0dfcf4d5f66310de87c2e422d7804e66279fe3e3cd6a27723225aecf214e9b00[.]bin | Triage

Sharing

General

Target

0dfcf4d5f66310de87c2e422d7804e66279fe3e3cd6a27723225aecf214e9b00.bin
Size

1.8MB
MD5

662b823d2472f494c5d539d0694cca77
SHA1

f8fc84030c579070b36c99c836ac4b5c32bbc2c4
SHA256

0dfcf4d5f66310de87c2e422d7804e66279fe3e3cd6a27723225aecf214e9b00
SHA512

302d09017cd6bda0b78dbbae8d4353c03088e3244f8bbed242b8937125fa27086cfdf653ad3dbab9738ee0aee8010f378047916e19e2d323d64b993cc62e441d
SSDEEP

49152:azqqZpvT9ZwA/kzgdtK26LD4z3iXA2f9TWSDGDN1Z:sHZpvpZfkYK26LUz3i10SoN1Z

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

Files

0dfcf4d5f66310de87c2e422d7804e66279fe3e3cd6a27723225aecf214e9b00.bin
.exe windows x64

7bb84c055e762f3b23509e70313814ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetMenuCheckMarkDimensions
IsCharAlphaA
ShowCaret
GetDesktopWindow
GetForegroundWindow
GetLastActivePopup
GetQueueStatus
CloseWindow
CharNextW
GetAsyncKeyState
VkKeyScanW
IsCharUpperA
GetCapture
GetKeyboardLayout
GetDialogBaseUnits
GetOpenClipboardWindow
LoadIconA
GetDC

gdi32

GdiFlush
GetTextCharacterExtra
CreateMetaFileA
AddFontResourceA
GetTextCharset
SaveDC
AbortDoc
EndDoc
GetColorSpace
DeleteMetaFile
GetMapMode
GetStretchBltMode
CreateMetaFileW

advapi32

RegQueryValueExW
RegOpenKeyW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ