4a246b13f50b0bafc9678e7b43403096c591e1e43fe8c5538405d3b567e435dd

Sharing

Copy URL Twitter E-mail

General

Target

4a246b13f50b0bafc9678e7b43403096c591e1e43fe8c5538405d3b567e435dd
Size

111KB
MD5

aa7feca4f942baa222d23d1c759932ca
SHA1

a27a7c15dd2176a768f60a8fa2a05faa5a2c9970
SHA256

4a246b13f50b0bafc9678e7b43403096c591e1e43fe8c5538405d3b567e435dd
SHA512

b81b6261ab1ddb79d054753728f4bf2873d51a92a1d7dc91bcab61d6fe556a99fc78b93a007d8063b647bf0a0d322b606dbdd6213bb7f3ac197061969f6ac820
SSDEEP

3072:bzumcXvQuDsKmmpVXAF6XhO+EV5IXVWR4c2U40s:bSmcbDs3mppAF6xOlBJVs

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

4a246b13f50b0bafc9678e7b43403096c591e1e43fe8c5538405d3b567e435dd
.exe windows x86

507fabbcbca2beaa73860f7f60235837

Code Sign

02:49:0b:3f:65:e5:29:62:b0:2d:1b:94:4e:0a:bc:ed
Certificate

Issuer

CN=FDSMMCME

Not Before

04/04/2019, 00:06

Not After

31/12/2039, 23:59

Subject

CN=FDSMMCME

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

97:84:27:df:a3:30:d9:13:bd:7f:94:7f:5e:84:10:bc:a7:4e:d4:f2:05:3b:99:93:3f:19:7f:0b:e5:38:a4:86
Signer

Actual PE Digest

97:84:27:df:a3:30:d9:13:bd:7f:94:7f:5e:84:10:bc:a7:4e:d4:f2:05:3b:99:93:3f:19:7f:0b:e5:38:a4:86

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=FDSMMCME

04/04/2019, 07:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToSystemTime
FindAtomW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindResourceA
FindResourceExW
FindResourceW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetComputerNameExW
GetComputerNameW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameA
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetOEMCP
GetPrivateProfileIntW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcessHeap
GetProcessTimes
GetProfileIntA
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetThreadLocale
GetTickCount
GetTimeFormatA
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalGetAtomNameA
FileTimeToLocalFileTime
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsDebuggerPresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalReAlloc
LockFile
LockResource
MapViewOfFile
MoveFileExA
MoveFileW
MulDiv
MultiByteToWideChar
OpenMutexW
OpenProcess
OpenThread
OutputDebugStringA
OutputDebugStringW
Process32FirstW
Process32NextW
ProcessIdToSessionId
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
RemoveDirectoryA
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringA
WritePrivateProfileStringW
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyA
lstrlenA
lstrlenW
FatalAppExitA
ExpandEnvironmentStringsA
ExitThread
ExitProcess
EnumSystemLocalesA
EnumResourceLanguagesW
EnumResourceLanguagesA
EnterCriticalSection
DuplicateHandle
DeviceIoControl
DeleteFileW
DeleteFileA
DeleteCriticalSection
DeleteAtom
CreateToolhelp32Snapshot
GetProcAddress
CreateThread
CreateProcessW
CreateProcessA
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryA
CopyFileA
ConvertDefaultLocale
CompareStringW
CompareStringA
CloseHandle
AddAtomW
AddAtomA
VirtualAllocEx
GetModuleHandleA
LoadLibraryA
GlobalHandle

user32

DdeUnaccessData
DdeUninitialize
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DispatchMessageW
DrawFocusRect
DrawIcon
DrawMenuBar
DrawTextA
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
EnumClipboardFormats
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetClipboardFormatNameW
GetClipboardOwner
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDlgItemTextW
GetFocus
GetForegroundWindow
GetKeyNameTextW
GetKeyState
GetLastActivePopup
GetMenu
GetMenuBarInfo
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringA
GetMenuStringW
GetMessageA
GetMessagePos
GetMessageTime
GetMessageW
GetParent
GetProcessDefaultLayout
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
GrayStringW
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsClipboardFormatAvailable
IsDialogMessageW
IsDlgButtonChecked
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
KillTimer
LoadAcceleratorsA
LoadAcceleratorsW
LoadBitmapA
LoadBitmapW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadMenuW
LoadStringA
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
ModifyMenuW
MoveWindow
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
PtInRect
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ReuseDDElParam
ScreenToClient
ScrollWindow
ScrollWindowEx
SendDlgItemMessageA
SendDlgItemMessageW
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClipboardData
SetClipboardViewer
SetCursor
SetDlgItemInt
SetDlgItemTextA
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemBitmaps
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowTextW
SetWindowsHookExA
SetWindowsHookExW
ShowCursor
ShowScrollBar
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
TabbedTextOutW
TrackPopupMenu
TrackPopupMenuEx
TranslateAcceleratorA
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnpackDDElParam
UnregisterClassW
UpdateWindow
ValidateRect
WinHelpA
WinHelpW
WindowFromPoint
wsprintfA
wsprintfW
DdeSetUserHandle
DdeQueryConvInfo
DdePostAdvise
DdeNameService
DdeKeepStringHandle
DdeInitializeW
DdeInitializeA
DdeGetLastError
DdeGetData
DdeFreeStringHandle
DdeFreeDataHandle
DdeDisconnect
DdeCreateStringHandleW
DdeCreateStringHandleA
DdeCreateDataHandle
DdeConnect
DdeClientTransaction
DdeAccessData
CreateWindowExW
CreateWindowExA
CreatePopupMenu
CountClipboardFormats
CloseClipboard
ClientToScreen
CheckRadioButton
CheckMenuItem
CheckDlgButton
CharUpperW
ChangeClipboardChain
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
BeginDeferWindowPos
AppendMenuW
AppendMenuA
AdjustWindowRectEx
CopyRect

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateHalftonePalette
CreatePalette
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
GetClipBox
GetCurrentObject
GetDIBits
GetDeviceCaps
GetNearestPaletteIndex
GetObjectType
GetObjectW
GetPaletteEntries
GetStockObject
GetTextMetricsW
GetViewportOrgEx
IntersectClipRect
RealizePalette
ResizePalette
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetStretchBltMode
SetTextColor
SetViewportOrgEx
StretchBlt
StretchDIBits
BitBlt

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

507fabbcbca2beaa73860f7f60235837

Code Sign

02:49:0b:3f:65:e5:29:62:b0:2d:1b:94:4e:0a:bc:edCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

97:84:27:df:a3:30:d9:13:bd:7f:94:7f:5e:84:10:bc:a7:4e:d4:f2:05:3b:99:93:3f:19:7f:0b:e5:38:a4:86Signer

Signature Validations

Verification

04/04/2019, 07:36 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 792B

.rsrc Size: 17KB - Virtual size: 17KB

02:49:0b:3f:65:e5:29:62:b0:2d:1b:94:4e:0a:bc:ed
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

97:84:27:df:a3:30:d9:13:bd:7f:94:7f:5e:84:10:bc:a7:4e:d4:f2:05:3b:99:93:3f:19:7f:0b:e5:38:a4:86
Signer

04/04/2019, 07:36
Valid: false

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 792B

.rsrc
Size: 17KB - Virtual size: 17KB