008ec79765325200361d9c93ac35edd430f8b17894ff843268caa5acd6224549

Resubmissions

16-11-2022 01:42

221116-b4nkfacf5x 10

29-03-2021 16:19

210329-43p8tayw5n 9

Sharing

Copy URL

Twitter E-mail

General

Target

008ec79765325200361d9c93ac35edd430f8b17894ff843268caa5acd6224549
Size

1.9MB
MD5

d86f451bbff804e59a549f9fb33d6e3f
SHA1

3cb0cb07cc2542f1d98060adccda726ea865db98
SHA256

008ec79765325200361d9c93ac35edd430f8b17894ff843268caa5acd6224549
SHA512

c86ad7e1d5c445d4de9866faab578b2eb04f72ffef4fac380b7164003471b4b48b09772e735ea15205e2ab4a1f4d194d188cdeb12c7199d0824ddaba393dcaa2
SSDEEP

49152:olyGDEemRoq2KKpgL5lWKDFcmjkf8cudB/8WjM:UYerFq/FgUcuf/85

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
sample	cryptone

Files

008ec79765325200361d9c93ac35edd430f8b17894ff843268caa5acd6224549
.exe windows x64

5d2ddf9bb9051294e17ea7cb876c77e2

Code Sign

3b:00:73:14:84:4b:11:4c:61:bc:15:6a:06:09:a2:86
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14-01-2021 00:00

Not After

14-01-2022 23:59

Subject

CN=SATURDAY CITY LIMITED,O=SATURDAY CITY LIMITED,POSTALCODE=SE14 6JP,STREET=6 Clifton Rise,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

db:47:48:3c:65:61:5b:db:72:0c:b0:c2:a3:32:71:80:98:25:06:74
Signer

Actual PE Digest

db:47:48:3c:65:61:5b:db:72:0c:b0:c2:a3:32:71:80:98:25:06:74

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SATURDAY CITY LIMITED,O=SATURDAY CITY LIMITED,POSTALCODE=SE14 6JP,STREET=6 Clifton Rise,L=London,C=GB

15-11-2022 11:46
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
SetErrorMode
LoadLibraryA
GetModuleHandleA

user32

GetClipboardData
GetMenuContextHelpId
IsCharUpperW
GetOpenClipboardWindow
CloseWindow
GetDialogBaseUnits
CloseDesktop
GetListBoxInfo
IsWindow
InSendMessage
GetWindowTextLengthA
GetSystemMetrics
GetMessageExtraInfo
GetActiveWindow
IsCharLowerA
GetWindowDC
LoadIconA
IsWindowVisible

gdi32

GetEnhMetaFileW
GetGraphicsMode
GdiGetBatchLimit
CreateHalftonePalette
GetPixelFormat
CloseFigure
CloseMetaFile
WidenPath
CreateCompatibleDC
FillPath
GetDCBrushColor

advapi32

RegQueryValueExW
RegOpenKeyW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

5d2ddf9bb9051294e17ea7cb876c77e2

Code Sign

3b:00:73:14:84:4b:11:4c:61:bc:15:6a:06:09:a2:86Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

db:47:48:3c:65:61:5b:db:72:0c:b0:c2:a3:32:71:80:98:25:06:74Signer

Signature Validations

Verification

15-11-2022 11:46 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 976B

.pdata Size: 512B - Virtual size: 144B

.rsrc Size: 37KB - Virtual size: 37KB

3b:00:73:14:84:4b:11:4c:61:bc:15:6a:06:09:a2:86
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

db:47:48:3c:65:61:5b:db:72:0c:b0:c2:a3:32:71:80:98:25:06:74
Signer

15-11-2022 11:46
Valid: false

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 976B

.pdata
Size: 512B - Virtual size: 144B

.rsrc
Size: 37KB - Virtual size: 37KB