7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca

Sharing

Copy URL

Twitter E-mail

General

Target

7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca
Size

2.6MB
MD5

14c29c6a94f9b6aa43bbcf586dec1fb9
SHA1

449f2b10320115e98b182204a4376ddc669e1369
SHA256

7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca
SHA512

9b8be89d317e023705f5264b4abe9736ab49c61da12beed65b5e897c6e673b713e1e7980026d670f23e75a6a356bde786df3531b69dc0ccaa2585c0ed04fc0b1
SSDEEP

6144:EyYoQTHwJ9v4s5w8CgXrEihrT075tIOesPygGzk23MOaXFcPCc3c:YeAsPXYirT07EOHF23MOqKaB

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca
.exe windows x86

5939b6eafc614264f49774a1c69d7f6b

Code Sign

5d:a2:97:ae:28:d9:43:bc:4e:5d:71:f6:71:a3:e9:83
Certificate

Issuer

CN=HFQAOBLCWSJIQHWAST

Not Before

19-06-2020 14:35

Not After

31-12-2039 23:59

Subject

CN=HFQAOBLCWSJIQHWAST

Extended Key Usages

ExtKeyUsageCodeSigning

be:3f:77:20:fa:b4:8f:de:16:ac:2b:66:c7:9e:62:33:70:c3:a5:4d
Signer

Actual PE Digest

be:3f:77:20:fa:b4:8f:de:16:ac:2b:66:c7:9e:62:33:70:c3:a5:4d

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=HFQAOBLCWSJIQHWAST

10-02-2022 20:49
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryExW
GetWriteWatch
EnumTimeFormatsW
FindResourceA
GetCommState
CreateMailslotW
GetWindowsDirectoryW
BeginUpdateResourceW
LCMapStringA
LocalReAlloc
LocalFlags
WriteConsoleOutputAttribute
CreateFileW
RequestWakeupLatency
UnregisterWaitEx
GetConsoleDisplayMode
HeapValidate
IsBadReadPtr
GetLastError
GetModuleFileNameW
CloseHandle
SetEvent
lstrlenW
GetDriveTypeW
GetLogicalDrives
lstrcmpW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
Sleep
ExitProcess
InitializeCriticalSection
GetCommandLineW
GetTickCount
ReleaseMutex
ResetEvent
WaitForMultipleObjectsEx
SetErrorMode
CreateEventW
CreateMutexW
CreateProcessW
MoveFileExW
GetSystemInfo
CreateFileA
ReadFile
SetFilePointer
DosDateTimeToFileTime
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
CreateThread
CreateSemaphoreW
VirtualFree
VirtualAlloc
SetFilePointerEx
GetSystemTimeAsFileTime
CompareStringW
ExpandEnvironmentStringsW
SystemTimeToFileTime
GetSystemTime
SetFileTime
SetEndOfFile
WriteFile
LocalFree
lstrlenA
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetFileSizeEx
FindClose
FindFirstFileW
GetFileAttributesW
CreateDirectoryW
GetTempPathW
GlobalFree
GlobalAlloc
GetFileAttributesExW
CopyFileW
CreateHardLinkW
SetFileAttributesW
DeleteFileW
GetTempPathA
GetFileTime
FindNextFileW
GetStdHandle
GetCurrentThread
RemoveDirectoryW
FormatMessageA
GetComputerNameW
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCPInfo
GetACP
GetOEMCP
LCMapStringW
LoadLibraryA
HeapReAlloc
RtlUnwind
GetLocaleInfoA
HeapSize
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetModuleHandleW

user32

SendMessageW
FindWindowW
LoadCursorFromFileA

gdi32

SetPaletteEntries
HT_Get8BPPMaskPalette
GetMapMode
DeleteMetaFile
PATHOBJ_vEnumStart
EngCreateDeviceBitmap
CLIPOBJ_bEnum
SetRelAbs
ScaleViewportExtEx
GdiCleanCacheDC
GetLayout
GdiGetCodePage
RectVisible
GetWinMetaFileBits
ResizePalette
GdiConvertRegion
GetCharWidthA
CreateDCW
InvertRgn
TranslateCharsetInfo
GetTextFaceW
GetTextMetricsA
RemoveFontResourceW
GdiRealizationInfo
XFORMOBJ_bApplyXform
EnumEnhMetaFile
RectInRegion
EndDoc
DeleteColorSpace
FillPath
DeleteEnhMetaFile
CreateCompatibleDC
CreateSolidBrush
FlattenPath
CreateHalftonePalette
CreateMetaFileA
CreatePatternBrush
DeleteObject
EndPage
EndPath
CloseFigure
DeleteDC
CreateMetaFileW
CloseMetaFile
RealizePalette
GetColorSpace
GetStockObject
GetEnhMetaFileA

advapi32

RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
SetThreadToken
RegEnumValueW
RegQueryValueExW
RegNotifyChangeKeyValue
SetServiceStatus
StartServiceCtrlDispatcherW
DuplicateToken
RegDeleteValueW
RegisterServiceCtrlHandlerW
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptHashData
FreeSid
AllocateAndInitializeSid
LookupAccountNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership
OpenThreadToken
RegDeleteKeyW
SetFileSecurityW
CryptAcquireContextW
CryptReleaseContext
RegOpenKeyA
RegQueryValueExA
GetUserNameA

shell32

WOWShellExecute
SHCreateDirectoryExA
CommandLineToArgvW
SHGetPathFromIDList
SHQueryRecycleBinW
ExtractAssociatedIconExW
SHAppBarMessage
SHBrowseForFolderW
ShellExecuteA
ExtractIconA
CheckEscapesW
SHCreateDirectoryExW
ShellHookProc
DragQueryFile
DoEnvironmentSubstA
SHGetDataFromIDListA
SHEmptyRecycleBinA
ExtractAssociatedIconA
FindExecutableW
SHLoadInProc
SHEmptyRecycleBinW
SHFreeNameMappings
SHGetSpecialFolderPathA
DragQueryFileW
FindExecutableA
ExtractAssociatedIconExA
SHGetInstanceExplorer
SHFormatDrive
SHGetFileInfoA
SHFileOperationW
ExtractIconExA
SHBrowseForFolder
SHPathPrepareForWriteW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CLSIDFromString
CoRegisterClassObject
CreateBindCtx
CoRevokeClassObject
CoInitializeEx

shlwapi

StrRStrIW
StrRChrW
StrStrA
StrCmpNA
StrChrIW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a21
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a2
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a3
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a32
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a322
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5939b6eafc614264f49774a1c69d7f6b

Code Sign

5d:a2:97:ae:28:d9:43:bc:4e:5d:71:f6:71:a3:e9:83Certificate

Extended Key Usages

be:3f:77:20:fa:b4:8f:de:16:ac:2b:66:c7:9e:62:33:70:c3:a5:4dSigner

Signature Validations

Verification

10-02-2022 20:49 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 512B - Virtual size: 174B

.data Size: 11KB - Virtual size: 10KB

a21 Size: 512B - Virtual size: 10B

a2 Size: 512B - Virtual size: 10B

a3 Size: 1024B - Virtual size: 1010B

a32 Size: 1024B - Virtual size: 1010B

a322 Size: 124KB - Virtual size: 123KB

.rsrc Size: 42KB - Virtual size: 41KB

5d:a2:97:ae:28:d9:43:bc:4e:5d:71:f6:71:a3:e9:83
Certificate

be:3f:77:20:fa:b4:8f:de:16:ac:2b:66:c7:9e:62:33:70:c3:a5:4d
Signer

10-02-2022 20:49
Valid: false

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 512B - Virtual size: 174B

.data
Size: 11KB - Virtual size: 10KB

a21
Size: 512B - Virtual size: 10B

a2
Size: 512B - Virtual size: 10B

a3
Size: 1024B - Virtual size: 1010B

a32
Size: 1024B - Virtual size: 1010B

a322
Size: 124KB - Virtual size: 123KB

.rsrc
Size: 42KB - Virtual size: 41KB