b219faf373b879d21168b6dbb16219931276fc6f4dcd8bbad7c8331f52daa1bd

Sharing

Copy URL

Twitter E-mail

General

Target

b219faf373b879d21168b6dbb16219931276fc6f4dcd8bbad7c8331f52daa1bd
Size

364KB
MD5

b6c92d8ea4c608cbbfe3c42826f88f35
SHA1

75ea77044ecc869f5c13b271512f1ecc4ebfbf6f
SHA256

b219faf373b879d21168b6dbb16219931276fc6f4dcd8bbad7c8331f52daa1bd
SHA512

f68d7810623f112e7e7a9140f5bb6ba32414a060633150a19b9af6a8030fea9bd94ea9929f4bec7c91ec66eb2ba8b7a9ce604df5151f11384075ec23efd24162
SSDEEP

6144:w0jp0jwkbqkwDrooNz3+hBkqYB0Mv/KHFLC2FfeQ7qF1FrVOV4rs0jei0j:w0jp0jRHwAkzkmRB0iKtC2FcF1fOV4ro

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

b219faf373b879d21168b6dbb16219931276fc6f4dcd8bbad7c8331f52daa1bd
.exe windows x86

fbdb06054c05bc954e7af1f5e394227b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
OpenProcess
GetModuleFileNameW
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
WaitForDebugEvent
GetPriorityClass
GetModuleHandleW
CreateConsoleScreenBuffer
SetSystemTimeAdjustment
RemoveDirectoryW
GetConsoleAliasExesLengthA
Process32NextW
EscapeCommFunction
GetConsoleMode
ReadConsoleOutputCharacterW
RtlZeroMemory
IsDebuggerPresent
SetFilePointerEx
Module32Next
lstrcatW
DeleteCriticalSection
OpenEventW
GetProfileStringA
OpenWaitableTimerA
GetDevicePowerState
GetNumberOfConsoleMouseButtons
GetProfileIntW
Beep
GetFullPathNameA
PeekConsoleInputA
WriteConsoleOutputA
SetConsoleDisplayMode
GetFullPathNameW
GetFileAttributesA
RemoveDirectoryA
WinExec
CompareStringA
MultiByteToWideChar
GetStartupInfoA
CreateProcessA
CopyFileA
GetTempPathA
FreeLibrary
DeleteFileA

user32

GetForegroundWindow
GetWindowDC
GetThreadDesktop
IsCharAlphaW
GetSystemMetrics
LoadCursorFromFileA
IsClipboardFormatAvailable
CharNextA
CharLowerA
CreateMenu
GetWindowContextHelpId
GetMenuContextHelpId
LoadCursorFromFileW
GetDesktopWindow
EndMenu
CopyIcon
WindowFromDC
LoadCursorW
ReleaseCapture
CharToOemW
SetClassWord
LoadMenuIndirectA
SendIMEMessageExA
PtInRect
WINNLSGetIMEHotkey
GetPropW
DdeAddData
GetMenuItemInfoW
PeekMessageA
MapVirtualKeyExW
CreateDialogIndirectParamW
MessageBoxA
GetMenuStringW
RealChildWindowFromPoint
MapVirtualKeyA
DdeQueryStringA
GetClipboardSequenceNumber
BeginDeferWindowPos
GetSysColorBrush
DdeInitializeA
FlashWindowEx
DdeCreateStringHandleA
LoadIconA
EnableScrollBar
ShowWindow
GetScrollRange
GetClassLongA
DrawMenuBar
GetMenuCheckMarkDimensions
InflateRect
SetActiveWindow
TrackMouseEvent
GetLastActivePopup
InvalidateRect
RegisterClipboardFormatW
EnumDisplayDevicesW
DestroyMenu
keybd_event
ShowCursor
EnumDisplaySettingsExA
DdeDisconnectList
SetWindowLongA
ReleaseDC
GetDC
LoadCursorA
EndDeferWindowPos
DeferWindowPos
GetWindowLongA
CallWindowProcA
KillTimer
FindWindowA
GetAsyncKeyState
SetCursor
RedrawWindow
SetCapture
GetParent
DestroyCursor
EnableWindow
IsWindow
PostMessageA
GetSysColor
GetWindowRect
SetTimer
IsIconic
GetClientRect
DrawIcon
SendMessageA

gdi32

CreateMetaFileW
GetROP2
FillPath
EndPage
SetMetaRgn
GetPixelFormat
UpdateColors
SaveDC
CloseFigure
FlattenPath
GetStockObject
GetEnhMetaFileBits
GetEnhMetaFileA
GdiSetBatchLimit
EnumFontFamiliesA
EngCreateSemaphore
CreateColorSpaceA
GetTextAlign
SetDCBrushColor
GetObjectA
CreateFontIndirectA
CreateSolidBrush
GetTextExtentPoint32A

advapi32

RegOpenKeyW
RegQueryValueExA
GetTokenInformation
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey

shell32

CommandLineToArgvW
SHFileOperationA
ShellExecuteEx
ExtractIconA
DragQueryFile
SHGetSettings
SHEmptyRecycleBinW
SHFileOperationW
FindExecutableW
SHLoadNonloadedIconOverlayIdentifiers
SHFreeNameMappings
SHGetFolderPathW
SHFileOperation
SHGetFileInfoA
DragQueryFileW
DoEnvironmentSubstW
SHGetFolderPathA
FindExecutableA
ShellExecuteA

shlwapi

StrRStrIW
StrRChrA
StrCmpNA
StrChrW
StrRChrIA

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 341B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text2
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbdb06054c05bc954e7af1f5e394227b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 512B - Virtual size: 341B

.text3 Size: 10KB - Virtual size: 9KB

.text2 Size: 271KB - Virtual size: 271KB

.data Size: 26KB - Virtual size: 26KB

.data3 Size: 20KB - Virtual size: 19KB

.rsrc Size: 1024B - Virtual size: 628B

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 512B - Virtual size: 341B

.text3
Size: 10KB - Virtual size: 9KB

.text2
Size: 271KB - Virtual size: 271KB

.data
Size: 26KB - Virtual size: 26KB

.data3
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 628B