5ac14b40289bd705db63778c46dbb5a7dc6d38333545fa7f89a53ccf373c3ddc

Sharing

Copy URL

Twitter E-mail

General

Target

5ac14b40289bd705db63778c46dbb5a7dc6d38333545fa7f89a53ccf373c3ddc
Size

2.5MB
MD5

b053ef1394b9035aa42401787816c08b
SHA1

d6d7e0d059f7c1f6474c1e05b202935ba79eb8a2
SHA256

5ac14b40289bd705db63778c46dbb5a7dc6d38333545fa7f89a53ccf373c3ddc
SHA512

837778b94ed100732ea52c61157ba6cac818ae8b0187fc856bea21690b2997130aa7f17b91d0822edee3f55e796096fdf97181ede0376ec5c072555e7dca017a

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

5ac14b40289bd705db63778c46dbb5a7dc6d38333545fa7f89a53ccf373c3ddc
.dll windows x86

1113bba399c8ce23825189d1e4133356

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
SetThreadPriority
GetSystemTimeAdjustment
GetConsoleAliasesW
GetCommState
GlobalWire
SetConsoleCP
SetConsoleOutputCP
lstrlenW
GetAtomNameW
CreateTapePartition
WriteProfileSectionA
CancelTimerQueueTimer
_lread
SetFileApisToANSI
GetUserDefaultLCID
GetLastError
VirtualAlloc

user32

GetKeyboardType
CreateWindowExW
GetQueueStatus
LoadIconA

gdi32

UnrealizeObject
GetTextExtentExPointA
GetRandomRgn
GetEnhMetaFileW
GetStockObject
AddFontResourceA
GetEnhMetaFileBits

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
SetSecurityDescriptorDacl
GetTokenInformation
GetKernelObjectSecurity
StartServiceA
RegOpenKeyA

shell32

Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CreateStreamOnHGlobal
IsEqualGUID
GetHGlobalFromStream

comctl32

ImageList_SetIconSize
ImageList_Write
UninitializeFlatSB

imm32

ImmGetVirtualKey

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata3
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata6
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata5
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1113bba399c8ce23825189d1e4133356

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

comctl32

imm32

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.rdata3 Size: 102KB - Virtual size: 101KB

.data Size: 2KB - Virtual size: 2KB

.rdata6 Size: 1024B - Virtual size: 1000B

.rdata5 Size: 1024B - Virtual size: 1000B

.rdata4 Size: 1024B - Virtual size: 1000B

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 512B - Virtual size: 380B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.rdata3
Size: 102KB - Virtual size: 101KB

.data
Size: 2KB - Virtual size: 2KB

.rdata6
Size: 1024B - Virtual size: 1000B

.rdata5
Size: 1024B - Virtual size: 1000B

.rdata4
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 512B - Virtual size: 380B