f34ea09ea668ecdef11cc67781a9e43549913252190d49104d98c33822fd2196

Sharing

Copy URL

Twitter E-mail

General

Target

f34ea09ea668ecdef11cc67781a9e43549913252190d49104d98c33822fd2196
Size

629KB
MD5

76ca564f3c799e482b7dbc6f22e50dd6
SHA1

0802cc3009a1b7a1f9b12139340d718f7eb47d8c
SHA256

f34ea09ea668ecdef11cc67781a9e43549913252190d49104d98c33822fd2196
SHA512

678c09f9984495651a6c4c0af40bc38e44075e397325370dc5750922ee3abdbd8f15de66abf370f8e873d2a69b23c21d9980de004f12822776b281c0353a5587
SSDEEP

6144:ffWRlPjrZ5VLlJTJkitkbZWfd++AgI/loeOfrn:f+RlrrZ595kw+z/2ecn

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

f34ea09ea668ecdef11cc67781a9e43549913252190d49104d98c33822fd2196
.exe windows x86

f6e9caefcd347d1bf00a82da9eb3c474

Code Sign

4b:9c:f2:9b:35:ae:cc:41:bc:dc:a1:36:14:57:d5:3b
Certificate

Issuer

CN=HMSVFDBZWOIHLNYLNI

Not Before

07-11-2020 10:44

Not After

31-12-2039 23:59

Subject

CN=HMSVFDBZWOIHLNYLNI

Extended Key Usages

ExtKeyUsageCodeSigning

20:c0:8e:cf:1d:f7:36:07:ba:1e:37:bb:49:23:14:e4:b7:be:10:be
Signer

Actual PE Digest

20:c0:8e:cf:1d:f7:36:07:ba:1e:37:bb:49:23:14:e4:b7:be:10:be

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=HMSVFDBZWOIHLNYLNI

26-04-2022 13:48
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
DeleteFileA
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
GlobalAlloc
GetVersionExW
GetFullPathNameA
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoW
GetNumberFormatW
SetFileAttributesW
GetDateFormatW
GetTimeFormatW
GetCPInfo
SetCurrentDirectoryW
LoadLibraryW
FreeLibrary
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
GetStdHandle
ReadFile
GetCurrentDirectoryW
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileW
SetFileTime
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
DosDateTimeToFileTime
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
CreateThread
CreateEventW
SetEvent
Sleep
lstrcmpiW
GetCurrentThreadId
GetCommandLineW
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
LocalFree
FormatMessageW
FlushInstructionCache
GetModuleHandleA
GetStartupInfoW
GetVersionExA
GetProcAddress
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
LoadLibraryA
RtlUnwind
SetStdHandle
FlushFileBuffers
SetInformationJobObject
GenerateConsoleCtrlEvent
AssignProcessToJobObject
QueryInformationJobObject
CreateJobObjectA
SetConsoleCtrlHandler
DuplicateHandle
DecodePointer
GetStringTypeW
HeapSetInformation
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetConsoleCP
GetConsoleMode
IsProcessorFeaturePresent
LCMapStringW
WriteConsoleW

user32

WinHelpW
ClientToScreen
DdeSetQualityOfService
WinHelpA
GetWindowTextW
LoadStringW
SetThreadDesktop
OpenDesktopW
GetThreadDesktop
SetProcessWindowStation
OpenWindowStationW
GetUserObjectInformationW
GetProcessWindowStation
SetForegroundWindow
EnumThreadWindows
PostMessageW
DefWindowProcW
UnregisterClassW
SetWindowLongW
GetDesktopWindow
RegisterClassW
LoadIconW
MessageBoxW
UpdateWindow
SetDlgItemTextW
ShowWindow
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
GetMessageW
DispatchMessageW
CharNextW
CreateWindowExW
DestroyWindow
PostQuitMessage
PostThreadMessageW
LoadIconA
GetWindowTextLengthW
GetWindowDC
GetWindowContextHelpId
GetMenuContextHelpId
GetInputState
GetShellWindow
GetMenuCheckMarkDimensions
IsCharLowerW
GetKBCodePage
GetDlgCtrlID

gdi32

GdiConvertRegion
ExtSelectClipRgn
EngCreatePalette
GetTextExtentPoint32W
EngGradientFill
GdiConvertBrush
TextOutA
CreateColorSpaceW
GetCharWidthFloatW
GdiProcessSetup
GetArcDirection
SwapBuffers
SetColorAdjustment
GdiQueryFonts
GetObjectType
CreateRectRgn
GdiTransparentBlt
GetPaletteEntries
GetTextFaceW
XLATEOBJ_piVector
CreateBitmap
GdiEntry6
AnyLinkedFonts
SetStretchBltMode
GetObjectA
GetMetaFileBitsEx
GetRasterizerCaps
CreateDIBPatternBrush
CreateFontIndirectExW
SelectFontLocal
GdiGetLocalFont
CreateICA
PlayMetaFile
CreateSolidBrush
AddFontResourceTracking
StartFormPage
GdiSetBatchLimit
GetBitmapDimensionEx
ExtTextOutW
STROBJ_bEnum
EngLineTo
GetStockObject
CreateMetaFileA
DeleteObject
CloseEnhMetaFile
GetPixelFormat
GetEnhMetaFileBits

advapi32

RegOpenKeyA
RegQueryValueExA

ole32

CoInitializeSecurity
CoInitializeEx
CoSuspendClassObjects
CoResumeClassObjects
CoUninitialize

comctl32

InitCommonControlsEx

Sections

.text
Size: 481KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ba9
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ba8
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ba7
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ba6
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ba5
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ba4
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ba3
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ba2
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ba
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6e9caefcd347d1bf00a82da9eb3c474

Code Sign

4b:9c:f2:9b:35:ae:cc:41:bc:dc:a1:36:14:57:d5:3bCertificate

Extended Key Usages

20:c0:8e:cf:1d:f7:36:07:ba:1e:37:bb:49:23:14:e4:b7:be:10:beSigner

Signature Validations

Verification

26-04-2022 13:48 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

comctl32

Sections

.text Size: 481KB - Virtual size: 480KB

.data Size: 7KB - Virtual size: 6KB

.ba9 Size: 512B - Virtual size: 1B

.ba8 Size: 512B - Virtual size: 1B

.ba7 Size: 512B - Virtual size: 1B

.ba6 Size: 512B - Virtual size: 1B

.ba5 Size: 512B - Virtual size: 1B

.ba4 Size: 512B - Virtual size: 1B

.ba3 Size: 512B - Virtual size: 1B

.ba2 Size: 512B - Virtual size: 1B

.ba Size: 1KB - Virtual size: 1KB

.rsrc Size: 134KB - Virtual size: 133KB

4b:9c:f2:9b:35:ae:cc:41:bc:dc:a1:36:14:57:d5:3b
Certificate

20:c0:8e:cf:1d:f7:36:07:ba:1e:37:bb:49:23:14:e4:b7:be:10:be
Signer

26-04-2022 13:48
Valid: false

.text
Size: 481KB - Virtual size: 480KB

.data
Size: 7KB - Virtual size: 6KB

.ba9
Size: 512B - Virtual size: 1B

.ba8
Size: 512B - Virtual size: 1B

.ba7
Size: 512B - Virtual size: 1B

.ba6
Size: 512B - Virtual size: 1B

.ba5
Size: 512B - Virtual size: 1B

.ba4
Size: 512B - Virtual size: 1B

.ba3
Size: 512B - Virtual size: 1B

.ba2
Size: 512B - Virtual size: 1B

.ba
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 134KB - Virtual size: 133KB