14a42e5f2dea05a1879fd85db131ce4b3e22f04910f5d07eefe2c704394f9622

Sharing

Copy URL

Twitter E-mail

General

Target

14a42e5f2dea05a1879fd85db131ce4b3e22f04910f5d07eefe2c704394f9622
Size

208KB
MD5

b6843d8d4e88ed439d5c25658a6261d9
SHA1

cd7fa5e7d6c33cf7ecdf253ee28de668230cd228
SHA256

14a42e5f2dea05a1879fd85db131ce4b3e22f04910f5d07eefe2c704394f9622
SHA512

913676ad69f5bb958700b156e8d24844cf3a8a654497ea54e36cc53e63a58a6f8c8da05e94c47e08cd2655de33127cf34771499b4ab4b0ced44e510065186732
SSDEEP

6144:uCbJHiqgnJpukqHVAuXRoVacsEv6P8xWWz:u2Han7vqGuXSVacsb0z

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

14a42e5f2dea05a1879fd85db131ce4b3e22f04910f5d07eefe2c704394f9622
.dll windows x86

9e4d63261b40629df155ada45e05d456

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
RtlUnwind
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
LocalFree
LocalAlloc
GetEnvironmentVariableW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
GetCurrentThreadId
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
VirtualAlloc
HeapReAlloc

user32

GetListBoxInfo
GetForegroundWindow
GetActiveWindow
EnumClipboardFormats
CharUpperW
DrawMenuBar
GetWindowDC
CloseClipboard
GetLastActivePopup
PaintDesktop
ShowCaret
OemKeyScan
WindowFromDC
EndMenu
LoadCursorFromFileA
DestroyWindow
CreateMenu
GetInputState
GetWindowTextLengthA
IsCharAlphaW
GetMenuCheckMarkDimensions
CharNextW
IsWindow
IsMenu
CountClipboardFormats
GetThreadDesktop
OpenIcon
IsCharUpperA
VkKeyScanA
GetMenuItemCount
GetKeyboardType

gdi32

GetStockObject
GetPolyFillMode
GetTextColor
CreateMetaFileA
AddFontResourceW
GetColorSpace
CreateMetaFileW
CreateCompatibleDC
GetBkMode
UnrealizeObject
BeginPath
GetTextAlign
DeleteEnhMetaFile
GetEnhMetaFileW
GetLayout
EndPage
SaveDC
GetEnhMetaFileA
AbortDoc

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e4d63261b40629df155ada45e05d456

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 3KB - Virtual size: 2KB

.data Size: 55KB - Virtual size: 54KB

.rsrc Size: 148KB - Virtual size: 148KB

.reloc Size: 1024B - Virtual size: 568B

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 55KB - Virtual size: 54KB

.rsrc
Size: 148KB - Virtual size: 148KB

.reloc
Size: 1024B - Virtual size: 568B