daabe475ca939c58c9bd1227d06b715eed27296197c8f54f10619f0b505154ee

Sharing

Copy URL

Twitter E-mail

General

Target

daabe475ca939c58c9bd1227d06b715eed27296197c8f54f10619f0b505154ee
Size

706KB
MD5

6f673fee4ef29bef18746371874e3561
SHA1

8d99611473eba72c1469eeaf358f7d476e0f07f2
SHA256

daabe475ca939c58c9bd1227d06b715eed27296197c8f54f10619f0b505154ee
SHA512

d7bd661517212e588a3b34702720a4d65ce1714f7b46ea9cf79dfb2904b99ba3afad5cb196be8202fbfbb983d482b8b1bced3d49e2364fdde0af2c287d3b57ad
SSDEEP

1536:NXA1XoyWW6WBZO3O9uBDpn+0si1/OIvgS9AbW0j5+:WKi6+59uBF4TmAp

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

daabe475ca939c58c9bd1227d06b715eed27296197c8f54f10619f0b505154ee
.exe windows x86

51b507fbe9b18715acaee3db25dad789

Code Sign

30:fa:5a:4e:3e:de:79:87:aa:c8:c9:2e:65:2f:cc:db
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-04-2020 00:00

Not After

03-04-2021 23:59

Subject

CN=Tea Factory S.R.L.,O=Tea Factory S.R.L.,POSTALCODE=300001,STREET=ALEEA IONEL PERLEA NR 3 SCARA B ETAJ 3 APARTAMENT 14,L=Timisoara,ST=Timisoara,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:13:04:fa:ea:dd:04:74:56:90:ef:46:40:dc:4c:2b:05:1a:82:6e
Signer

Actual PE Digest

c3:13:04:fa:ea:dd:04:74:56:90:ef:46:40:dc:4c:2b:05:1a:82:6e

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tea Factory S.R.L.,O=Tea Factory S.R.L.,POSTALCODE=300001,STREET=ALEEA IONEL PERLEA NR 3 SCARA B ETAJ 3 APARTAMENT 14,L=Timisoara,ST=Timisoara,C=RO

23-06-2022 17:36
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
GetModuleHandleA
AreFileApisANSI
GlobalUnlock
FindFirstVolumeW
GetTempPathW
ConvertDefaultLocale
DeleteAtom
GetThreadContext
IsBadCodePtr
InterlockedExchangeAdd
InitializeCriticalSectionAndSpinCount
LocalLock
TransmitCommChar
SetEnvironmentVariableA
LocalUnlock
WritePrivateProfileStructA
SetEvent
GetCommandLineW
GetFileAttributesW
GetProcAddress
FreeLibrary
LoadLibraryW
WaitForSingleObject
GetModuleFileNameW
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
VirtualFree
VirtualAlloc
GlobalSize
ResetEvent
Sleep
LoadLibraryA
CreateEventA
GlobalMemoryStatusEx
lstrlenW

user32

GetPriorityClipboardFormat
wsprintfA
OemToCharA
DragObject
SendNotifyMessageW
GetWindowTextLengthW
OffsetRect
RegisterClipboardFormatW
GetAltTabInfoW
SetClassLongA
SubtractRect
keybd_event
GetScrollInfo
GrayStringW
SwitchDesktop
CharLowerBuffW
RegisterWindowMessageW
DlgDirSelectExW
InsertMenuA
ChangeMenuW
GetComboBoxInfo
CreateIconIndirect
WaitForInputIdle
MonitorFromRect
IsChild
SendNotifyMessageA
GetMenuItemCount
EnableMenuItem
GetMenuItemID
GetCursorPos
ModifyMenuW
GetSubMenu
LoadMenuW
FillRect
LoadBitmapW
EnumClipboardFormats
GetClipboardData
GetClipboardOwner
GetWindowTextA
ChangeClipboardChain
InvalidateRect
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
SetClipboardViewer
GetClientRect
GetWindowRect
AppendMenuW
GetSystemMenu
LoadIconW
SetForegroundWindow
ShowWindow
FindWindowW
CloseClipboard
EmptyClipboard
OpenClipboard
SendMessageW
EnableWindow
CopyRect
LoadIconA
GetKeyState

gdi32

SetLayout
AbortPath
SetDIBits
GetFontResourceInfoW
EngDeleteClip
GdiSetLastError
SelectBrushLocal
SetViewportExtEx
EngDeletePalette
SetMetaFileBitsEx
GdiPlayPrivatePageEMF
SetAbortProc
GdiConvertBitmap
SetLayoutWidth
EndPage
CreateMetaFileW
QueryFontAssocStatus
CreatePolygonRgn
GetTextExtentExPointI
SetWorldTransform
EngCreatePalette
GdiSwapBuffers
GetCharABCWidthsW
EngGetCurrentCodePage
ScaleViewportExtEx
AddFontResourceExW
CreatePolyPolygonRgn
CreateICA
GetStockObject
TranslateCharsetInfo
AddFontResourceTracking
RemoveFontResourceA
AbortDoc
CreateDIBitmap
CreateColorSpaceA
CreateMetaFileA
EngMultiByteToWideChar
StretchBlt
GetPolyFillMode
CreateCompatibleDC
CreatePatternBrush
CreateCompatibleBitmap
CreateFontW
BitBlt
GetBitmapBits
GetTextExtentPoint32W
GetObjectW
SelectObject
CreatePen
GetStretchBltMode

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueW
RegOpenKeyA
GetUserNameA

shell32

SHGetFolderPathA
SHGetFileInfoW
SHFileOperationW
SHGetDataFromIDListW
SHInvokePrinterCommandW
DragQueryFileA
SHGetFolderPathW
CommandLineToArgvW
SHFileOperationA
SHGetFileInfoA
ShellExecuteEx
SHGetDataFromIDListA
DuplicateIcon
Shell_NotifyIconW

shlwapi

StrStrIA
StrCmpNIW

comctl32

InitCommonControlsEx

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 666KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51b507fbe9b18715acaee3db25dad789

Code Sign

30:fa:5a:4e:3e:de:79:87:aa:c8:c9:2e:65:2f:cc:dbCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

c3:13:04:fa:ea:dd:04:74:56:90:ef:46:40:dc:4c:2b:05:1a:82:6eSigner

Signature Validations

Verification

23-06-2022 17:36 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 666KB - Virtual size: 665KB

.data Size: 30KB - Virtual size: 30KB

.rsrc Size: 1KB - Virtual size: 1KB

30:fa:5a:4e:3e:de:79:87:aa:c8:c9:2e:65:2f:cc:db
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

c3:13:04:fa:ea:dd:04:74:56:90:ef:46:40:dc:4c:2b:05:1a:82:6e
Signer

23-06-2022 17:36
Valid: false

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 666KB - Virtual size: 665KB

.data
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 1KB - Virtual size: 1KB