0fe713faf94bed3424ce7c7ac576db24cbb50e989f87b6844865971aed98b24a

Sharing

Copy URL

Twitter E-mail

General

Target

0fe713faf94bed3424ce7c7ac576db24cbb50e989f87b6844865971aed98b24a
Size

202KB
MD5

beaf5e523e8e3e3fb9dc2a361cda0573
SHA1

b038caeed3466c07c5f473bfd6c5bd11e5afccf1
SHA256

0fe713faf94bed3424ce7c7ac576db24cbb50e989f87b6844865971aed98b24a
SHA512

f0692ff4b5b2278952806b183246a96077c893d2487c5023b56bbccfbd8d16f09dd9394aae8cc71d33ad8b3d9474f4e7825bcccc0f24029eaa753d131fc8a683
SSDEEP

3072:W2B7dBkk2GgrQCz+VGUbqPM902y8ydV1ETnJaEXV:Rj29z+VGUQM9U8QuVL

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

0fe713faf94bed3424ce7c7ac576db24cbb50e989f87b6844865971aed98b24a
.exe windows x86

5e738c5bf568cfafdb287097135f2ad4

Code Sign

7e:a9:18:84:7b:3b:10:af:4b:1e:03:75:ad:99:88:d6
Certificate

Issuer

CN=SZSUSNER

Not Before

14-03-2019 21:20

Not After

31-12-2039 23:59

Subject

CN=SZSUSNER

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

13:0c:6f:79:35:85:00:33:04:49:f7:91:7e:a7:3b:36:71:0f:b1:5b:73:06:b8:09:32:f7:48:23:0c:24:61:0b
Signer

Actual PE Digest

13:0c:6f:79:35:85:00:33:04:49:f7:91:7e:a7:3b:36:71:0f:b1:5b:73:06:b8:09:32:f7:48:23:0c:24:61:0b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SZSUSNER

14-03-2019 22:15
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
CreateProcessW
CreateThread
DecodePointer
DeleteCriticalSection
DuplicateHandle
EncodePointer
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDefaultLangID
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatA
GetTimeFormatW
CreateEventW
GetVersionExA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadReadPtr
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
LocalReAlloc
MultiByteToWideChar
OpenEventW
QueryPerformanceCounter
RaiseException
ResumeThread
RtlUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointer
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcpynA
lstrlenA
CreateEventA
CloseHandle
AreFileApisANSI
GetModuleHandleA
GetUserDefaultLCID
VirtualAlloc

user32

GetSystemMenu
InvalidateRgn
PeekMessageA
SendDlgItemMessageA
TranslateAccelerator
GetMessageTime
DestroyWindow
DdeCreateStringHandleA
CreateIconFromResource
CreateDialogParamA
CharNextExA
GetTopWindow
GetDCEx
FlashWindow
EnableMenuItem
DispatchMessageA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyA

shell32

SHCreateDirectoryExA
SHGetPathFromIDListW

shlwapi

StrCmpNIA

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e738c5bf568cfafdb287097135f2ad4

Code Sign

7e:a9:18:84:7b:3b:10:af:4b:1e:03:75:ad:99:88:d6Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

13:0c:6f:79:35:85:00:33:04:49:f7:91:7e:a7:3b:36:71:0f:b1:5b:73:06:b8:09:32:f7:48:23:0c:24:61:0bSigner

Signature Validations

Verification

14-03-2019 22:15 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 23KB - Virtual size: 22KB

.rsrc Size: 24KB - Virtual size: 24KB

7e:a9:18:84:7b:3b:10:af:4b:1e:03:75:ad:99:88:d6
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

13:0c:6f:79:35:85:00:33:04:49:f7:91:7e:a7:3b:36:71:0f:b1:5b:73:06:b8:09:32:f7:48:23:0c:24:61:0b
Signer

14-03-2019 22:15
Valid: false

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 24KB - Virtual size: 24KB