c64e6e7a18621216c9ce62ded0b9aed8d022e3aad12bbd4d641833282ff50f9a

Sharing

Copy URL

Twitter E-mail

General

Target

c64e6e7a18621216c9ce62ded0b9aed8d022e3aad12bbd4d641833282ff50f9a
Size

357KB
MD5

aea2220d0abbe9972b82282b66a53507
SHA1

aa5be15b31faedb8eeab6f2f6813c0e9ba9e17ea
SHA256

c64e6e7a18621216c9ce62ded0b9aed8d022e3aad12bbd4d641833282ff50f9a
SHA512

01449ffcbe03fcc727887152102a4bb7c043dbbc5e59da3846d795cf3775e1af4e3a364e0dd9c8c1ccef85b76eb7118c0c26cacd05ab95a908a4e2773133f01a
SSDEEP

6144:y0jl0js0j7q0jwkbqkwDrooNz3+hBkqYB0Mv/KHFLC2FfeQ7qF1FrVOVT:y0jl0js0je0jRHwAkzkmRB0iKtC2FcFs

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

c64e6e7a18621216c9ce62ded0b9aed8d022e3aad12bbd4d641833282ff50f9a
.exe windows x86

19538b8d0c2f0959265b262df58a068d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
OpenProcess
GetModuleFileNameW
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
WaitForDebugEvent
GetPriorityClass
GetModuleHandleW
CreateConsoleScreenBuffer
SetSystemTimeAdjustment
RemoveDirectoryW
GetConsoleAliasExesLengthA
Process32NextW
EscapeCommFunction
GetConsoleMode
ReadConsoleOutputCharacterW
RtlZeroMemory
IsDebuggerPresent
SetFilePointerEx
Module32Next
lstrcatW
DeleteCriticalSection
OpenEventW
GetProfileStringA
OpenWaitableTimerA
GetDevicePowerState
GetNumberOfConsoleMouseButtons
GetProfileIntW
Beep
GetFullPathNameA
PeekConsoleInputA
WriteConsoleOutputA
SetConsoleDisplayMode
GetFullPathNameW
GetFileAttributesA
RemoveDirectoryA
WinExec
CompareStringA
MultiByteToWideChar
GetStartupInfoA
CreateProcessA
CopyFileA
GetTempPathA
FreeLibrary
DeleteFileA

user32

CountClipboardFormats
IsWindowEnabled
GetWindowContextHelpId
IsCharAlphaNumericA
GetDC
IsMenu
DrawMenuBar
DestroyMenu
LoadCursorFromFileW
GetDoubleClickTime
GetClipboardViewer
GetDialogBaseUnits
GetDesktopWindow
GetCaretBlinkTime
GetMessagePos
CharLowerW
IsCharAlphaNumericW
LoadCursorW
ReleaseCapture
GetForegroundWindow
CharToOemW
SetClassWord
LoadMenuIndirectA
SendIMEMessageExA
PtInRect
WINNLSGetIMEHotkey
GetPropW
DdeAddData
GetMenuItemInfoW
PeekMessageA
MapVirtualKeyExW
CreateDialogIndirectParamW
MessageBoxA
GetMenuStringW
RealChildWindowFromPoint
MapVirtualKeyA
DdeQueryStringA
GetClipboardSequenceNumber
BeginDeferWindowPos
GetSysColorBrush
DdeInitializeA
FlashWindowEx
DdeCreateStringHandleA
LoadIconA
EnableScrollBar
ShowWindow
GetScrollRange
GetClassLongA
GetMenuCheckMarkDimensions
InflateRect
SetActiveWindow
TrackMouseEvent
GetLastActivePopup
InvalidateRect
RegisterClipboardFormatW
EnumDisplayDevicesW
keybd_event
ShowCursor
EnumDisplaySettingsExA
DdeDisconnectList
SetWindowLongA
ReleaseDC
CopyIcon
LoadCursorA
EndDeferWindowPos
DeferWindowPos
GetWindowLongA
CallWindowProcA
KillTimer
FindWindowA
GetAsyncKeyState
SetCursor
RedrawWindow
SetCapture
GetParent
DestroyCursor
EnableWindow
IsWindow
PostMessageA
GetSysColor
GetWindowRect
SetTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA

gdi32

UnrealizeObject
AbortDoc
CancelDC
CloseEnhMetaFile
AddFontResourceA
CreateMetaFileW
GetDCBrushColor
GetTextAlign
GdiFlush
GetEnhMetaFileBits
GetStockObject
GetEnhMetaFileA
GdiSetBatchLimit
EnumFontFamiliesA
EngCreateSemaphore
CreateColorSpaceA
SetDCBrushColor
GetObjectA
CreateFontIndirectA
CreateSolidBrush
GetTextExtentPoint32A

advapi32

RegOpenKeyW
RegQueryValueExA
GetTokenInformation
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey

shell32

CommandLineToArgvW
SHFileOperationA
ShellExecuteEx
ExtractIconA
DragQueryFile
SHGetSettings
SHEmptyRecycleBinW
SHFileOperationW
FindExecutableW
SHLoadNonloadedIconOverlayIdentifiers
SHFreeNameMappings
SHGetFolderPathW
SHFileOperation
SHGetFileInfoA
DragQueryFileW
DoEnvironmentSubstW
SHGetFolderPathA
FindExecutableA
ShellExecuteA

shlwapi

StrRStrIW
StrRChrA
StrCmpNA
StrChrW
StrRChrIA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 341B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text2
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19538b8d0c2f0959265b262df58a068d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 512B - Virtual size: 341B

.text2 Size: 20KB - Virtual size: 19KB

.data Size: 27KB - Virtual size: 27KB

.data3 Size: 271KB - Virtual size: 271KB

.rsrc Size: 1024B - Virtual size: 628B

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 512B - Virtual size: 341B

.text2
Size: 20KB - Virtual size: 19KB

.data
Size: 27KB - Virtual size: 27KB

.data3
Size: 271KB - Virtual size: 271KB

.rsrc
Size: 1024B - Virtual size: 628B