986462b76b2e496caa135b897e0329909bc2547dfbd4cbec97ee0c344e3df4df

Sharing

Copy URL

Twitter E-mail

General

Target

986462b76b2e496caa135b897e0329909bc2547dfbd4cbec97ee0c344e3df4df
Size

128KB
MD5

2f9945befaa4a7d58a5efd17e812dc2d
SHA1

3d4af64ba0f8c7dd62db9f3f74dfaeafb1696b0f
SHA256

986462b76b2e496caa135b897e0329909bc2547dfbd4cbec97ee0c344e3df4df
SHA512

df957c9e44a40161f80d50b4f1c96f50f7472e7ca2873f960898882032bc7de8e06b68e72a9219fee4d241d349b9863a225c0feac152ed51e251093a505a4d16
SSDEEP

3072:o5jXhYz9lbKj7pqbmAMfir+fY/wVDBYX31UOF1VRensvl:6jXc9187pImnfaohBzi1/uU

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
static1/unpack001/Tovar na vozvrat za etot mesyac.exe	cryptone

Files

986462b76b2e496caa135b897e0329909bc2547dfbd4cbec97ee0c344e3df4df
.rar
Tovar na vozvrat za etot mesyac.exe
.exe windows x86

4dd32c32f17a30996f03854030919577

Code Sign

11:c0:92:51:f3:7e:e2:9c:45:08:19:dc:18:16:46:7e
Certificate

Issuer

CN=YKVTNHEKBNXWUWCEIJ

Not Before

10-06-2020 08:10

Not After

31-12-2039 23:59

Subject

CN=YKVTNHEKBNXWUWCEIJ

Extended Key Usages

ExtKeyUsageCodeSigning

53:33:7b:0e:fd:96:90:f4:57:2c:e5:46:45:9c:c2:39:3e:b0:c2:bd
Signer

Actual PE Digest

53:33:7b:0e:fd:96:90:f4:57:2c:e5:46:45:9c:c2:39:3e:b0:c2:bd

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=YKVTNHEKBNXWUWCEIJ

18-05-2022 18:05
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetModuleHandleA
VirtualAllocEx
VirtualProtect
CreateFileA
FlushFileBuffers
SetStdHandle
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
VirtualQuery
InterlockedExchange
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetSystemInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetTimeZoneInformation
LCMapStringW
LCMapStringA
SetFilePointer
GetCPInfo
GetOEMCP
GetACP
GetFullPathNameW
WriteFile
GetFullPathNameA
GetCurrentDirectoryW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetHandleCount
ReadFile
CloseHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
ReleaseMutex
CreateMutexA
HeapSize
GetCurrentProcess
TerminateProcess
GetCurrentDirectoryA
GetVersion
lstrcpynA
Sleep
lstrlenA
MulDiv
WideCharToMultiByte
QueryPerformanceFrequency
QueryPerformanceCounter
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindFirstFileA
RemoveDirectoryA
DebugBreak
FindNextFileA
FindClose
OutputDebugStringA
GetEnvironmentStrings
HeapReAlloc
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetProcAddress
HeapFree
RaiseException
HeapAlloc
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
CreateDirectoryA
GetDriveTypeW
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
DeleteFileW
DeleteFileA
ExitProcess
RtlUnwind
VerifyVersionInfoW
ConvertDefaultLocale
Heap32ListFirst
LoadModule
FindAtomW
_lwrite
WritePrivateProfileSectionA
ReadConsoleA
ContinueDebugEvent
SetFileAttributesW
SetProcessShutdownParameters
GetModuleHandleW
GetSystemDefaultLangID
OpenSemaphoreA
GlobalFindAtomA
SetVolumeLabelW
LocalFlags
FindNextVolumeMountPointA
SetConsoleTextAttribute
FreeLibrary
CreateIoCompletionPort
GetLocalTime
DeleteFiber
IsBadHugeReadPtr
TlsSetValue
EnumResourceLanguagesA
GlobalSize
BuildCommDCBW
GetFileAttributesExW
GetFileAttributesA
SetConsoleTitleA
InterlockedExchangeAdd
GlobalHandle
GetUserDefaultLCID
BeginUpdateResourceA
WriteProfileSectionA
SystemTimeToFileTime
Process32First
WinExec
OpenEventW
WaitForSingleObject
SetConsoleCursorInfo
CreateFileMappingW
UnmapViewOfFile
CreateEventW
CreateThread
WaitForMultipleObjects
CreateMutexW
SetEvent
TerminateThread
GetExitCodeThread
GetExitCodeProcess
CreateProcessW
GetVersionExW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
GetProcessHeap
OpenFileMappingW
SetLastError
GetCommandLineW
GetSystemDirectoryW
MapViewOfFile
lstrcpyW
LoadLibraryW
DeleteCriticalSection
LeaveCriticalSection

user32

LoadIconA
GetKeyboardLayout
IsIconic
CopyIcon
GetInputState
GetWindowTextLengthA
GetTopWindow
DestroyCursor
GetDlgCtrlID
GetClipboardData
CreatePopupMenu
IsGUIThread
DrawMenuBar
VkKeyScanA
GetMenuCheckMarkDimensions
GetClipboardOwner
IsWindow
ShowCaret
DestroyWindow
GetShellWindow
GetSysColor
IsWindowUnicode
LoadCursorFromFileA
LoadCursorFromFileW
GetWindowTextLengthW
GetFocus
PtInRect
MessageBoxW
SetCursorPos
MessageBoxA
GetDC
EnumDisplaySettingsA
ChangeDisplaySettingsA
RedrawWindow
GetClientRect
LoadCursorA
RegisterClassA
CreateWindowExW
ShowWindow
UpdateWindow
SetFocus
DefWindowProcA
SetCursor
PostQuitMessage
LoadAcceleratorsA
PeekMessageA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
SendMessageA
SetRect
AdjustWindowRect
SetWindowLongA
SetWindowPos
ShowCursor
GetForegroundWindow
ClipCursor
ToAscii
SetCapture
ReleaseCapture
GetWindowRect
ClientToScreen
GetAsyncKeyState
GetWindowInfo
GetCursorPos
HideCaret
UnionRect
PaintDesktop
DlgDirSelectComboBoxExA
ToUnicode
IsCharAlphaNumericW
GetTabbedTextExtentW
CreateDialogIndirectParamA
wsprintfA
CallWindowProcA
GetListBoxInfo
LoadBitmapA
InflateRect
KillTimer
BringWindowToTop
CallMsgFilterW
DdeFreeStringHandle
GetAltTabInfoW
EqualRect
RealGetWindowClassA
EnumPropsExA
DdeAccessData
DdeCreateStringHandleW
HiliteMenuItem
InsertMenuItemW
TranslateMDISysAccel
SetMenu
CreateDesktopW
UpdateLayeredWindow
GetCursor
MonitorFromPoint
EnumDisplayDevicesW
PackDDElParam
OpenIcon
GetNextDlgGroupItem
LoadStringW
LoadCursorW
GetSysColorBrush
RegisterClassW
InvalidateRgn
DefWindowProcW
BeginPaint
EndPaint
UnregisterClassW
GetDesktopWindow
GetWindowLongW
EnableWindow
DialogBoxParamW
GetParent
GetDlgItem
EndDialog
LoadIconW
SendDlgItemMessageW
PostMessageW
SetWindowLongW
SystemParametersInfoW
ReleaseDC
SendMessageW
EnumWindows
GetSystemMetrics
SetForegroundWindow
GetWindowThreadProcessId
GetClassNameW

gdi32

CloseEnhMetaFile
GetPixelFormat
CreateMetaFileW
StrokePath
GetEnhMetaFileW
CreateMetaFileA
CreateSolidBrush
EndPath
GetStockObject
RealizePalette
DeleteDC
CreateCompatibleDC
SetTextColor
SetBkMode
ExtTextOutA
GetDeviceCaps
CreateFontW
FontIsLinked
GetFontAssocStatus
EngTextOut
CreateColorSpaceW
EngAlphaBlend
ExcludeClipRect
RectVisible
CreateRoundRectRgn
SelectPalette
SetICMProfileW
GdiSwapBuffers
GdiConvertBitmapV5
CreateDCA
GetCharABCWidthsI
CLIPOBJ_bEnum
GdiPlayDCScript
GdiResetDCEMF
GdiSetAttrs
EngFillPath
GdiDeleteSpoolFileHandle
GdiIsMetaPrintDC
BitBlt
TextOutW
GdiConvertToDevmodeW
GetTransform
GdiEntry8
EngGetDriverName
FixBrushOrgEx
EngBitBlt
GetTextCharacterExtra
GetAspectRatioFilterEx
EngMarkBandingSurface
GetViewportExtEx
SetFontEnumeration
TextOutA
AnyLinkedFonts
CreateDiscardableBitmap
MoveToEx
LineTo
Rectangle
CreatePen
CreateFontIndirectW
DeleteObject
SelectObject

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyA
RegQueryValueExA
GetUserNameW
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegSetValueExW
RegFlushKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteA
SHGetFolderPathW
ExtractAssociatedIconExW
SHPathPrepareForWriteW
ExtractAssociatedIconA
SHIsFileAvailableOffline
ShellExecuteExW
SHQueryRecycleBinW
SHFileOperationA
SHGetSpecialFolderLocation
SHGetSettings
ShellAboutA
SHFileOperation

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
StringFromGUID2

shlwapi

StrRChrIA
StrRStrIW
StrChrIW
StrStrIW
StrRChrA

comctl32

CreatePropertySheetPageW
PropertySheetW

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdat2bz
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdat2b
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdat2a
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdat2a1
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 691KB - Virtual size: 690KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4dd32c32f17a30996f03854030919577

Code Sign

11:c0:92:51:f3:7e:e2:9c:45:08:19:dc:18:16:46:7eCertificate

Extended Key Usages

53:33:7b:0e:fd:96:90:f4:57:2c:e5:46:45:9c:c2:39:3e:b0:c2:bdSigner

Signature Validations

Verification

18-05-2022 18:05 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 47KB - Virtual size: 46KB

.tdata Size: 75KB - Virtual size: 75KB

.tdat2bz Size: 1024B - Virtual size: 700B

.tdat2b Size: 1024B - Virtual size: 700B

.tdat2a Size: 1024B - Virtual size: 700B

.tdat2a1 Size: 1024B - Virtual size: 700B

.data Size: 11KB - Virtual size: 11KB

2 Size: 691KB - Virtual size: 690KB

.rsrc Size: 164KB - Virtual size: 164KB

11:c0:92:51:f3:7e:e2:9c:45:08:19:dc:18:16:46:7e
Certificate

53:33:7b:0e:fd:96:90:f4:57:2c:e5:46:45:9c:c2:39:3e:b0:c2:bd
Signer

18-05-2022 18:05
Valid: false

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 47KB - Virtual size: 46KB

.tdata
Size: 75KB - Virtual size: 75KB

.tdat2bz
Size: 1024B - Virtual size: 700B

.tdat2b
Size: 1024B - Virtual size: 700B

.tdat2a
Size: 1024B - Virtual size: 700B

.tdat2a1
Size: 1024B - Virtual size: 700B

.data
Size: 11KB - Virtual size: 11KB

2
Size: 691KB - Virtual size: 690KB

.rsrc
Size: 164KB - Virtual size: 164KB