c2859f7593e7d860fcfb54cb7a02e958594f9d7d309f118d568e16d50a19502b

Sharing

Copy URL

Twitter E-mail

General

Target

c2859f7593e7d860fcfb54cb7a02e958594f9d7d309f118d568e16d50a19502b
Size

2.5MB
MD5

1aa4b60aa344a6f2f0ca0d5f36c9c90f
SHA1

b58fd147696ca09eed80cee1ccd931d736a46eec
SHA256

c2859f7593e7d860fcfb54cb7a02e958594f9d7d309f118d568e16d50a19502b
SHA512

6e5254bba0cb66428c4995b3f8bda261b6f2985a43d4ef66de87355575644d978f8495d9db79cef831090447c6febdafb1795d248417bfe3593ad6f9faace43d

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

c2859f7593e7d860fcfb54cb7a02e958594f9d7d309f118d568e16d50a19502b
.dll windows x86

1113bba399c8ce23825189d1e4133356

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
SetThreadPriority
GetSystemTimeAdjustment
GetConsoleAliasesW
GetCommState
GlobalWire
SetConsoleCP
SetConsoleOutputCP
lstrlenW
GetAtomNameW
CreateTapePartition
WriteProfileSectionA
CancelTimerQueueTimer
_lread
SetFileApisToANSI
GetUserDefaultLCID
GetLastError
VirtualAlloc

user32

GetKeyboardType
CreateWindowExW
GetQueueStatus
LoadIconA

gdi32

UnrealizeObject
GetTextExtentExPointA
GetRandomRgn
GetEnhMetaFileW
GetStockObject
AddFontResourceA
GetEnhMetaFileBits

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
SetSecurityDescriptorDacl
GetTokenInformation
GetKernelObjectSecurity
StartServiceA
RegOpenKeyA

shell32

Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CreateStreamOnHGlobal
IsEqualGUID
GetHGlobalFromStream

comctl32

ImageList_SetIconSize
ImageList_Write
UninitializeFlatSB

imm32

ImmGetVirtualKey

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata3
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata6
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata5
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1113bba399c8ce23825189d1e4133356

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

comctl32

imm32

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.rdata3 Size: 102KB - Virtual size: 101KB

.data Size: 2KB - Virtual size: 2KB

.rdata6 Size: 1024B - Virtual size: 1000B

.rdata5 Size: 1024B - Virtual size: 1000B

.rdata4 Size: 1024B - Virtual size: 1000B

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 512B - Virtual size: 380B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.rdata3
Size: 102KB - Virtual size: 101KB

.data
Size: 2KB - Virtual size: 2KB

.rdata6
Size: 1024B - Virtual size: 1000B

.rdata5
Size: 1024B - Virtual size: 1000B

.rdata4
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 512B - Virtual size: 380B