5afd4019497d495f62eb21af2419d6e4b187fb7f2eb84da71737573a2fbcc54f

Sharing

Copy URL

Twitter E-mail

General

Target

5afd4019497d495f62eb21af2419d6e4b187fb7f2eb84da71737573a2fbcc54f
Size

474KB
MD5

00cacacd26d0ca23ef52df59ce81b87c
SHA1

9bd0c25ed7212c90af362d3f1f0a3a1c46edd0d4
SHA256

5afd4019497d495f62eb21af2419d6e4b187fb7f2eb84da71737573a2fbcc54f
SHA512

ca42289180e9a9d024010e26eb0acb8716ed66c9ea74dfe8e751143dbd07e35006939c737dd4b9622aed18cdfe71c6b96bba9096c5bbca209f77f898cf4de07d
SSDEEP

6144:J3lz4Ie8TvPgADDnz/HXnr/vYiSozLFDPMTJYhr64Fg0:JR4IuilzLFPMdV4Fg0

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

5afd4019497d495f62eb21af2419d6e4b187fb7f2eb84da71737573a2fbcc54f
.exe windows x86

4d853e521a7a4a8745ae73a7eb93ad93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
ReleaseMutex
lstrcmpW
lstrcpynW
GetLastError
OpenProcess
CreateMutexW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
GetCommandLineW
GetModuleHandleA
GetStartupInfoA
GetProcAddress
Sleep
LoadLibraryA
CloseHandle
lstrcmpiW
WaitForMultipleObjects
CreateThread
GetCurrentThreadId
OpenEventW
CreateEventW
SetEvent
lstrlenW
FindNextVolumeW
GetComputerNameExA
GlobalCompact
GetEnvironmentStringsW
GetProfileSectionA
GetSystemTime
lstrcat
ReplaceFileA
SleepEx
ContinueDebugEvent
WriteTapemark
Heap32First
CancelWaitableTimer
SearchPathA
lstrcatA
lstrlenA
SetTapePosition
lstrcpyn
WriteConsoleInputA
CreateTimerQueueTimer
GetLocaleInfoA
GetStringTypeExA
FreeLibrary
LoadLibraryW
SetLastError
WriteConsoleW
GetFileType
GetStdHandle
MultiByteToWideChar
FindFirstFileW
FindNextFileW
GetFileAttributesW
LocalAlloc
LocalFree
VerifyVersionInfoW
FormatMessageW
GetModuleHandleW
HeapFree
GetProcessHeap
OutputDebugStringW
GetLocalTime
WriteFile
SetFilePointer
ExpandEnvironmentStringsW
GetEnvironmentVariableW
HeapAlloc
CreateFileW
DeviceIoControl
WaitForSingleObject
ExitThread
ExitProcess
VirtualAlloc
SetErrorMode

user32

GetUserObjectSecurity
GetProcessWindowStation
MessageBoxW
LoadStringW
SetProcessWindowStation
OpenWindowStationW
CloseWindowStation
SetWindowPos
OpenInputDesktop
GetDesktopWindow
wsprintfW
EnableWindow
GetDlgItem
IsIconic
EndDialog
IsDlgButtonChecked
WinHelpW
MessageBeep
GetSystemMetrics
PostQuitMessage
ShowWindow
KillTimer
SetTimer
CheckDlgButton
DialogBoxParamW
SystemParametersInfoW
AppendMenuW
GetSystemMenu
CreateDialogParamW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
RegisterWindowMessageW
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
LoadImageW
SendMessageW
GetThreadDesktop
SetThreadDesktop
IsWindowVisible
PostMessageW
GetWindowRect
EnumPropsW
SendIMEMessageExA
SendInput
IsZoomed
SetDlgItemTextA
ShowScrollBar
LockWorkStation
LoadStringA
PaintDesktop
GetShellWindow
LoadCursorFromFileW
SetPropA
OffsetRect
CallWindowProcW
ExitWindowsEx
BeginPaint
GetClientRect
DrawTextA
EndPaint
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
UpdateWindow
GetDC
LoadCursorW

gdi32

GetFontData
GetPath
SetICMProfileA
EngMultiByteToWideChar
EngStrokeAndFillPath
GetTextCharset
LineDDA
PolyPatBlt
PolyTextOutA
GdiEntry3
SetDCPenColor
GdiReleaseLocalDC
EngUnicodeToMultiByteN
GetTextFaceA
StartPage
TextOutW
GdiTransparentBlt
AngleArc
GdiAlphaBlend
GetRelAbs
GdiConvertPalette
EngAlphaBlend
GetTextExtentExPointA
GetObjectType
SetMagicColors
GetTextExtentExPointWPri
EngLineTo
GdiIsPlayMetafileDC
GetStockObject
GetColorSpace

advapi32

RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
GetSecurityDescriptorDacl
GetAclInformation
GetAce
IsWellKnownSid
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
DuplicateTokenEx
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW
GetUserNameA
GetUserNameW
RegOpenKeyA

shell32

ShellExecuteW
SHQueryRecycleBinW
ExtractAssociatedIconExA
SHCreateProcessAsUserW
SHGetFileInfoA
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
ShellExecuteExA

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree

shlwapi

StrStrW

winmm

PlaySoundA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d853e521a7a4a8745ae73a7eb93ad93

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

winmm

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 375KB - Virtual size: 375KB

.data Size: 7KB - Virtual size: 6KB

.rsrc Size: 87KB - Virtual size: 86KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 375KB - Virtual size: 375KB

.data
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 87KB - Virtual size: 86KB