82a32b07e9718825d70f0dfe0870d8d27b32ddd1b48e96c97cda91d4c7e04530

Sharing

Copy URL

Twitter E-mail

General

Target

82a32b07e9718825d70f0dfe0870d8d27b32ddd1b48e96c97cda91d4c7e04530
Size

227KB
MD5

35a60252c7832c4e7e0589c857489ac9
SHA1

001099f0eebc504b6985b065ddf6c5446df4cf45
SHA256

82a32b07e9718825d70f0dfe0870d8d27b32ddd1b48e96c97cda91d4c7e04530
SHA512

478fec47d60171fb91c6475066971b540f78c8a209bc2c491d890d48282155de88a57bb4acce5044b44a9381de6f8a5e17e053b069a7498ca441a5c3b059973e
SSDEEP

1536:JVS+N3WyTgsvrHb2IcMenJQcwtNvjf6lypSr2o5X+mz2dIxxXIogPwFE4e5b:JVpRltHPxeCZ6Fj+mzqIx9vgt

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

82a32b07e9718825d70f0dfe0870d8d27b32ddd1b48e96c97cda91d4c7e04530
.exe windows x86

ac352ca741272e8f62ddd67e418f3cf3

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c9:8f:be:d7:dd:81:84:3d:53:d9:f7:63:03:a3:01:04
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20-05-2020 00:00

Not After

20-05-2021 23:59

Subject

CN=OOO Korobas,O=OOO Korobas,POSTALCODE=141102,STREET=ulica Stroitelej\, dom 1\, pomeshchenie 8,L=Shyolkovo,ST=Moskovskaya Obl,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:ac:8f:56:f5:72:58:ed:eb:63:20:1d:5c:3b:bc:6b:79:aa:c2:f1
Signer

Actual PE Digest

e6:ac:8f:56:f5:72:58:ed:eb:63:20:1d:5c:3b:bc:6b:79:aa:c2:f1

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=OOO Korobas,O=OOO Korobas,POSTALCODE=141102,STREET=ulica Stroitelej\, dom 1\, pomeshchenie 8,L=Shyolkovo,ST=Moskovskaya Obl,C=RU

28-05-2020 16:02
Valid: true

Chain 1

CN=OOO Korobas,O=OOO Korobas,POSTALCODE=141102,STREET=ulica Stroitelej\, dom 1\, pomeshchenie 8,L=Shyolkovo,ST=Moskovskaya Obl,C=RU

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=OOO Korobas,O=OOO Korobas,POSTALCODE=141102,STREET=ulica Stroitelej\, dom 1\, pomeshchenie 8,L=Shyolkovo,ST=Moskovskaya Obl,C=RU

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
VirtualAlloc

user32

LoadIconA
IsGUIThread
IsCharAlphaA
IsCharLowerA
IsCharAlphaNumericW
IsCharAlphaNumericA
IsCharLowerW
IsCharAlphaW
IsCharUpperA
IsClipboardFormatAvailable
IsCharUpperW
IsWindowUnicode
GetDesktopWindow
GetMenu

advapi32

RegQueryValueExA
GetUserNameA

msvcrt

__p__commode
__p__fmode
__set_app_type
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 325B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac352ca741272e8f62ddd67e418f3cf3

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

c9:8f:be:d7:dd:81:84:3d:53:d9:f7:63:03:a3:01:04Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

e6:ac:8f:56:f5:72:58:ed:eb:63:20:1d:5c:3b:bc:6b:79:aa:c2:f1Signer

Signature Validations

Verification

28-05-2020 16:02 Valid: true

Chain 1

Chain 2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 512B - Virtual size: 325B

.data Size: 199KB - Virtual size: 198KB

.rsrc Size: 2KB - Virtual size: 2KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

c9:8f:be:d7:dd:81:84:3d:53:d9:f7:63:03:a3:01:04
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

e6:ac:8f:56:f5:72:58:ed:eb:63:20:1d:5c:3b:bc:6b:79:aa:c2:f1
Signer

28-05-2020 16:02
Valid: true

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 512B - Virtual size: 325B

.data
Size: 199KB - Virtual size: 198KB

.rsrc
Size: 2KB - Virtual size: 2KB