3bebc167adc5cfc6df3e052fcc56cca0c5d91d30fe2791b2a5a6485878c3b2f1

Sharing

Copy URL

Twitter E-mail

General

Target

3bebc167adc5cfc6df3e052fcc56cca0c5d91d30fe2791b2a5a6485878c3b2f1
Size

329KB
MD5

cc269eb719302c38ae0df44ca4833024
SHA1

d1d22fd4ea2a90099fdc76c0b2d150d61c2aef6b
SHA256

3bebc167adc5cfc6df3e052fcc56cca0c5d91d30fe2791b2a5a6485878c3b2f1
SHA512

a0ee73595b15f9e9b686b1206c71739992ca0c39792e086d3ce1b1cd4499beb01a15708c19f689dd38471759c49244b52e865ccb2473da9d8213cd4b6069200b
SSDEEP

3072:6+IfMDr6fKpFsKMJnkoigDpBJlxJVF67UdSDRuBCW:6+MMDr6fCFsKMioiq+USVu

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

3bebc167adc5cfc6df3e052fcc56cca0c5d91d30fe2791b2a5a6485878c3b2f1
.exe windows x86

d0907176c74c01f4df7cada2f0498ea3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
Sleep
VirtualFree
VirtualAlloc
SwitchToThread
GetACP
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
lstrcpyW
lstrcmpW
WritePrivateProfileStringW
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualProtect
TerminateThread
SystemTimeToTzSpecificLocalTime
SuspendThread
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
IsDebuggerPresent
OutputDebugStringW
MulDiv
LockResource
LoadResource
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVersionExW
GetTimeZoneInformation
GetThreadPriority
GetThreadLocale
GetTempPathW
GetPrivateProfileStringW
GetModuleFileNameA
GetLocalTime
GetFullPathNameW
GetFileAttributesExW
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FormatMessageW
FindResourceW
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumCalendarInfoW
DeviceIoControl
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
GetStringTypeW
CreateFileA
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
GetFileAttributesA
GetCurrentDirectoryW
GetProcessHeap
DeleteFileA
GetDriveTypeA
FindFirstFileExA
GetFileInformationByHandle
HeapSize
HeapSetInformation
SetConsoleCtrlHandler
GetSystemDirectoryA
FormatMessageA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetModuleHandleA
GetFileType
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
DecodePointer
HeapFree
HeapAlloc
GetCommandLineA
PeekNamedPipe
HeapReAlloc
GetFullPathNameA
EncodePointer
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
SetHandleCount
GetStartupInfoW
GetConsoleCP
FlushFileBuffers
IsProcessorFeaturePresent
HeapCreate
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringW

user32

LoadCursorW
GetTopWindow
GetDC
GetMessageTime
DestroyWindow
IsWindowEnabled
VkKeyScanW
IsClipboardFormatAvailable
GetKeyboardType
GetWindowContextHelpId
DestroyIcon
IsIconic
VkKeyScanA
CharUpperW
GetOpenClipboardWindow
IsCharLowerA
ShowCaret
GetMenu
GetKeyState
CharUpperA

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixelV
SetPixel
SetPaletteEntries
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc
RemoveFontResourceW
LineDDA
GetDCOrgEx
AddFontResourceW
DeleteMetaFile
GetSystemPaletteUse
GetEnhMetaFileW
GetTextAlign

advapi32

GetUserNameA

shell32

SHCreateProcessAsUserW
SHBindToParent
ExtractAssociatedIconW
CheckEscapesW

shlwapi

StrRChrIW

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0907176c74c01f4df7cada2f0498ea3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

imm32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 13KB - Virtual size: 13KB

.rsrc Size: 117KB - Virtual size: 116KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 117KB - Virtual size: 116KB