7f449a5148ec86d84418b1fd0948d5a74b7d5d04fb73bc158432b0d1c5f59ce7

Sharing

Copy URL

Twitter E-mail

General

Target

7f449a5148ec86d84418b1fd0948d5a74b7d5d04fb73bc158432b0d1c5f59ce7
Size

1011KB
MD5

59c9b7c6507bc718780b46e6a01839c0
SHA1

58f6056de40c28956e7dc36913915b1b6f597e21
SHA256

7f449a5148ec86d84418b1fd0948d5a74b7d5d04fb73bc158432b0d1c5f59ce7
SHA512

6d5fd94bf5fde5da49980dcf703a6da45fbab64e12bcff81f5f12997645626857e2327d1f2c0a39eb490818603e818401d14fc2222a0e462d9a43642b1a7bc2a
SSDEEP

24576:WGeByAZpyq8OawmaLn52tgxDvjQ9tFwScqaKP:heBdZpyyLnnxDvjQFpLrP

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

7f449a5148ec86d84418b1fd0948d5a74b7d5d04fb73bc158432b0d1c5f59ce7
.exe windows x86

56e20db814d401612809b84cc6004d6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateCompatibleDC
GetObjectA
DPtoLP
CreateCompatibleBitmap
LPtoDP
SetMapMode
GetMapMode
SelectObject
BitBlt
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject

kernel32

ResetEvent
DeleteFileA
SetEvent
Sleep
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetTempFileNameA
FindClose
FindNextFileA
FindFirstFileA
TerminateThread
CreateEventA
CopyFileA
GetModuleFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
WaitForSingleObject
SetFileAttributesA
GetWindowsDirectoryA
TerminateProcess
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
CreateProcessA
GetStartupInfoA
GetModuleHandleA
MoveFileA
GetCommandLineA
CreateMutexA
GetEnvironmentVariableA
GetLocalTime
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetTempPathA
MulDiv
OpenProcess
GetVersionExA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
Module32First
ReadFile
GetSystemTime
GetExitCodeProcess
FindResourceExA
SizeofResource
LockResource
LoadResource
FindResourceA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateDirectoryA
LocalAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
RemoveDirectoryA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetTickCount
CreateFileA
WriteFile
CloseHandle
CreateThread
lstrlenA
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetTimeZoneInformation
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetFileAttributesA
GetCurrentDirectoryA
GetFullPathNameA
GetConsoleMode
GetConsoleCP
VirtualFree
HeapCreate
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetModuleHandleW
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError

user32

UpdateWindow
ShowWindow
CreateWindowExA
GetMessageA
LoadCursorA
CreateIconFromResourceEx
PostMessageA
TranslateMessage
GetWindowDC
DispatchMessageA
RegisterClassExA
GetWindowRect
InvalidateRect
MessageBoxA
SetWindowTextA
GetTitleBarInfo
GetDesktopWindow
MoveWindow
PostQuitMessage
SetFocus
DefWindowProcA
BeginPaint
EndPaint
GetDC
GetSystemMetrics
ReleaseDC

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegCloseKey

ole32

CreateStreamOnHGlobal

shell32

Shell_NotifyIconA

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipFree
GdipAlloc
GdipCloneImage

Sections

.text
Size: 869KB - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

56e20db814d401612809b84cc6004d6f

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdiplus

Sections

.text Size: 869KB - Virtual size: 869KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 106KB - Virtual size: 137KB

.text
Size: 869KB - Virtual size: 869KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 106KB - Virtual size: 137KB