ad286a9ef63c68763548711b695d7882ad520544be58b0f6c518591ce96bfe88

Sharing

Copy URL

Twitter E-mail

General

Target

ad286a9ef63c68763548711b695d7882ad520544be58b0f6c518591ce96bfe88
Size

499KB
MD5

78e9678410027e275631ccc725c30904
SHA1

29b43321cc43a815a0bd8f253e446198875dea3f
SHA256

ad286a9ef63c68763548711b695d7882ad520544be58b0f6c518591ce96bfe88
SHA512

7aaf15af07888dcced8d34a8cc73df1e6de36e78fc89bbcc4405bca4d9f3768797764d35458514901eeb0caec601ef79f160a6b12693999ba70492bcf232c948
SSDEEP

6144:D3uSkuqpikJJ0Zkt5GSd2OwuOLW8Z3Mq92AgfGurrsrD:aJuqIIoU5Hdeu8WAMqQOurrg

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

ad286a9ef63c68763548711b695d7882ad520544be58b0f6c518591ce96bfe88
.dll windows x86

258b3ca1491d07b33be0c1bd1d6ae3ae

Code Sign

53:ff:9c:5b:76:39:54:a2:43:5c:55:7f:c2:f9:41:ca
Certificate

Issuer

CN=SQKFEFJSIGOXBNUAAS

Not Before

06-05-2020 09:33

Not After

31-12-2039 23:59

Subject

CN=SQKFEFJSIGOXBNUAAS

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

32:f0:29:ce:de:8e:c1:39:fd:a8:27:e5:70:48:66:d4:b2:81:37:5e
Signer

Actual PE Digest

32:f0:29:ce:de:8e:c1:39:fd:a8:27:e5:70:48:66:d4:b2:81:37:5e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SQKFEFJSIGOXBNUAAS

07-05-2020 12:23
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetLastError
SetErrorMode
LoadLibraryA
GetProcAddress

user32

CopyIcon
IsClipboardFormatAvailable
ReleaseCapture
GetProcessWindowStation
IsCharAlphaNumericW
WindowFromDC
InSendMessage
GetKBCodePage
GetDC
GetClipboardViewer
IsWindowEnabled
CharNextW
DestroyCursor
CloseClipboard
CloseDesktop
GetKeyboardLayout
GetMenuItemCount
CharNextA
EnumClipboardFormats
IsCharUpperW
GetShellWindow
GetWindowDC
IsIconic
CountClipboardFormats
CharUpperW
GetWindowTextLengthW
CloseWindowStation
CharUpperA
GetKeyState
GetThreadDesktop
AnyPopup
GetSystemMetrics
DestroyWindow
IsCharAlphaNumericA
GetMenu
DestroyIcon
GetLastActivePopup
GetSysColor
EndMenu
ShowCaret
IsGUIThread
DestroyMenu
IsCharAlphaA
GetTopWindow
LoadCursorFromFileA
GetWindowTextLengthA
CloseWindow
LoadCursorFromFileW
GetCursor

gdi32

GetStockObject
GetEnhMetaFileA
StrokePath
GetPixelFormat
GetTextColor
GetDCBrushColor
GetMapMode
EndPage
GetTextCharacterExtra
AddFontResourceW
CreateCompatibleDC
FillPath
CloseFigure
PathToRegion
CreatePatternBrush
CancelDC
SwapBuffers
SetMetaRgn
GetPolyFillMode
GetSystemPaletteUse
GetGraphicsMode
GetColorSpace
GetBkMode
CreateHalftonePalette
GetTextCharset
GetStretchBltMode
WidenPath
DeleteEnhMetaFile
CreateMetaFileA
CreateMetaFileW

Sections

.text
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

258b3ca1491d07b33be0c1bd1d6ae3ae

Code Sign

53:ff:9c:5b:76:39:54:a2:43:5c:55:7f:c2:f9:41:caCertificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

32:f0:29:ce:de:8e:c1:39:fd:a8:27:e5:70:48:66:d4:b2:81:37:5eSigner

Signature Validations

Verification

07-05-2020 12:23 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 265KB - Virtual size: 265KB

.rdata Size: 203KB - Virtual size: 202KB

.data Size: 22KB - Virtual size: 22KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 1024B - Virtual size: 576B

53:ff:9c:5b:76:39:54:a2:43:5c:55:7f:c2:f9:41:ca
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

32:f0:29:ce:de:8e:c1:39:fd:a8:27:e5:70:48:66:d4:b2:81:37:5e
Signer

07-05-2020 12:23
Valid: false

.text
Size: 265KB - Virtual size: 265KB

.rdata
Size: 203KB - Virtual size: 202KB

.data
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 1024B - Virtual size: 576B