6dcff9017de5fa5f1960e469e13a9d0ddee796591cb40c92b5e012650bf722d4

Sharing

Copy URL

Twitter E-mail

General

Target

6dcff9017de5fa5f1960e469e13a9d0ddee796591cb40c92b5e012650bf722d4
Size

188KB
MD5

69233974d6b4ca319987c66c0d184230
SHA1

8a95e403b45c2688349c3daa92c1885605635b95
SHA256

6dcff9017de5fa5f1960e469e13a9d0ddee796591cb40c92b5e012650bf722d4
SHA512

358ede9d12d35a3b8e0113bbef267444e9a478ccb898e69d6ccda90db8a77f0797dc3c52be32678ddd0583c119eb83f3dbbaef0a2a297dd4bf8d1d1f31ff3c8f
SSDEEP

3072:ecuQIyutuHsDuhruuoIuucSIuL2Q3p9pOVrlNODD2QQbsVRKxP/gz4O7Gqv9taqG:eNQISz3IVyDD2Q/KxHZOzGq/O

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

6dcff9017de5fa5f1960e469e13a9d0ddee796591cb40c92b5e012650bf722d4
.exe windows x86

6b52ac0054552d37084bce1e6ab48f19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_beginthreadex
rand
strncat
strtok
memset
wcscpy
_errno
atoi
_iob
rename
strrchr
_except_handler3
free
strcmp
strcat
malloc
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
vsprintf
_initterm
strcpy
memcmp
strlen
_ftol
memmove
_CxxThrowException
__CxxFrameHandler
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z

ws2_32

sendto
WSAStartup
listen
accept
getpeername
bind
getsockname
__WSAFDIsSet
recv
send
select
closesocket
ntohs
socket
gethostbyname
htons
gethostname
inet_addr
connect
setsockopt
WSACleanup
inet_ntoa

msvcp60

?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

kernel32

MultiByteToWideChar
FreeLibrary
GetPrivateProfileSectionNamesA
SetEvent
lstrcpyA
VirtualAlloc
VirtualFree
CloseHandle
LoadLibraryA
GetProcAddress
lstrcmpA
GetVersionExA
CreateDirectoryA
GetDriveTypeA
LocalAlloc
RemoveDirectoryA
WriteFile
CreateProcessA
Sleep
GetLocalTime
CreateEventA
GetProcessHeap
GlobalFree
OutputDebugStringA
ReleaseMutex
SetErrorMode
GetModuleHandleA
GetStartupInfoA
InterlockedExchange
RaiseException
GetLastError
WideCharToMultiByte

msvfw32

ICSendMessage
ICSeqCompressFrameEnd

Sections

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b52ac0054552d37084bce1e6ab48f19

Headers

File Characteristics

Imports

msvcrt

ws2_32

msvcp60

kernel32

msvfw32

Sections

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 155KB - Virtual size: 158KB

.rsrc Size: 21KB - Virtual size: 21KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 155KB - Virtual size: 158KB

.rsrc
Size: 21KB - Virtual size: 21KB