d34ccf784cc71fd5e406e3a05531556c6073a67f51a6ffb3ae031774d05fe689

Sharing

Copy URL

Twitter E-mail

General

Target

d34ccf784cc71fd5e406e3a05531556c6073a67f51a6ffb3ae031774d05fe689
Size

1.9MB
MD5

21721ea0670ee442362b0bfa6fc5d444
SHA1

f541f5c2e1523ec63c99b1264c02edeb62ed7241
SHA256

d34ccf784cc71fd5e406e3a05531556c6073a67f51a6ffb3ae031774d05fe689
SHA512

f2305b8b4d071b40b079d28e7f7b2c850442975eb26f28db1712e0bb800dd27a05d68e6da860484be0fdeed932960be8556ed9ce1100bc63171010fc4abb3321
SSDEEP

6144:xUEO5Cs4zH8Qe3xpq2SGtXvemX3wvm+8:xUE8CsB3WGtXvTg+

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

d34ccf784cc71fd5e406e3a05531556c6073a67f51a6ffb3ae031774d05fe689
.exe windows x86

0411b57bfa8ac6bc37c1d30ae226fbce

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
GetStartupInfoA
GetModuleHandleA
GetFileAttributesA
lstrcpynA
CreateDirectoryA
GetACP
GetOEMCP
DeleteFileA
lstrlenA
WriteFile
SetFilePointer
ReadFile
CreateFileA
CloseHandle
GetModuleFileNameA
CopyFileA
GetTempPathA
GetTempFileNameA
GetCurrentDirectoryA
LoadLibraryA
GetLastError
GetProcAddress
FreeLibrary
lstrcpyA
lstrcatA
SetDefaultCommConfigA
FindFirstVolumeA
FindCloseChangeNotification
CreateFileW
GlobalGetAtomNameW
LocalFree
GetSystemWindowsDirectoryW
Module32FirstW
GetCalendarInfoW
GetWriteWatch
FindResourceExW
LoadModule
SetInformationJobObject
_hwrite
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExA
GetThreadLocale
GetLocaleInfoA
GetCommandLineA
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
lstrcmpA
WritePrivateProfileStringA
WaitForSingleObject
Sleep
SizeofResource
SetThreadLocale
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
QueryPerformanceFrequency
MulDiv
LockResource
LoadResource
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetUserDefaultLCID
GetSystemInfo
GetStringTypeExA
GetPrivateProfileStringA
GetLocalTime
GetFullPathNameA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentProcessId
GetComputerNameA
GetCPInfo
FreeResource
InterlockedExchange
FormatMessageA
FindResourceA
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
EnumCalendarInfoA
CreateProcessA
CreateMutexA
CreateEventA
CompareStringA
GetModuleHandleW
LoadLibraryW

user32

GetCursorPos
GetWindowRect
GetActiveWindow
SetClassLongA
GetSystemMenu
AppendMenuA
LoadIconA
wsprintfA
EnableWindow
SendMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
PostQuitMessage
MessageBoxA
LoadStringA
GetWindowLongA
LoadCursorFromFileA
SetMenu
HiliteMenuItem
OffsetRect
TranslateMDISysAccel
SetLastErrorEx
RegisterShellHookWindow
GetUpdateRgn
DefDlgProcA
DialogBoxIndirectParamW
LockWindowUpdate
CascadeWindows
MsgWaitForMultipleObjects
EnumPropsExA
DdeSetQualityOfService
MessageBoxIndirectW
GetKeyboardType
CharNextA
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostMessageA
OpenClipboard
OemToCharA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadKeyboardLayoutA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetAsyncKeyState
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EndPaint
EndDeferWindowPos
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DeferWindowPos
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
BeginDeferWindowPos
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
LoadIconW

gdi32

Escape
GdiCreateLocalMetaFilePict
SetColorAdjustment
SetFontEnumeration
GdiEntry14
GdiEntry4
ResizePalette
GetTextExtentPoint32A
GetObjectType
OffsetClipRgn
GdiEntry16
GetGlyphOutlineWow
OffsetRgn
SetBitmapBits
RoundRect
GetColorSpace
GdiEntry12
SetMapMode
SetTextAlign
CombineRgn
GetLogColorSpaceW
GetFontAssocStatus
SetGraphicsMode
GetDeviceCaps
GetTextCharset
InvertRgn
GetCharABCWidthsI
ExcludeClipRect
EngStretchBltROP
TextOutW
EndPath
GetAspectRatioFilterEx
CheckColorsInGamut
GdiDescribePixelFormat
GdiGetSpoolMessage
GetPaletteEntries
GetWindowExtEx
GdiConvertBrush
GetETM
bMakePathNameW
Pie
StartPage
EngComputeGlyphSet
SelectClipPath
CreateRoundRectRgn
EngCopyBits
GetClipRgn
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetObjectA
GetFontLanguageInfo
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExtTextOutA
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CloseEnhMetaFile
BitBlt
GetEnhMetaFileA

comdlg32

ChooseColorA
GetSaveFileNameA
GetOpenFileNameA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegEnumValueA
RegDeleteValueA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ExtractAssociatedIconA
FindExecutableW
SHGetDesktopFolder
SHGetFolderLocation
DragQueryFile
SHInvokePrinterCommandW
SHIsFileAvailableOffline
ExtractIconExW
ExtractIconA
ShellExecuteEx
ExtractAssociatedIconW
SHEmptyRecycleBinW
WOWShellExecute
SHGetIconOverlayIndexW
SHGetSpecialFolderPathA
ShellExecuteW
SHGetMalloc
Shell_NotifyIcon
DragFinish
SHCreateDirectoryExW
ExtractIconW
DuplicateIcon
SHBrowseForFolderA
SHGetInstanceExplorer
SHGetFileInfoW
Shell_NotifyIconA
ShellExecuteA

ole32

CoTaskMemFree
StringFromCLSID
CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
CoTaskMemAlloc
CoCreateGuid
ProgIDFromCLSID
CoCreateInstance
CoInitializeSecurity
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

shlwapi

StrRStrIW
StrRChrA
StrCmpNA
StrRChrIW

comctl32

ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
ord17

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 555B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0411b57bfa8ac6bc37c1d30ae226fbce

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 1024B - Virtual size: 555B

.data Size: 122KB - Virtual size: 121KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 1024B - Virtual size: 555B

.data
Size: 122KB - Virtual size: 121KB

.rsrc
Size: 2KB - Virtual size: 1KB