fbb3316fa6994fd3c19dd45b98ffa5ff2c6249c08fcd832fa912bc305dcd8ffc[.]bin

General

Target

fbb3316fa6994fd3c19dd45b98ffa5ff2c6249c08fcd832fa912bc305dcd8ffc.bin
Size

1.9MB
MD5

5fe20c925f3019663405b147294a9d78
SHA1

1e924b77c751612a7d1b9c5247640049106eb106
SHA256

fbb3316fa6994fd3c19dd45b98ffa5ff2c6249c08fcd832fa912bc305dcd8ffc
SHA512

3f443ffbb7a0f6eef7f083916d1aa63fe2f9b33238f1503b233678b986d74847446195acf29b8b150fd94aa9e489e69d34303b3a9bc628a752dcde0e4d725818
SSDEEP

49152:eW7LRFK0GYI5iqKj9J79f6nSRkvWduw5B:RO0VMC9JRf6SkWdB

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

fbb3316fa6994fd3c19dd45b98ffa5ff2c6249c08fcd832fa912bc305dcd8ffc.bin
.exe windows x64

dcb496818721c21478589ce0b6104cdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
CloseHandle
CreateFileMappingW
CreateFileW
CreateProcessW
DeviceIoControl
FlushViewOfFile
FreeEnvironmentStringsW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetTickCount
GetVersion
GetVersionExW
GlobalMemoryStatus
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
OutputDebugStringW
SetLastError
TerminateProcess
UnmapViewOfFile
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteFile
SetErrorMode
GetSystemTime
GetModuleHandleA

user32

LoadIconA
GetMessageTime

advapi32

RegOpenKeyA
RegQueryValueExW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

dcb496818721c21478589ce0b6104cdc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.text2 Size: - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 512B - Virtual size: 4KB

.rsrc Size: 29KB - Virtual size: 28KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.text2
Size: - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 29KB - Virtual size: 28KB