f2d719b3ca3cf1a3277739c1569404585129640ffaeadaf95d3a134c5fe61463

Sharing

Copy URL

Twitter E-mail

General

Target

f2d719b3ca3cf1a3277739c1569404585129640ffaeadaf95d3a134c5fe61463
Size

2.5MB
MD5

34b83a5b23e2fa8c97a42649a3497085
SHA1

2f0d9434b2cfac21e8ec8621b41f3084391ae426
SHA256

f2d719b3ca3cf1a3277739c1569404585129640ffaeadaf95d3a134c5fe61463
SHA512

1276e045721dd2134532cc4dd07ace2e8b4a03b4479112dd721b0ee291b46577028933aa0d3fc9a29b5e2616fee01225564b085c65529c4f1eb71f227ac2697e

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

f2d719b3ca3cf1a3277739c1569404585129640ffaeadaf95d3a134c5fe61463
.dll windows x86

1113bba399c8ce23825189d1e4133356

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
SetThreadPriority
GetSystemTimeAdjustment
GetConsoleAliasesW
GetCommState
GlobalWire
SetConsoleCP
SetConsoleOutputCP
lstrlenW
GetAtomNameW
CreateTapePartition
WriteProfileSectionA
CancelTimerQueueTimer
_lread
SetFileApisToANSI
GetUserDefaultLCID
GetLastError
VirtualAlloc

user32

GetKeyboardType
CreateWindowExW
GetQueueStatus
LoadIconA

gdi32

UnrealizeObject
GetTextExtentExPointA
GetRandomRgn
GetEnhMetaFileW
GetStockObject
AddFontResourceA
GetEnhMetaFileBits

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
SetSecurityDescriptorDacl
GetTokenInformation
GetKernelObjectSecurity
StartServiceA
RegOpenKeyA

shell32

Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CreateStreamOnHGlobal
IsEqualGUID
GetHGlobalFromStream

comctl32

ImageList_SetIconSize
ImageList_Write
UninitializeFlatSB

imm32

ImmGetVirtualKey

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata3
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata6
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata5
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1113bba399c8ce23825189d1e4133356

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

comctl32

imm32

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.rdata3 Size: 102KB - Virtual size: 101KB

.data Size: 2KB - Virtual size: 2KB

.rdata6 Size: 1024B - Virtual size: 1000B

.rdata5 Size: 1024B - Virtual size: 1000B

.rdata4 Size: 1024B - Virtual size: 1000B

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 512B - Virtual size: 380B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.rdata3
Size: 102KB - Virtual size: 101KB

.data
Size: 2KB - Virtual size: 2KB

.rdata6
Size: 1024B - Virtual size: 1000B

.rdata5
Size: 1024B - Virtual size: 1000B

.rdata4
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 512B - Virtual size: 380B