e657ff4838e474653b55367aa9d4a0641b35378e2e379ad0fdd1631b3b763ef0[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

e657ff4838e474653b55367aa9d4a0641b35378e2e379ad0fdd1631b3b763ef0.bin
Size

1.8MB
MD5

ab99a5767c1d598c49b1f5d615a76302
SHA1

b4061d4227e08cfaa3190dea9926571fca2736a1
SHA256

e657ff4838e474653b55367aa9d4a0641b35378e2e379ad0fdd1631b3b763ef0
SHA512

f12db9f7bfaa22747cc38a10a317bd6c7af483f9275f5981186d74435dda80df6faf53d10ee47c63b4b213310d29ca0eef5966983ecaa0dd7463a50c62cfab0c
SSDEEP

49152:Di+ns7Abx/i+mzYQwSXIyhtJq04+yeTFSCaV6pPk:2+n8AN/i+mzYyI04aT0CO6pPk

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

e657ff4838e474653b55367aa9d4a0641b35378e2e379ad0fdd1631b3b763ef0.bin
.exe windows x64

fc40fb34e700064b5ae46a807853f33e

Code Sign

32:ae:77:10:e2:57:05:a0:17:0f:14:e9:21:13:3e:2b
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15-01-2021 00:00

Not After

15-01-2022 23:59

Subject

CN=LAK COMPANY SP Z O O,O=LAK COMPANY SP Z O O,POSTALCODE=00-019,STREET=Ul. Zlota 7-18,L=Warszawa,ST=Mazowieckie,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f9:21:7b:fb:33:05:70:a5:91:81:c6:72:c3:48:4e:71:3e:2f:3e:e6
Signer

Actual PE Digest

f9:21:7b:fb:33:05:70:a5:91:81:c6:72:c3:48:4e:71:3e:2f:3e:e6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LAK COMPANY SP Z O O,O=LAK COMPANY SP Z O O,POSTALCODE=00-019,STREET=Ul. Zlota 7-18,L=Warszawa,ST=Mazowieckie,C=PL

19-07-2022 16:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
SetErrorMode
LoadLibraryA
GetModuleHandleA

user32

EndMenu
GetSysColor
GetThreadDesktop
GetDlgCtrlID
GetWindowContextHelpId
IsCharLowerW
GetForegroundWindow
GetSystemMetrics
IsWindow
GetWindowTextLengthW
IsWindowEnabled
IsCharUpperW
GetDoubleClickTime
OpenIcon
GetAsyncKeyState
OemKeyScan
AnyPopup
LoadIconA
CloseClipboard

gdi32

SaveDC
GdiGetBatchLimit
GetObjectType
UpdateColors
GetPolyFillMode
GetEnhMetaFileW
GetStretchBltMode
GetColorSpace
GetTextColor
PathToRegion

advapi32

RegQueryValueExW
RegOpenKeyW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data2
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc40fb34e700064b5ae46a807853f33e

Code Sign

32:ae:77:10:e2:57:05:a0:17:0f:14:e9:21:13:3e:2bCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

f9:21:7b:fb:33:05:70:a5:91:81:c6:72:c3:48:4e:71:3e:2f:3e:e6Signer

Signature Validations

Verification

19-07-2022 16:36 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 976B

.pdata Size: 512B - Virtual size: 144B

.data2 Size: 512B - Virtual size: 100B

.rsrc Size: 37KB - Virtual size: 37KB

32:ae:77:10:e2:57:05:a0:17:0f:14:e9:21:13:3e:2b
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

f9:21:7b:fb:33:05:70:a5:91:81:c6:72:c3:48:4e:71:3e:2f:3e:e6
Signer

19-07-2022 16:36
Valid: false

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 976B

.pdata
Size: 512B - Virtual size: 144B

.data2
Size: 512B - Virtual size: 100B

.rsrc
Size: 37KB - Virtual size: 37KB