e3d6d045380162b7c6f71def8ba6aa8bd1c846db2095e7c1d9fc127970dfac08[.]bin | Triage

Sharing

General

Target

e3d6d045380162b7c6f71def8ba6aa8bd1c846db2095e7c1d9fc127970dfac08.bin
Size

1.9MB
MD5

49d4bdfa882c8458b86b1e4a5e79c92d
SHA1

6c4c9f61119fdc3d9c31e11f9cef3b0902b81884
SHA256

e3d6d045380162b7c6f71def8ba6aa8bd1c846db2095e7c1d9fc127970dfac08
SHA512

08313dba9dfa4d3432a374a48e1ad487030c7017947050895f87549efd0545e8df18c00d42aa8a7625d827861a3ab074bf6d104821cb4632e88c43c174c59e57
SSDEEP

49152:TzqqZpvT9ZwA/kzgdtK26LD4z3iXA2f9TWSDGDN1Za:nHZpvpZfkYK26LUz3i10SoN1Za

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

Files

e3d6d045380162b7c6f71def8ba6aa8bd1c846db2095e7c1d9fc127970dfac08.bin
.exe windows x64

7bb84c055e762f3b23509e70313814ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetMenuCheckMarkDimensions
IsCharAlphaA
ShowCaret
GetDesktopWindow
GetForegroundWindow
GetLastActivePopup
GetQueueStatus
CloseWindow
CharNextW
GetAsyncKeyState
VkKeyScanW
IsCharUpperA
GetCapture
GetKeyboardLayout
GetDialogBaseUnits
GetOpenClipboardWindow
LoadIconA
GetDC

gdi32

GdiFlush
GetTextCharacterExtra
CreateMetaFileA
AddFontResourceA
GetTextCharset
SaveDC
AbortDoc
EndDoc
GetColorSpace
DeleteMetaFile
GetMapMode
GetStretchBltMode
CreateMetaFileW

advapi32

RegQueryValueExW
RegOpenKeyW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l2
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ