0e2b1eaae639a24ebd838f58a0afead410bccdd845993a398fe26a5f93466026

Sharing

Copy URL

Twitter E-mail

General

Target

0e2b1eaae639a24ebd838f58a0afead410bccdd845993a398fe26a5f93466026
Size

72KB
MD5

03832c922e349f3ff3a6eaba817b35f9
SHA1

f8721e7e5b227e8cc1711dbb6164ddca9e781308
SHA256

0e2b1eaae639a24ebd838f58a0afead410bccdd845993a398fe26a5f93466026
SHA512

8ae26acc6a92712e3854d23f938672ecfdf30e93f62eee9f4ae4e351ce38c6176654fd145731cb510bf551f0e370be171f69d3e65b22b18af89473bd42666ab9
SSDEEP

1536:EJJq6rm/ecGDzQrVQ29l5ug/K/f+FDOBiV79aQnOJQVjInFdkiwR:YQ6rKWOQ2DcoKX+FDOm7fJVIYvR

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

0e2b1eaae639a24ebd838f58a0afead410bccdd845993a398fe26a5f93466026
.exe windows x86

b99d0c89827bb0b116a152cbe64f9c7b

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0c:50:29:f5:fd:ba:82:ac:fc:4d:2e:c3:ce:b0:24:d7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

31-03-2020 00:00

Not After

31-03-2021 23:59

Subject

CN=Forward Programs Oy,O=Forward Programs Oy,POSTALCODE=00780,STREET=Vanha Tapanilantie\, 31,L=Helsinki,ST=Uusimaa,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:b5:78:9f:9d:e1:0b:a1:ea:83:74:92:12:97:e0:dc:e5:df:9a:80
Signer

Actual PE Digest

73:b5:78:9f:9d:e1:0b:a1:ea:83:74:92:12:97:e0:dc:e5:df:9a:80

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Forward Programs Oy,O=Forward Programs Oy,POSTALCODE=00780,STREET=Vanha Tapanilantie\, 31,L=Helsinki,ST=Uusimaa,C=FI

01-04-2020 09:35
Valid: true

Chain 1

CN=Forward Programs Oy,O=Forward Programs Oy,POSTALCODE=00780,STREET=Vanha Tapanilantie\, 31,L=Helsinki,ST=Uusimaa,C=FI

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetModuleFileNameA
QueryPerformanceCounter
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
VirtualAlloc
GetModuleHandleW

user32

DdeCreateStringHandleW
RegisterWindowMessageW
MessageBoxW
SetActiveWindow
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
GetDesktopWindow
GetWindowThreadProcessId
DdeInitializeW
GetSystemMetrics
DdeGetLastError
DdeGetData
DdeUninitialize
DdeClientTransaction
DdeConnect
DdeNameService
DdeDisconnect
FindWindowW
LoadIconA
DestroyWindow
CopyIcon
GetActiveWindow
OpenIcon
ReleaseCapture
InSendMessage
GetQueueStatus
IsWindowVisible
GetWindowTextLengthA
GetCaretBlinkTime
PaintDesktop
OemKeyScan
IsCharAlphaA
GetThreadDesktop
GetKeyboardType
GetMessagePos
GetDC
CloseClipboard
IsWindowEnabled
GetTopWindow
CreatePopupMenu
GetInputState
CharNextA
GetClipboardSequenceNumber
IsClipboardFormatAvailable
GetDialogBaseUnits
GetMessageTime
CloseWindow
IsCharAlphaNumericW
GetClipboardViewer
IsMenu
IsCharAlphaNumericA
LoadCursorFromFileW
VkKeyScanA
GetAsyncKeyState
GetWindowTextLengthW
GetKeyboardLayout
EnumClipboardFormats
DestroyMenu
CreateMenu
GetMenuCheckMarkDimensions
IsGUIThread
DestroyIcon
GetClipboardOwner
EndMenu
IsCharAlphaW
GetSysColorBrush
GetLastActivePopup
GetWindowContextHelpId
GetDlgCtrlID
CharUpperA
IsIconic
AnyPopup
CountClipboardFormats
GetClipboardData
GetMenuItemCount
CloseDesktop
WindowFromDC
GetCursor
GetParent

gdi32

SetPolyFillMode
StrokePath
ExtCreatePen
DeleteObject
SelectObject
StretchDIBits
SetDIBitsToDevice
GdiFlush
CreateCompatibleBitmap
DeleteDC
CreateDIBSection
GetDeviceCaps
EndPath
CreateCompatibleDC
BitBlt
EnumFontFamiliesA
ExtTextOutA
SetBkColor
GetBkColor
SetTextAlign
SetBkMode
SetTextColor
SelectClipRgn
LineTo
MoveToEx
CreatePen
GetTextExtentPoint32A
GetTextMetricsA
GetTextAlign
GetBkMode
GetTextColor
IntersectClipRect
GetClipRgn
CreateRectRgn
CreateFontIndirectA
DPtoLP
GetObjectA
RealizePalette
StartDocA
LPtoDP
StartPage
EndPage
EndDoc
BeginPath
CreatePalette
SelectPalette
GetSystemPaletteEntries
FillPath
SelectClipPath
PolyBezierTo
GetClipBox
SaveDC
RestoreDC
CreateSolidBrush
GetStockObject
AddFontResourceW
CreatePatternBrush
GetTextCharset
GetObjectType
AbortPath
GetEnhMetaFileW
GetDCBrushColor
GetMapMode
DeleteColorSpace
GetSystemPaletteUse
CloseMetaFile
GetDCPenColor
GdiGetBatchLimit
UpdateColors
CloseEnhMetaFile
DeleteMetaFile
GetStretchBltMode
GetTextCharacterExtra
CloseFigure
GetLayout
CreateMetaFileW
SetMetaRgn
AddFontResourceA
FlattenPath
GetPixelFormat
DeleteEnhMetaFile
UnrealizeObject
CreateMetaFileA

advapi32

RegOpenKeyA
GetUserNameA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b99d0c89827bb0b116a152cbe64f9c7b

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

0c:50:29:f5:fd:ba:82:ac:fc:4d:2e:c3:ce:b0:24:d7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

73:b5:78:9f:9d:e1:0b:a1:ea:83:74:92:12:97:e0:dc:e5:df:9a:80Signer

Signature Validations

Verification

01-04-2020 09:35 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

0c:50:29:f5:fd:ba:82:ac:fc:4d:2e:c3:ce:b0:24:d7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

73:b5:78:9f:9d:e1:0b:a1:ea:83:74:92:12:97:e0:dc:e5:df:9a:80
Signer

01-04-2020 09:35
Valid: true

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB