7629866150[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

7629866150.zip
Size

246KB
MD5

058a7e04efa899c2f03b4224dcfe888f
SHA1

a256aef5814d3c7ce9df3e1fbc3af9dc17f2a9fc
SHA256

6ad3f6310d394965888b043914b5c433f94d247a7650d8166ee734a4c5b51244
SHA512

f1b5c4bf1c5a5c8f7a502dc5181ba0d339be30c873f96afe06b1e40b22a7c4b38467600681866e8dd32ec0b1f33ee0b94fb30b2044ea35a473a843d8e4e28dfd
SSDEEP

6144:ohMS1MourO03x+BUm5/Yf3wAfUrYLOnj/0dClB1A:PS+ourOBUy23ZUjnz0d2a

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
static1/unpack001/02c74ae576e11a6a29210f6885226f89dab917a5fb373b70dbd4587398c84042	cryptone

Files

7629866150.zip
.zip

Password: infected
02c74ae576e11a6a29210f6885226f89dab917a5fb373b70dbd4587398c84042
.exe windows x86

a7d63d37b474fcb8309b159dd9bd9c18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualAllocEx
CreateTimerQueue
OutputDebugStringA
IsValidCodePage
LocalAlloc
PeekConsoleInputA
FindResourceW
GlobalSize
HeapCreate
SetTimeZoneInformation
GetConsoleAliasExesW
TransmitCommChar
HeapLock
WaitNamedPipeW
CancelTimerQueueTimer
GetPrivateProfileStringW
OpenEventA
SwitchToFiber
SearchPathW
FatalAppExitW
EnumSystemLanguageGroupsA
EnumDateFormatsExA
GetTickCount
WideCharToMultiByte
RtlMoveMemory
SetVolumeMountPointA
GetWindowsDirectoryW
PrepareTape
SetProcessShutdownParameters
QueryDosDeviceA
AddConsoleAliasA
GetNamedPipeHandleStateW
GlobalLock
SetInformationJobObject
GetWriteWatch
GetSystemInfo
_hread
GetConsoleOutputCP
GetUserDefaultLangID
TlsSetValue
TlsGetValue
GetModuleHandleW
lstrlenW
lstrcmpA
WriteProcessMemory
WriteFile
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadContext
SetThreadAffinityMask
SetPriorityClass
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
PulseEvent
OutputDebugStringW
OpenProcess
OpenMutexW
OpenFileMappingA
MultiByteToWideChar
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryExA
LoadLibraryExW
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetVersionExW
GetVersion
GetTimeZoneInformation
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathW
GetSystemTime
GetSystemDirectoryA
GetSystemDirectoryW
GetStartupInfoW
GetProcessVersion
GetProcessAffinityMask
GetProcAddress
GetPriorityClass
GetModuleFileNameA
GetModuleFileNameW
GetLogicalDrives
GetLastError
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDriveTypeW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FormatMessageW
FlushViewOfFile
FlushFileBuffers
FindResourceA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExitProcess
EnumResourceNamesW
EnterCriticalSection
DuplicateHandle
DisconnectNamedPipe
DeleteFileW
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateNamedPipeW
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CopyFileW
ConnectNamedPipe
CompareStringW
CloseHandle
CancelIo

user32

GetInputState
AnyPopup
GetMouseMovePointsEx
WINNLSEnableIME
LoadAcceleratorsW
KillTimer
UpdateWindow
AnimateWindow
ToUnicode
MessageBeep
GetKeyboardLayoutList
DefWindowProcA
GetAncestor
DeferWindowPos
BeginDeferWindowPos
DdeCreateDataHandle
EnumWindows
SendMessageCallbackW
SetMessageExtraInfo
LockSetForegroundWindow
LoadIconA
WaitForInputIdle
TranslateMessage
SystemParametersInfoW
ShowWindow
ShowOwnedPopups
SetWindowRgn
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetPropA
SetParent
SetForegroundWindow
SetCursorPos
SetClassLongW
SendNotifyMessageW
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageCallbackA
SendMessageA
SendMessageW
RemovePropA
ReleaseDC
RegisterWindowMessageW
PostThreadMessageA
PostThreadMessageW
PostMessageA
PostMessageW
OffsetRect
MsgWaitForMultipleObjects
MessageBoxW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
InvalidateRect
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetUserObjectInformationW
GetTopWindow
GetThreadDesktop
GetSystemMetrics
GetSystemMenu
GetPropA
GetParent
GetWindow
GetMessageW
GetMenu
GetForegroundWindow
GetDC
GetClientRect
GetClassNameA
GetClassLongW
GetAsyncKeyState
FrameRect
FindWindowExA
FindWindowExW
FindWindowW
EnumThreadWindows
EnableWindow
EnableMenuItem
DrawTextW
DrawMenuBar
DrawFrameControl
DrawFocusRect
DispatchMessageW
DestroyWindow
DestroyIcon
DefWindowProcW
CreateIconFromResource
ChildWindowFromPointEx
CharUpperW
CharLowerW
BringWindowToTop
AttachThreadInput
AdjustWindowRectEx

gdi32

GetStockObject
GetSystemPaletteUse
TranslateCharsetInfo
StretchDIBits
StretchBlt
SetStretchBltMode
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
GetTextExtentPointW
GetTextExtentPoint32W
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetDeviceCaps
GetDIBits
DeleteObject
DeleteDC
CreateRoundRectRgn
CreateRectRgn
CreatePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyW
SetSecurityDescriptorDacl
ReportEventW
RegisterEventSourceW
RegUnLoadKeyW
RegOpenKeyExA
RegLoadKeyW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
LookupAccountSidA
LookupAccountSidW
InitializeSecurityDescriptor
GetUserNameA
GetTokenInformation
GetLengthSid
AdjustTokenPrivileges
GetUserNameW
GetKernelObjectSecurity
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CryptSetProvParam
CryptGetProvParam
CryptDestroyHash
CryptSignHashA
CryptSetHashParam
CryptCreateHash
CryptImportKey
CryptExportKey
CryptReleaseContext
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextA
CryptDecrypt

shell32

ExtractAssociatedIconExA
DragQueryFileW
SHGetFolderPathA
SHQueryRecycleBinW
SHGetDiskFreeSpaceA
DragQueryPoint
SHGetIconOverlayIndexA
SHGetPathFromIDList
SHFileOperationA
SHGetFileInfoA
ShellExecuteW
Shell_NotifyIconW
DragFinish
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
GetHGlobalFromStream
CoCreateGuid

comctl32

ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 691KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 293B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t4xt12
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.t4xt13
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t4xt11
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

a7d63d37b474fcb8309b159dd9bd9c18

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

comctl32

Sections

.text Size: 691KB - Virtual size: 690KB

.rdata Size: 512B - Virtual size: 293B

.data Size: 207KB - Virtual size: 207KB

.t4xt12 Size: 370KB - Virtual size: 369KB

.t4xt13 Size: 11KB - Virtual size: 10KB

.t4xt11 Size: 107KB - Virtual size: 107KB

.rsrc Size: 43KB - Virtual size: 43KB

.text
Size: 691KB - Virtual size: 690KB

.rdata
Size: 512B - Virtual size: 293B

.data
Size: 207KB - Virtual size: 207KB

.t4xt12
Size: 370KB - Virtual size: 369KB

.t4xt13
Size: 11KB - Virtual size: 10KB

.t4xt11
Size: 107KB - Virtual size: 107KB

.rsrc
Size: 43KB - Virtual size: 43KB