0be905402f868d6ca92a465a5ac91cd4d8ce452afdb13ad266651c796d75021d

Sharing

Copy URL

Twitter E-mail

General

Target

0be905402f868d6ca92a465a5ac91cd4d8ce452afdb13ad266651c796d75021d
Size

2.2MB
MD5

b4890fa81a5f21988e310f42e4f16b40
SHA1

14944be1c21e1712ac604e52bd5ce8370c2f5d75
SHA256

0be905402f868d6ca92a465a5ac91cd4d8ce452afdb13ad266651c796d75021d
SHA512

e8c5b199edbce0e1e502423ee1049dae06f6a311e9ac6e8a2069c3f26358c013a1e6d127d7ef950d3d7c58eb2f1ad171c90dc2a6601792dded68c671b6b397c5

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

0be905402f868d6ca92a465a5ac91cd4d8ce452afdb13ad266651c796d75021d
.dll windows x86

72c826508912495fd830cf5d2203fde0

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
MapViewOfFileEx
CreateFileMappingA
CreateFileA
DeleteFileA
SetFileAttributesA
LocalFree
LocalAlloc
WriteFile
SetFilePointer
FreeLibrary
LoadLibraryA
GetProcAddress
GetLastError
GetFileAttributesA
GetComputerNameA
GetSystemDirectoryA
GetVersionExA
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
SetLastError
LoadResource
CloseHandle
GetModuleFileNameA
UnmapViewOfFile
FlushFileBuffers
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCPInfo
SetStdHandle
GetOEMCP
GetACP
GetSystemInfo
VirtualProtect
Sleep
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
ExitProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InterlockedExchange
VirtualQuery
MultiByteToWideChar
LCMapStringA
LCMapStringW
WritePrivateProfileSectionW
EnumDateFormatsW
RtlFillMemory
WinExec
GetProcessTimes
GetLocaleInfoW
QueueUserWorkItem
GetCommTimeouts
GetCommModemStatus
GetTapeStatus
OpenJobObjectW
ExpandEnvironmentStringsW
Heap32ListNext
LocalHandle
GlobalAlloc
FindFirstVolumeA
GetConsoleAliasW
lstrcatA
GetCurrentThread
WriteTapemark
SwitchToFiber
AreFileApisANSI
GetVolumePathNameA
ExitThread
FindNextChangeNotification
VirtualAllocEx

user32

LoadStringA
GetMenuItemInfoW
IMPQueryIMEW
SendMessageTimeoutW
UnpackDDElParam
MonitorFromRect
SetRect
MapVirtualKeyExW
GetSystemMetrics
ClipCursor
ShowCursor
LoadMenuIndirectA
LoadBitmapA
GetClassWord
MapVirtualKeyExA
wsprintfA
GetMonitorInfoA
SendMessageW
PostMessageA
DefWindowProcA
GetClassLongW
GetDlgItemInt
GetDlgItemTextA
PeekMessageA
EnumWindowStationsW
MessageBoxW
ChildWindowFromPoint
BeginPaint
MenuItemFromPoint
SetSysColors
CreateWindowStationW
EnumPropsExW
SetScrollInfo
SetCaretBlinkTime
GetKeyboardType
CharNextW
LoadIconA

gdi32

GdiEntry7
SetBitmapBits
StrokeAndFillPath
CreateBitmap
GetDeviceGammaRamp
AnyLinkedFonts
EnumICMProfilesA
RestoreDC
XLATEOBJ_cGetPalette
EqualRgn
SetDIBColorTable
GetTextFaceA
PATHOBJ_bEnum
GetCharWidthFloatA
GetCharWidthInfo
PolyPolygon
gdiPlaySpoolStream
GdiSetServerAttr
SetDIBits
SetViewportExtEx
GdiDllInitialize
FillRgn
GdiGetSpoolFileHandle
GetKerningPairs
AbortDoc
EngPlgBlt
EnumObjects
GdiArtificialDecrementDriver
PolyPolyline
GetCharABCWidthsW
STROBJ_bEnumPositionsOnly
PATHOBJ_vGetBounds
GetROP2
GetDCOrgEx
SetICMProfileA
XFORMOBJ_bApplyXform
CreatePenIndirect
GetColorSpace
SetTextJustification
ResetDCA
GetLogColorSpaceW
GdiEntry11
GetKerningPairsW
SetDCBrushColor
DeleteMetaFile
SetDCPenColor
TextOutW
GetEnhMetaFileW
GetStockObject
AddFontResourceA
RealizePalette
GetEnhMetaFileBits

comdlg32

GetSaveFileNameW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExW
RegOpenKeyA

shell32

ShellAboutA
SHGetSettings
DragQueryFileW
SHGetFileInfo
SHBrowseForFolder
ExtractAssociatedIconExW
FindExecutableW
SHFileOperationA
Shell_NotifyIconW

ole32

CoTaskMemFree
CoInitializeEx

shlwapi

StrChrIA
PathIsUNCW
PathIsRelativeW

comctl32

ImageList_Destroy

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72c826508912495fd830cf5d2203fde0

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 3KB - Virtual size: 2KB

.data Size: 2.2MB - Virtual size: 2.2MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 704B

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 704B