73a2d5745c9e8ba2c965855f3043bfacfb4081292fee5bf3faa40a9b7d0b3cf9

Sharing

Copy URL

Twitter E-mail

General

Target

73a2d5745c9e8ba2c965855f3043bfacfb4081292fee5bf3faa40a9b7d0b3cf9
Size

364KB
MD5

a5afc2400de4b22c4e5b8ff2d0e20e82
SHA1

0c55dedc11b36e9eb235e9a66b69dc3b8a79d540
SHA256

73a2d5745c9e8ba2c965855f3043bfacfb4081292fee5bf3faa40a9b7d0b3cf9
SHA512

781b9dd298356190eedc5d60550bfa708a6d69a240c9017137a959c839af15de6845800e1f3a882855eeaded78b5d0de4390751dc8f6096f86a6c3fc4ce419ca
SSDEEP

6144:o0jp0jwkbqkwDrooNz3+hBkqYB0Mv/KHFLC2FfeQ7qF1FrVOV4rs0jei0j:o0jp0jRHwAkzkmRB0iKtC2FcF1fOV4ro

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

73a2d5745c9e8ba2c965855f3043bfacfb4081292fee5bf3faa40a9b7d0b3cf9
.exe windows x86

fbdb06054c05bc954e7af1f5e394227b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
OpenProcess
GetModuleFileNameW
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
WaitForDebugEvent
GetPriorityClass
GetModuleHandleW
CreateConsoleScreenBuffer
SetSystemTimeAdjustment
RemoveDirectoryW
GetConsoleAliasExesLengthA
Process32NextW
EscapeCommFunction
GetConsoleMode
ReadConsoleOutputCharacterW
RtlZeroMemory
IsDebuggerPresent
SetFilePointerEx
Module32Next
lstrcatW
DeleteCriticalSection
OpenEventW
GetProfileStringA
OpenWaitableTimerA
GetDevicePowerState
GetNumberOfConsoleMouseButtons
GetProfileIntW
Beep
GetFullPathNameA
PeekConsoleInputA
WriteConsoleOutputA
SetConsoleDisplayMode
GetFullPathNameW
GetFileAttributesA
RemoveDirectoryA
WinExec
CompareStringA
MultiByteToWideChar
GetStartupInfoA
CreateProcessA
CopyFileA
GetTempPathA
FreeLibrary
DeleteFileA

user32

GetForegroundWindow
GetWindowDC
GetThreadDesktop
IsCharAlphaW
GetSystemMetrics
LoadCursorFromFileA
IsClipboardFormatAvailable
CharNextA
CharLowerA
CreateMenu
GetWindowContextHelpId
GetMenuContextHelpId
LoadCursorFromFileW
GetDesktopWindow
EndMenu
CopyIcon
WindowFromDC
LoadCursorW
ReleaseCapture
CharToOemW
SetClassWord
LoadMenuIndirectA
SendIMEMessageExA
PtInRect
WINNLSGetIMEHotkey
GetPropW
DdeAddData
GetMenuItemInfoW
PeekMessageA
MapVirtualKeyExW
CreateDialogIndirectParamW
MessageBoxA
GetMenuStringW
RealChildWindowFromPoint
MapVirtualKeyA
DdeQueryStringA
GetClipboardSequenceNumber
BeginDeferWindowPos
GetSysColorBrush
DdeInitializeA
FlashWindowEx
DdeCreateStringHandleA
LoadIconA
EnableScrollBar
ShowWindow
GetScrollRange
GetClassLongA
DrawMenuBar
GetMenuCheckMarkDimensions
InflateRect
SetActiveWindow
TrackMouseEvent
GetLastActivePopup
InvalidateRect
RegisterClipboardFormatW
EnumDisplayDevicesW
DestroyMenu
keybd_event
ShowCursor
EnumDisplaySettingsExA
DdeDisconnectList
SetWindowLongA
ReleaseDC
GetDC
LoadCursorA
EndDeferWindowPos
DeferWindowPos
GetWindowLongA
CallWindowProcA
KillTimer
FindWindowA
GetAsyncKeyState
SetCursor
RedrawWindow
SetCapture
GetParent
DestroyCursor
EnableWindow
IsWindow
PostMessageA
GetSysColor
GetWindowRect
SetTimer
IsIconic
GetClientRect
DrawIcon
SendMessageA

gdi32

CreateMetaFileW
GetROP2
FillPath
EndPage
SetMetaRgn
GetPixelFormat
UpdateColors
SaveDC
CloseFigure
FlattenPath
GetStockObject
GetEnhMetaFileBits
GetEnhMetaFileA
GdiSetBatchLimit
EnumFontFamiliesA
EngCreateSemaphore
CreateColorSpaceA
GetTextAlign
SetDCBrushColor
GetObjectA
CreateFontIndirectA
CreateSolidBrush
GetTextExtentPoint32A

advapi32

RegOpenKeyW
RegQueryValueExA
GetTokenInformation
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey

shell32

CommandLineToArgvW
SHFileOperationA
ShellExecuteEx
ExtractIconA
DragQueryFile
SHGetSettings
SHEmptyRecycleBinW
SHFileOperationW
FindExecutableW
SHLoadNonloadedIconOverlayIdentifiers
SHFreeNameMappings
SHGetFolderPathW
SHFileOperation
SHGetFileInfoA
DragQueryFileW
DoEnvironmentSubstW
SHGetFolderPathA
FindExecutableA
ShellExecuteA

shlwapi

StrRStrIW
StrRChrA
StrCmpNA
StrChrW
StrRChrIA

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 341B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text2
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbdb06054c05bc954e7af1f5e394227b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 512B - Virtual size: 341B

.text3 Size: 10KB - Virtual size: 9KB

.text2 Size: 271KB - Virtual size: 271KB

.data Size: 26KB - Virtual size: 26KB

.data3 Size: 20KB - Virtual size: 19KB

.rsrc Size: 1024B - Virtual size: 628B

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 512B - Virtual size: 341B

.text3
Size: 10KB - Virtual size: 9KB

.text2
Size: 271KB - Virtual size: 271KB

.data
Size: 26KB - Virtual size: 26KB

.data3
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 628B