98bff67b26daf42bc09a7579d8f08ad88a83cdaafed1bc5c7bea8519af3c9817 | Triage

Sharing

General

Target

98bff67b26daf42bc09a7579d8f08ad88a83cdaafed1bc5c7bea8519af3c9817
Size

615KB
MD5

a5aaec8e6bc64b8166195cc890408686
SHA1

2e0fdf9a5c5ff3833fdcd82e087da7d28252f36a
SHA256

98bff67b26daf42bc09a7579d8f08ad88a83cdaafed1bc5c7bea8519af3c9817
SHA512

ecbb66caf24e84f8a6d584429d2c3526e373902a85f42e795dc4d61d848f53113c7d8c3ceba8f871a2160a51ef80404d19279bb1ed93ffefcff0e0469155f836
SSDEEP

3072:eYkPy807G4DQRGSiZ+LwbUcsNTJiFJwjjeh2ULOgKNIfvqoaAU+/vQEcVxqMnJf6:APyH7l+4sdJeJoW4gO6qEvf6xqMZ

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

98bff67b26daf42bc09a7579d8f08ad88a83cdaafed1bc5c7bea8519af3c9817
.dll windows x86

424f9c23d896002bc10da6a82dd8bd5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
SetErrorMode
GetModuleHandleW
LoadLibraryA
GetProcAddress

gdi32

StrokePath
PathToRegion
GetStockObject

advapi32

RegQueryValueExA

Sections

.text
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ