9dcd69316d789e87b0eee4ade25f89c5cd003ad4cc3835ef69cfa2ba4e29851f

Sharing

Copy URL

Twitter E-mail

General

Target

9dcd69316d789e87b0eee4ade25f89c5cd003ad4cc3835ef69cfa2ba4e29851f
Size

2.2MB
MD5

37778fdf847aaf333ab690cc649ff8bd
SHA1

43e9300cd51a93fbea58c527a76266be136f6ba7
SHA256

9dcd69316d789e87b0eee4ade25f89c5cd003ad4cc3835ef69cfa2ba4e29851f
SHA512

fb3177bcb9a1ed8872d154c83cd28114fb3293c97725d9ec79b454355372119debc079c159acab897744c0bfe305fee139e561a60ce7ab0ea98c5572ba0ef73e

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

9dcd69316d789e87b0eee4ade25f89c5cd003ad4cc3835ef69cfa2ba4e29851f
.dll windows x86

72c826508912495fd830cf5d2203fde0

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
MapViewOfFileEx
CreateFileMappingA
CreateFileA
DeleteFileA
SetFileAttributesA
LocalFree
LocalAlloc
WriteFile
SetFilePointer
FreeLibrary
LoadLibraryA
GetProcAddress
GetLastError
GetFileAttributesA
GetComputerNameA
GetSystemDirectoryA
GetVersionExA
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
SetLastError
LoadResource
CloseHandle
GetModuleFileNameA
UnmapViewOfFile
FlushFileBuffers
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCPInfo
SetStdHandle
GetOEMCP
GetACP
GetSystemInfo
VirtualProtect
Sleep
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
ExitProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InterlockedExchange
VirtualQuery
MultiByteToWideChar
LCMapStringA
LCMapStringW
WritePrivateProfileSectionW
EnumDateFormatsW
RtlFillMemory
WinExec
GetProcessTimes
GetLocaleInfoW
QueueUserWorkItem
GetCommTimeouts
GetCommModemStatus
GetTapeStatus
OpenJobObjectW
ExpandEnvironmentStringsW
Heap32ListNext
LocalHandle
GlobalAlloc
FindFirstVolumeA
GetConsoleAliasW
lstrcatA
GetCurrentThread
WriteTapemark
SwitchToFiber
AreFileApisANSI
GetVolumePathNameA
ExitThread
FindNextChangeNotification
VirtualAllocEx

user32

LoadStringA
GetMenuItemInfoW
IMPQueryIMEW
SendMessageTimeoutW
UnpackDDElParam
MonitorFromRect
SetRect
MapVirtualKeyExW
GetSystemMetrics
ClipCursor
ShowCursor
LoadMenuIndirectA
LoadBitmapA
GetClassWord
MapVirtualKeyExA
wsprintfA
GetMonitorInfoA
SendMessageW
PostMessageA
DefWindowProcA
GetClassLongW
GetDlgItemInt
GetDlgItemTextA
PeekMessageA
EnumWindowStationsW
MessageBoxW
ChildWindowFromPoint
BeginPaint
MenuItemFromPoint
SetSysColors
CreateWindowStationW
EnumPropsExW
SetScrollInfo
SetCaretBlinkTime
GetKeyboardType
CharNextW
LoadIconA

gdi32

GdiEntry7
SetBitmapBits
StrokeAndFillPath
CreateBitmap
GetDeviceGammaRamp
AnyLinkedFonts
EnumICMProfilesA
RestoreDC
XLATEOBJ_cGetPalette
EqualRgn
SetDIBColorTable
GetTextFaceA
PATHOBJ_bEnum
GetCharWidthFloatA
GetCharWidthInfo
PolyPolygon
gdiPlaySpoolStream
GdiSetServerAttr
SetDIBits
SetViewportExtEx
GdiDllInitialize
FillRgn
GdiGetSpoolFileHandle
GetKerningPairs
AbortDoc
EngPlgBlt
EnumObjects
GdiArtificialDecrementDriver
PolyPolyline
GetCharABCWidthsW
STROBJ_bEnumPositionsOnly
PATHOBJ_vGetBounds
GetROP2
GetDCOrgEx
SetICMProfileA
XFORMOBJ_bApplyXform
CreatePenIndirect
GetColorSpace
SetTextJustification
ResetDCA
GetLogColorSpaceW
GdiEntry11
GetKerningPairsW
SetDCBrushColor
DeleteMetaFile
SetDCPenColor
TextOutW
GetEnhMetaFileW
GetStockObject
AddFontResourceA
RealizePalette
GetEnhMetaFileBits

comdlg32

GetSaveFileNameW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExW
RegOpenKeyA

shell32

ShellAboutA
SHGetSettings
DragQueryFileW
SHGetFileInfo
SHBrowseForFolder
ExtractAssociatedIconExW
FindExecutableW
SHFileOperationA
Shell_NotifyIconW

ole32

CoTaskMemFree
CoInitializeEx

shlwapi

StrChrIA
PathIsUNCW
PathIsRelativeW

comctl32

ImageList_Destroy

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72c826508912495fd830cf5d2203fde0

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 3KB - Virtual size: 2KB

.data Size: 2.2MB - Virtual size: 2.2MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 704B

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 704B