ef34b6671447483cf5d7138f84d6d7cec9eb5cc5b225d98f0cc08cfcbf115121

Sharing

Copy URL

Twitter E-mail

General

Target

ef34b6671447483cf5d7138f84d6d7cec9eb5cc5b225d98f0cc08cfcbf115121
Size

142KB
MD5

f207e4a2f190abbcec69a4461c43e4a7
SHA1

c6500264a23ac088bd5a4c13c645be962d1d6c2b
SHA256

ef34b6671447483cf5d7138f84d6d7cec9eb5cc5b225d98f0cc08cfcbf115121
SHA512

77b4dd1db955a217e77b311c50e1211e46884c7c1c02cc533743f5200365232c684e1f0b9e6bb4113ed4a99c74e6a5c27054f78e4d5e8a5f93b06485feec8e10
SSDEEP

1536:BCiCUENjEFQZ+LDgdMkryhMjbhMxlkut+i:ByUENjTZ+Dg6kDleT5

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

ef34b6671447483cf5d7138f84d6d7cec9eb5cc5b225d98f0cc08cfcbf115121
.exe windows x86

920e0838664bd1f409252349bda4d84d

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

83:c3:c4:54:2e:c5:ee:06:03:26:06:80:2f:2b:51:e6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27-03-2020 00:00

Not After

27-03-2021 23:59

Subject

CN=BigData2Go s.r.o.,O=BigData2Go s.r.o.,POSTALCODE=99128,STREET=502/18 Szabóova,L=Vinica,ST=Banská Bystrica,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:96:2e:4f:a2:5f:48:91:ae:5a:a6:11:96:95:94:3d:47:cd:99:09
Signer

Actual PE Digest

a3:96:2e:4f:a2:5f:48:91:ae:5a:a6:11:96:95:94:3d:47:cd:99:09

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=BigData2Go s.r.o.,O=BigData2Go s.r.o.,POSTALCODE=99128,STREET=502/18 Szabóova,L=Vinica,ST=Banská Bystrica,C=SK

30-03-2020 17:37
Valid: true

Chain 1

CN=BigData2Go s.r.o.,O=BigData2Go s.r.o.,POSTALCODE=99128,STREET=502/18 Szabóova,L=Vinica,ST=Banská Bystrica,C=SK

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetModuleFileNameA
QueryPerformanceCounter
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
VirtualAlloc
GetModuleHandleW
SetErrorMode

user32

LoadIconA
GetMessagePos
CharNextA

gdi32

GetStockObject

advapi32

RegOpenKeyA
GetUserNameA
RegQueryValueExA

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

920e0838664bd1f409252349bda4d84d

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

83:c3:c4:54:2e:c5:ee:06:03:26:06:80:2f:2b:51:e6Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

a3:96:2e:4f:a2:5f:48:91:ae:5a:a6:11:96:95:94:3d:47:cd:99:09Signer

Signature Validations

Verification

30-03-2020 17:37 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 2KB - Virtual size: 2KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

83:c3:c4:54:2e:c5:ee:06:03:26:06:80:2f:2b:51:e6
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

a3:96:2e:4f:a2:5f:48:91:ae:5a:a6:11:96:95:94:3d:47:cd:99:09
Signer

30-03-2020 17:37
Valid: true

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 2KB