ea310cc4fd4e8669e014ff417286da5edf2d3bef20abfb0a4f4951afe260d33d[.]bin | Triage

Sharing

General

Target

ea310cc4fd4e8669e014ff417286da5edf2d3bef20abfb0a4f4951afe260d33d.bin
Size

1.8MB
MD5

7d4550dd4c6996057147ecc996b14e9a
SHA1

d0d68281f8459b5558559fbbf8c6c8ab4ddfec8b
SHA256

ea310cc4fd4e8669e014ff417286da5edf2d3bef20abfb0a4f4951afe260d33d
SHA512

e0653ac9c92bd134ff43886b4a8a36016660294c134ff11c6cddefe50494923fdcf370c3d96d5538d2c7ef20d216b4d15b914d40002c982c69021ee8998f57df
SSDEEP

49152:2HOalx8WJjq64Hv7OHxTAhEu5undVmB9dn5AI7EyP3:E/8WJjiPSRRu5undVmDd5VEyv

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
sample	cryptone

Files

ea310cc4fd4e8669e014ff417286da5edf2d3bef20abfb0a4f4951afe260d33d.bin
.exe windows x64

7bb84c055e762f3b23509e70313814ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetMenuCheckMarkDimensions
IsCharAlphaA
ShowCaret
GetDesktopWindow
GetForegroundWindow
GetLastActivePopup
GetQueueStatus
CloseWindow
CharNextW
GetAsyncKeyState
VkKeyScanW
IsCharUpperA
GetCapture
GetKeyboardLayout
GetDialogBaseUnits
GetOpenClipboardWindow
LoadIconA
GetDC

gdi32

GdiFlush
GetTextCharacterExtra
CreateMetaFileA
AddFontResourceA
GetTextCharset
SaveDC
AbortDoc
EndDoc
GetColorSpace
DeleteMetaFile
GetMapMode
GetStretchBltMode
CreateMetaFileW

advapi32

RegQueryValueExW
RegOpenKeyW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ