10d47223997a57c61309ef019dd7e7f7279b6ae2c1cf6633c53113fe3034d1de

Sharing

Copy URL

Twitter E-mail

General

Target

10d47223997a57c61309ef019dd7e7f7279b6ae2c1cf6633c53113fe3034d1de
Size

2.1MB
MD5

0a9c1233092c30e2f0aa8e6b1d3873d9
SHA1

6a666f68ef1e059871cce88299476e2175b09217
SHA256

10d47223997a57c61309ef019dd7e7f7279b6ae2c1cf6633c53113fe3034d1de
SHA512

e37b3556b5bac7bd4ad4cfbde79eef134bc3fa096929534d322feb627dc5c51938e6cf60a2f9a5b54d7302201eeb2872fc3508837c7e33b6e756831ae7b2c7ba
SSDEEP

6144:1ZbXtD6P6puRkuGN75d5ScKHRC19GItKBDP7be5LPy:1Zb8ymkuG55dZKHRC19yCL

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

10d47223997a57c61309ef019dd7e7f7279b6ae2c1cf6633c53113fe3034d1de
.exe windows x86

3db6a8b93941dedb1c87a0bc73cb7ea3

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
LocalFree
WideCharToMultiByte
FormatMessageW
GetModuleHandleA
LocalAlloc
SetEndOfFile
GetProcessPriorityBoost
GetCurrentThread
Heap32Next
GlobalGetAtomNameW
Thread32Next
SetCurrentDirectoryW
GetConsoleAliasesLengthA
GetCPInfo
GetOEMCP
RtlUnwind
ExitProcess
TerminateProcess
HeapFree
RaiseException
HeapReAlloc
HeapSize
HeapAlloc
GetACP
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetProcAddress
SetLastError
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
GlobalHandle
InterlockedExchange
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
lstrcpynA
GetModuleFileNameA
lstrcpyA
lstrcatA
SetErrorMode
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
GetStdHandle
CreateFileA
ReadFile
SetFilePointer
WriteFile
FreeEnvironmentStringsA
CloseHandle

user32

LoadIconA
EnableScrollBar
BroadcastSystemMessage
GetMenuBarInfo
ReleaseDC
WINNLSGetEnableStatus
HideCaret
EnumPropsExA
ReleaseCapture
DrawIconEx
GrayStringA
SetClassLongA
SendNotifyMessageA
IntersectRect
DrawFrameControl
SetMenu
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
ShowWindow
LoadCursorA
GetSysColorBrush
DestroyMenu
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
LoadStringA
DrawTextA
TabbedTextOutA
GetDC
GetMenuItemCount
wsprintfA
UnhookWindowsHookEx
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowLongA
GetClassNameA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
SendMessageA
PostQuitMessage
PostMessageA
GetDlgItem
GetMessagePos
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
EnableWindow

gdi32

GetStockObject
AnimatePalette
PolyDraw
GetETM
EnumICMProfilesW
GetTextMetricsW
SetTextAlign
GdiGetPageHandle
Polygon
GetBoundsRect
FONTOBJ_pifi
GetHFONT
GdiInitializeLanguagePack
GetViewportExtEx
EudcUnloadLinkW
GetRgnBox
StretchDIBits
CreatePenIndirect
StretchBlt
ExtCreateRegion
ResetDCW
EngFillPath
SaveDC
SetColorAdjustment
GetMetaFileA
GetEnhMetaFilePaletteEntries
GdiEntry5
GetBkMode
BRUSHOBJ_pvAllocRbrush
GetWindowExtEx
CreateColorSpaceW
GetEnhMetaFileDescriptionW
ExtSelectClipRgn
DescribePixelFormat
TextOutA
FONTOBJ_pQueryGlyphAttrs
GetTextCharset
ResizePalette
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
ExtTextOutA
Escape
GetObjectA
SetBkColor
SelectObject
RestoreDC
DeleteDC
CreateBitmap
DeleteObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

shell32

SHGetDiskFreeSpaceA
SHLoadInProc
SHGetIconOverlayIndexA
SHCreateDirectoryExW
SHGetDiskFreeSpaceExW
DragQueryFileW
SHLoadNonloadedIconOverlayIdentifiers
SHGetSpecialFolderPathW
SHAddToRecentDocs
SHGetFileInfo
SHGetPathFromIDListA
SHAppBarMessage
SHGetFolderPathA
SHGetPathFromIDList
SHGetSettings
ExtractAssociatedIconA
ExtractIconEx
SHGetIconOverlayIndexW
SHGetMalloc
SHGetDiskFreeSpaceExA
SHPathPrepareForWriteA
SHGetFileInfoW
CommandLineToArgvW
WOWShellExecute
DragFinish
CheckEscapesW
ShellAboutW
SHInvokePrinterCommandW
FindExecutableW

shlwapi

StrRChrIW
StrCmpNIW
StrRChrIA
StrChrIW
StrRStrIW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3db6a8b93941dedb1c87a0bc73cb7ea3

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.data Size: 8KB - Virtual size: 8KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 8KB - Virtual size: 8KB