netwalker | c32a9910ff85a56cb31b168a2ebd8d7b53869e04c5b61a587839e1e549417b92

Sharing

Copy URL

Twitter E-mail

General

Target

c32a9910ff85a56cb31b168a2ebd8d7b53869e04c5b61a587839e1e549417b92
Size

331KB
MD5

e707615c15ab424772d641d734cac22d
SHA1

165d1bd6e533758ecdcc16e0496ab253ac2e2342
SHA256

c32a9910ff85a56cb31b168a2ebd8d7b53869e04c5b61a587839e1e549417b92
SHA512

6b3a0743e9904b50eccf15938bd0a1e3634fa4a45083212fd1d684400b17c469cc7cd76d24ff0cb054a5da21c46e8bad7dce9c121ac300b7e1e65a24f3692d3a
SSDEEP

6144:cz7SwNiEM0d7C9lzPX1kjKO+Z8X7VXFbgOv:ASJ7PFO+Z8XRFbgM

Score

10^/10

cryptone packer netwalker

Malware Config

Signatures

Detected Netwalker Ransomware 1 IoCs
Detected unpacked Netwalker executable.

Processes:

resource yara_rule

sample netwalker_ransomware
Netwalker family
netwalker
CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	netwalker_ransomware

resource	yara_rule
sample	cryptone

Files

c32a9910ff85a56cb31b168a2ebd8d7b53869e04c5b61a587839e1e549417b92
.exe windows x86

31cf8b4f975930f2e5ee159c2f66b139

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
VirtualAlloc
LoadLibraryA
GetProcAddress
GetModuleHandleW
lstrlenW
lstrcmpA
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
UnmapViewOfFile
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadContext
SetThreadAffinityMask
SetPriorityClass
SetLastError
SetFilePointer
SetEvent
ResumeThread
ResetEvent
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
PulseEvent
OutputDebugStringW
OpenProcess
OpenMutexW
OpenFileMappingA
OpenEventA
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVolumeInformationA
GetVersionExA
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathW
GetTempFileNameW
GetSystemTime
GetSystemInfo
GetSystemDirectoryA
GetSystemDirectoryW
GetStartupInfoW
GetProcessVersion
GetProcessAffinityMask
GetPriorityClass
GetModuleHandleA
GetModuleFileNameA
GetModuleFileNameW
GetLogicalDrives
GetLastError
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDriveTypeW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
FreeResource
InterlockedIncrement
InterlockedDecrement
FreeLibrary
FormatMessageA
FormatMessageW
FlushFileBuffers
FindResourceA
FindResourceW
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToDosDateTime
ExitProcess
EnumResourceNamesW
EnterCriticalSection
DuplicateHandle
DisconnectNamedPipe
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateNamedPipeW
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
ConnectNamedPipe
CompareStringW
CloseHandle
CancelIo
FindAtomA
EnumResourceLanguagesA
FindNextVolumeA
SetNamedPipeHandleState
GetDateFormatA
UnregisterWaitEx
GetTimeZoneInformation
GetConsoleTitleW
BackupWrite
SetTapePosition
VerLanguageNameA
SetInformationJobObject
GetProcessIoCounters
ConvertThreadToFiber
TransmitCommChar

user32

LoadIconA
GetWindowDC
IsCharAlphaNumericW
GetKeyboardLayout
CountClipboardFormats
GetShellWindow
LoadCursorFromFileA
GetQueueStatus
WindowFromDC
IsGUIThread
CloseDesktop
GetMenuItemCount
CharUpperA
InSendMessage
CloseWindowStation
GetParent
GetMessagePos
CharNextA
WindowFromPoint
WaitForInputIdle
TranslateMessage
SystemParametersInfoW
AnimateWindow
ShowWindow
ShowOwnedPopups
SetWindowRgn
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollInfo
SetRect
SetPropA
SetParent
SetForegroundWindow
SetCursorPos
SetClipboardData
SetClassLongW
SendNotifyMessageW
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageCallbackA
SendMessageA
SendMessageW
ScrollWindow
RemovePropA
ReleaseDC
RegisterWindowMessageW
RegisterClipboardFormatW
PtInRect
PostThreadMessageA
PostMessageA
PostMessageW
OffsetRect
MsgWaitForMultipleObjects
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
InvalidateRect
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetUserObjectInformationW
GetTopWindow
GetThreadDesktop
GetSystemMetrics
GetSystemMenu
GetSysColor
GetScrollInfo
GetPropA
GetWindow
GetMessageW
GetMenu
GetKeyState
GetForegroundWindow
GetDC
GetCursorPos
GetClientRect
GetClassNameA
GetClassLongW
GetAsyncKeyState
FrameRect
FindWindowExA
FindWindowExW
FindWindowW
EnumWindows
EnumThreadWindows
EnableWindow
EnableMenuItem
DrawTextW
DrawMenuBar
DrawFrameControl
DrawFocusRect
DispatchMessageW
DestroyWindow
DestroyIcon
DefWindowProcW
CreateIconFromResource
ChildWindowFromPointEx
CharUpperBuffW
CharUpperW
CharNextExA
CharLowerBuffW
CharLowerW
BringWindowToTop
AttachThreadInput
AdjustWindowRectEx
GrayStringA
GetWindowTextW
DdeInitializeA
SetDlgItemInt
IsCharAlphaW
OemToCharA
CheckDlgButton
InsertMenuItemA
SetKeyboardState
ChangeMenuW
ImpersonateDdeClientWindow
GetMenuDefaultItem
EnumChildWindows
IsCharAlphaNumericA
SetCapture
DdeConnect
RegisterShellHookWindow
GetCaretBlinkTime
IMPSetIMEW
SetActiveWindow
GetMenuBarInfo
CharUpperBuffA
DefDlgProcA
DdeQueryStringA
EndMenu
UnloadKeyboardLayout
CharNextW
SetMenu
GetCaretPos
GetComboBoxInfo
SendMessageCallbackW
LoadKeyboardLayoutW
DdePostAdvise
GetWindowModuleFileNameA
DdeQueryConvInfo
ValidateRect
ReuseDDElParam
SetFocus
IsChild
GetFocus
FillRect
EndPaint
BeginPaint

gdi32

GetStockObject
GetDCBrushColor
GetROP2
CreateMetaFileA
GetEnhMetaFileA
GetMapMode
EndPath
UpdateColors
GetFontLanguageInfo
AddFontResourceA
SaveDC
GetBkColor
GetColorSpace
GdiFlush
GetPixelFormat
TranslateCharsetInfo
TextOutW
StrokePath
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWindowExtEx
SetViewportExtEx
SetTextJustification
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetStretchBltMode
SetMapMode
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
RealizePalette
PtInRegion
PatBlt
MoveToEx
LineTo
GetWindowOrgEx
GetWindowExtEx
GetViewportExtEx
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextExtentExPointW
GetSystemPaletteEntries
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetDeviceCaps
GetDIBits
GetClipRgn
GetBrushOrgEx
FillRgn
ExtTextOutW
ExtCreateRegion
ExtCreatePen
EndPage
EndDoc
DeleteObject
DeleteDC
DPtoLP
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePalette
CreateICW
CreateFontIndirectW
CreateEllipticRgnIndirect
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
CombineRgn
CloseFigure
BitBlt
BeginPath
AbortDoc
ResetDCW
SetDIBits
UnrealizeObject
FlattenPath
GdiGetLocalBrush
GdiEntry14
PolyPolyline
GetStretchBltMode
GetObjectA
AnimatePalette
EngCreateDeviceSurface
GetDCOrgEx
GetRegionData
CreateFontIndirectExA
GetKerningPairs
CreateEnhMetaFileW
SetLayoutWidth
DeleteEnhMetaFile
GdiReleaseDC
PATHOBJ_bEnum
GdiAlphaBlend
PATHOBJ_vGetBounds
FillPath
GdiIsMetaFileDC
GdiInitializeLanguagePack
RestoreDC
SetICMProfileW
CreateColorSpaceA
GetTextCharsetInfo
ArcTo
EngQueryEMFInfo
EngAssociateSurface
CreateColorSpaceW
EudcLoadLinkW
FONTOBJ_cGetGlyphs
PolyTextOutA
EngStretchBltROP
IntersectClipRect
GetClipBox
ExcludeClipRect
CreateSolidBrush

advapi32

RegOpenKeyA
RegQueryValueExA
SetSecurityDescriptorDacl
RegUnLoadKeyW
RegOpenKeyExA
RegLoadKeyW
RegCloseKey
OpenProcessToken
LookupAccountSidA
LookupAccountSidW
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
GetUserNameW
GetKernelObjectSecurity
CryptSetProvParam
CryptGetProvParam
CryptDestroyHash
CryptSignHashA
CryptSetHashParam
CryptCreateHash
CryptImportKey
CryptExportKey
CryptReleaseContext
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextA
CryptDecrypt
RegQueryValueExW
RegOpenKeyW

shell32

SHCreateDirectoryExA
DragQueryFileW
SHFileOperation
ExtractIconExW
SHAppBarMessage
SHGetIconOverlayIndexW
SHGetDataFromIDListA
SHBrowseForFolder

ole32

CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
GetHGlobalFromStream
CoCreateGuid

shlwapi

StrStrW
StrCmpNIA

comctl32

ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 291B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31cf8b4f975930f2e5ee159c2f66b139

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 243KB - Virtual size: 242KB

.rdata Size: 512B - Virtual size: 291B

.data Size: 50KB - Virtual size: 50KB

.rsrc Size: 36KB - Virtual size: 35KB

.text
Size: 243KB - Virtual size: 242KB

.rdata
Size: 512B - Virtual size: 291B

.data
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 36KB - Virtual size: 35KB