403ffc45012019acdb891d071e1ad5a23beac91ea6335048cb0484b38662858c

Sharing

Copy URL

Twitter E-mail

General

Target

403ffc45012019acdb891d071e1ad5a23beac91ea6335048cb0484b38662858c
Size

474KB
MD5

3f8241a5bc324829e73d61b60acac585
SHA1

64c29545cb2a567133540b1c2e88ebd5deeaf827
SHA256

403ffc45012019acdb891d071e1ad5a23beac91ea6335048cb0484b38662858c
SHA512

bd67ab3c8d937398c3cfd91ca11821a2b48d667949c5e799b69fd618d1cb0abe01e97f3fee1321611d60c8071bae462a65316de6f515d646a5712ca42d5504f8
SSDEEP

6144:a3uEylTm/HpBz/HXnr/vYiSovLFDPMTJYhr64Fg0:a+Eoi/HIilvLFPMdV4Fg0

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

403ffc45012019acdb891d071e1ad5a23beac91ea6335048cb0484b38662858c
.exe windows x86

4d853e521a7a4a8745ae73a7eb93ad93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
ReleaseMutex
lstrcmpW
lstrcpynW
GetLastError
OpenProcess
CreateMutexW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
GetCommandLineW
GetModuleHandleA
GetStartupInfoA
GetProcAddress
Sleep
LoadLibraryA
CloseHandle
lstrcmpiW
WaitForMultipleObjects
CreateThread
GetCurrentThreadId
OpenEventW
CreateEventW
SetEvent
lstrlenW
FindNextVolumeW
GetComputerNameExA
GlobalCompact
GetEnvironmentStringsW
GetProfileSectionA
GetSystemTime
lstrcat
ReplaceFileA
SleepEx
ContinueDebugEvent
WriteTapemark
Heap32First
CancelWaitableTimer
SearchPathA
lstrcatA
lstrlenA
SetTapePosition
lstrcpyn
WriteConsoleInputA
CreateTimerQueueTimer
GetLocaleInfoA
GetStringTypeExA
FreeLibrary
LoadLibraryW
SetLastError
WriteConsoleW
GetFileType
GetStdHandle
MultiByteToWideChar
FindFirstFileW
FindNextFileW
GetFileAttributesW
LocalAlloc
LocalFree
VerifyVersionInfoW
FormatMessageW
GetModuleHandleW
HeapFree
GetProcessHeap
OutputDebugStringW
GetLocalTime
WriteFile
SetFilePointer
ExpandEnvironmentStringsW
GetEnvironmentVariableW
HeapAlloc
CreateFileW
DeviceIoControl
WaitForSingleObject
ExitThread
ExitProcess
VirtualAlloc
SetErrorMode

user32

GetUserObjectSecurity
GetProcessWindowStation
MessageBoxW
LoadStringW
SetProcessWindowStation
OpenWindowStationW
CloseWindowStation
SetWindowPos
OpenInputDesktop
GetDesktopWindow
wsprintfW
EnableWindow
GetDlgItem
IsIconic
EndDialog
IsDlgButtonChecked
WinHelpW
MessageBeep
GetSystemMetrics
PostQuitMessage
ShowWindow
KillTimer
SetTimer
CheckDlgButton
DialogBoxParamW
SystemParametersInfoW
AppendMenuW
GetSystemMenu
CreateDialogParamW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
RegisterWindowMessageW
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
LoadImageW
SendMessageW
GetThreadDesktop
SetThreadDesktop
IsWindowVisible
PostMessageW
GetWindowRect
EnumPropsW
SendIMEMessageExA
SendInput
IsZoomed
SetDlgItemTextA
ShowScrollBar
LockWorkStation
LoadStringA
PaintDesktop
GetShellWindow
LoadCursorFromFileW
SetPropA
OffsetRect
CallWindowProcW
ExitWindowsEx
BeginPaint
GetClientRect
DrawTextA
EndPaint
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
UpdateWindow
GetDC
LoadCursorW

gdi32

GetFontData
GetPath
SetICMProfileA
EngMultiByteToWideChar
EngStrokeAndFillPath
GetTextCharset
LineDDA
PolyPatBlt
PolyTextOutA
GdiEntry3
SetDCPenColor
GdiReleaseLocalDC
EngUnicodeToMultiByteN
GetTextFaceA
StartPage
TextOutW
GdiTransparentBlt
AngleArc
GdiAlphaBlend
GetRelAbs
GdiConvertPalette
EngAlphaBlend
GetTextExtentExPointA
GetObjectType
SetMagicColors
GetTextExtentExPointWPri
EngLineTo
GdiIsPlayMetafileDC
GetStockObject
GetColorSpace

advapi32

RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
GetSecurityDescriptorDacl
GetAclInformation
GetAce
IsWellKnownSid
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
DuplicateTokenEx
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW
GetUserNameA
GetUserNameW
RegOpenKeyA

shell32

ShellExecuteW
SHQueryRecycleBinW
ExtractAssociatedIconExA
SHCreateProcessAsUserW
SHGetFileInfoA
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
ShellExecuteExA

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree

shlwapi

StrStrW

winmm

PlaySoundA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d853e521a7a4a8745ae73a7eb93ad93

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

winmm

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 375KB - Virtual size: 375KB

.data Size: 7KB - Virtual size: 6KB

.rsrc Size: 87KB - Virtual size: 86KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 375KB - Virtual size: 375KB

.data
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 87KB - Virtual size: 86KB