1f3b5be93c06d5a8e5d94116294a1bd711d8688126765dfb7ee080c41f92fbb5

Sharing

Copy URL

Twitter E-mail

General

Target

1f3b5be93c06d5a8e5d94116294a1bd711d8688126765dfb7ee080c41f92fbb5
Size

185KB
MD5

ba9ca1397990de73932f0d59a48cbe94
SHA1

ad4d08843c80b20b2b3e3832cc0bede20ac51095
SHA256

1f3b5be93c06d5a8e5d94116294a1bd711d8688126765dfb7ee080c41f92fbb5
SHA512

85e172e0706f3a47c4ea1f90df3abbaae4904299274fae1bad839f7b158ae2e7cb2abab6313b2771f1f8ed9173f352f1cd99289efec7bc9770834e6a39f1c9fe
SSDEEP

3072:s8ENSRg5KrR52iOG7jWXlnYNav5K8dIIPF4j5dFs:s8KSRg5KPHOGErRK86G9

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

1f3b5be93c06d5a8e5d94116294a1bd711d8688126765dfb7ee080c41f92fbb5
.exe windows x86

7c9c585157998e34796c9fbbea371bb8

Code Sign

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06
Certificate

Issuer

CN=MOEITMWPTGYIMDGFLU

Not Before

15-04-2019 20:49

Not After

31-12-2039 23:59

Subject

CN=MOEITMWPTGYIMDGFLU

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d7:8a:e9:7e:3e:3b:78:ad:32:c8:03:1d:b8:e9:1d:63:67:b8:77:e7:d9:80:39:7b:e1:99:0c:74:6d:79:99:12
Signer

Actual PE Digest

d7:8a:e9:7e:3e:3b:78:ad:32:c8:03:1d:b8:e9:1d:63:67:b8:77:e7:d9:80:39:7b:e1:99:0c:74:6d:79:99:12

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=MOEITMWPTGYIMDGFLU

16-04-2019 08:13
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
DeleteCriticalSection
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
RemoveDirectoryA
RtlUnwind
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerifyVersionInfoW
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
CreateThread
CreateProcessA
CreateMutexA
CreateFileA
CompareStringW
CompareStringA
GetVolumeInformationA
CloseHandle

user32

InvalidateRect
IsIconic
IsWindowEnabled
IsWindowVisible
KillTimer
LoadCursorA
LoadCursorW
LoadIconA
LoadStringW
LockWindowUpdate
MapWindowPoints
MessageBoxW
MoveWindow
OemToCharA
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassExA
RegisterClipboardFormatW
ReleaseCapture
ReleaseDC
RemovePropW
SendMessageTimeoutA
SendMessageW
SetClassLongW
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetPropW
SetScrollInfo
SetTimer
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowsHookExW
ShowCaret
ShowWindow
SystemParametersInfoW
TranslateMessage
UnhookWindowsHookEx
UpdateLayeredWindow
UpdateWindow
WaitForInputIdle
LoadIconW
IntersectRect
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetWindow
GetSystemMetrics
GetSysColor
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetMessageA
GetIconInfo
GetForegroundWindow
GetDlgItemTextA
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClassNameW
GetClassLongW
GetCapture
GetActiveWindow
FrameRect
FindWindowW
FindWindowExW
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EndPaint
EndDialog
DrawTextW
DrawFrameControl
DispatchMessageW
DispatchMessageA
DialogBoxParamA
DestroyIcon
DefWindowProcW
DefWindowProcA
CreateWindowExA
CharToOemA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
GetClientRect

gdi32

CreateSolidBrush

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey

shell32

DoEnvironmentSubstA
DragQueryFileA
DragQueryFileW
ExtractAssociatedIconExA
ExtractAssociatedIconW
FindExecutableA
FindExecutableW
SHAppBarMessage
SHBrowseForFolder
SHCreateDirectoryExW
SHCreateProcessAsUserW
SHEmptyRecycleBinW
SHFileOperationA
SHFileOperationW
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDiskFreeSpaceA
SHGetFileInfo
SHGetFolderLocation
SHGetInstanceExplorer
SHGetSettings
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHInvokePrinterCommandW
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHPathPrepareForWriteA
SHQueryRecycleBinA
SHQueryRecycleBinW
ShellAboutW
ShellExecuteA
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
Shell_NotifyIcon
Shell_NotifyIconA
CheckEscapesW

shlwapi

StrChrIW
StrCmpNA
StrCmpNIA
StrRStrIA
StrRStrIW
StrChrIA

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c9c585157998e34796c9fbbea371bb8

Code Sign

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

d7:8a:e9:7e:3e:3b:78:ad:32:c8:03:1d:b8:e9:1d:63:67:b8:77:e7:d9:80:39:7b:e1:99:0c:74:6d:79:99:12Signer

Signature Validations

Verification

16-04-2019 08:13 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 572B

.rsrc Size: 31KB - Virtual size: 30KB

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

d7:8a:e9:7e:3e:3b:78:ad:32:c8:03:1d:b8:e9:1d:63:67:b8:77:e7:d9:80:39:7b:e1:99:0c:74:6d:79:99:12
Signer

16-04-2019 08:13
Valid: false

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 572B

.rsrc
Size: 31KB - Virtual size: 30KB