckRadioButton
GetDoubleClickTime
ReleaseCapture
SetCapture
RegisterClassW
SetMenu
SetWindowTextA
GetWindowTextA
InvalidateRgn
ScrollDC
IsZoomed
AppendMenuA
GetSystemMenu
GetClassLongA
GetClassLongW
DispatchMessageA
DispatchMessageW
GetMessageW
GetMessageA
DefWindowProcW
VkKeyScanA
LoadKeyboardLayoutA
ActivateKeyboardLayout
GetKeyboardLayoutList
InvertRect
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
CloseClipboard
EmptyClipboard
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
SetClipboardData
HiliteMenuItem
GetMenuState
GetMenuItemID
DeleteMenu
DrawMenuBar
EqualRect
UnionRect
GetDesktopWindow
GetMessagePos
GetMessageTime
SetParent
GetClassInfoA
SetWindowPos
MessageBoxA
DialogBoxParamA
BringWindowToTop
OffsetRect
GetCaretBlinkTime
SetTimer
MessageBeep
WinHelpA
CreateDialogParamA
SendMessageA
EnableWindow
GetScrollPos
GetScrollRange
SetScrollPos
SetCursor
PtInRect
ShowCursor
IsWindowVisible
GetMenuItemCount
LoadStringA
IsWindowUnicode
UpdateWindow
GetMenu
FindWindowA
GetKeyState
PeekMessageA
KillTimer
DefWindowProcA
LoadCursorA
IsDialogMessageA
BeginPaint
EndPaint
ScreenToClient
SetRect
FillRect
IntersectRect
CopyRect
SetWindowLongA
MoveWindow
CheckMenuItem
SetRectEmpty
RemoveMenu
GetSubMenu
EnableMenuItem
GetMenuStringA
ModifyMenuA
InsertMenuA
GetParent
TranslateMessage
SetForegroundWindow
SetFocus
PostQuitMessage
PostMessageA
CreateWindowExA
RegisterClassA
LoadMenuA
IsIconic
GetWindowLongA
ClientToScreen
GetWindowRect
GetClassNameA
DestroyMenu
IsRectEmpty
ShowWindow
LoadBitmapA
GetSysColor
GetDlgItem
GetClientRect
DrawTextA
wsprintfA
GetWindowDC
ReleaseDC
EndDialog
InflateRect
GetCursorPos
GetActiveWindow
MsgWaitForMultipleObjects
RegisterClipboardFormatW
wsprintfW
AllowSetForegroundWindow
EnumWindows
GetClassNameW
SetActiveWindow
CheckMenuRadioItem
GetWindowPlacement
MonitorFromRect
EnumThreadWindows
UnregisterClassA
SetMenuItemInfoW
GetMenuItemInfoW
IsChild
AdjustWindowRect
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetComboBoxInfo
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DrawEdge
DrawTextW
CharUpperW
DestroyAcceleratorTable
LoadAcceleratorsW
TranslateAcceleratorW
MapDialogRect
CharLowerW
DialogBoxParamW
SetWindowLongW
SetLayeredWindowAttributes
PostMessageW
GetWindowLongW
CallWindowProcW
CreateWindowExW
RegisterClassExW
GetClassInfoExW
LoadCursorW
TrackPopupMenu
DrawIconEx
DestroyIcon
LoadImageW
GetScrollInfo
CreateDialogParamW
LoadIconW
MessageBoxW
SetWindowTextW
IsWindowEnabled
EnumChildWindows
RegisterHotKey
UnregisterHotKey
SetDlgItemTextW
SendDlgItemMessageW
MapVirtualKeyW
CreatePopupMenu
AppendMenuW
MonitorFromPoint
GetMonitorInfoW
AdjustWindowRectEx
GetWindowTextW
WindowFromPoint
GetWindowThreadProcessId
IsDialogMessageW
RegisterShellHookWindow
DeregisterShellHookWindow
RegisterWindowMessageW
UnregisterClassW
PeekMessageW
RedrawWindow
IsCharAlphaW
TrackPopupMenuEx
SendMessageW

gdi32

GetStockObject
CreateMetaFileA
CreatePatternBrush
GetPolyFillMode
DeleteDC
FillPath
UnrealizeObject
AddFontResourceA
GetFontLanguageInfo
CreateCompatibleBitmap
CreateFontIndirectA
LineTo
SetBkMode
CreatePen
MoveToEx
BitBlt
DeleteMetaFile
GetObjectA
GetDeviceCaps
SetBkColor
CopyMetaFileA
PatBlt
SetTextColor
PtVisible
GetTextFaceA
CreateBitmap
ExtTextOutA
SetMapMode
CreateFontA
GetCharWidthA
GetCharWidth32A
GetMapMode
GetCharWidth32W
GetBitmapBits
GetCharWidthW
TextOutW
SetTextAlign
TextOutA
Escape
CreateICA
GetTextMetricsA
EnumFontFamiliesExA
CreateSolidBrush
EnumFontsA
SelectClipRgn
SetRectRgn
CreateRectRgn
GetClipBox
RectVisible
CreateRectRgnIndirect
Ellipse
Polygon
SetROP2
SetMapperFlags
ExtTextOutW
Arc
SetWindowExtEx
SetWindowOrgEx
GetTextExtentPoint32A
CloseMetaFile
RestoreDC
SaveDC
StretchBlt
EnumMetaFile
PlayMetaFile
SetViewportExtEx
SetStretchBltMode
FillRgn
CombineRgn
GetMetaFileBitsEx
Rectangle
CreateCompatibleDC
DeleteObject
SelectObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA

ole32

CreateDataAdviseHolder
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
GetHGlobalFromILockBytes
CoDisconnectObject
CoLockObjectExternal
OleUninitialize
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
OleInitialize
CreateOleAdviseHolder
OleRegEnumFormatEtc
ReleaseStgMedium
WriteFmtUserTypeStg
OleTranslateAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
GetRunningObjectTable
CoGetMalloc
OleDuplicateData
OleGetClipboard
WriteClassStg
OleFlushClipboard
OleSetClipboard

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83f0f02d7e17a74482f41f84b34eebdc

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 13KB - Virtual size: 12KB

.rsrc Size: 87KB - Virtual size: 86KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 87KB - Virtual size: 86KB