436909a16f1202c328732c4dd6bc7b3ce8c49682f7c5151cd2851915b9154673

Sharing

Copy URL

Twitter E-mail

General

Target

436909a16f1202c328732c4dd6bc7b3ce8c49682f7c5151cd2851915b9154673
Size

448KB
MD5

dfb6048138b5aa9317e22515edb8908f
SHA1

2eeb014fc359874915afb93641068f0dd5c1748a
SHA256

436909a16f1202c328732c4dd6bc7b3ce8c49682f7c5151cd2851915b9154673
SHA512

3939d29f969e3332c4ee98341262ec79481dc43ca28c6140731aac8df931924d4de0bbceffdc253f38b80199ac00df143aaf0ad8fae167ca8f6502d84411bbd2
SSDEEP

6144:/KOtEtEtEtEtEtEtEtEtEtEt14xwmjSu0s:/1eeeeeeeeee14xwmx

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

436909a16f1202c328732c4dd6bc7b3ce8c49682f7c5151cd2851915b9154673
.exe windows x86

dbbd1de76369b9aa2ed2792ba04b4bac

Code Sign

f5:84:18:1e:f8:8f:64:ef:29:09:76:42:42:de:bb:e6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/05/2020, 00:00

Not After

28/05/2021, 23:59

Subject

CN=Crystal City,O=Crystal City,POSTALCODE=660127,STREET=STREET MATE ZALKI\, BUILDING 41\, APARTMENT 194,L=Krasnoyarsk,ST=Krai Krasnoyarsky,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

76:6b:5b:fc:eb:ce:7d:d8:85:2e:d6:48:b1:f9:fb:92:0b:8d:8d:8a
Signer

Actual PE Digest

76:6b:5b:fc:eb:ce:7d:d8:85:2e:d6:48:b1:f9:fb:92:0b:8d:8d:8a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Crystal City,O=Crystal City,POSTALCODE=660127,STREET=STREET MATE ZALKI\, BUILDING 41\, APARTMENT 194,L=Krasnoyarsk,ST=Krai Krasnoyarsky,C=RU

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
VirtualAlloc
GetLastError
GetThreadLocale
VirtualAllocEx
ReplaceFileW
GetCommMask
FindNextVolumeMountPointA
GetConsoleCP
SetComputerNameExW
GetComputerNameA
GetVolumeNameForVolumeMountPointW
GlobalCompact
SetCommConfig
SetThreadAffinityMask
WriteProfileSectionA
SetStdHandle
lstrcmpiA
GetCPInfo
GetTimeZoneInformation
CreateWaitableTimerA
GetPrivateProfileIntW
GetThreadPriorityBoost
SetPriorityClass
GetCurrentProcess
GetVersionExW
VirtualProtect
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrlenW
lstrcpyW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
HeapDestroy
SetEvent
CloseHandle
WaitForSingleObject
lstrcpynW
GetModuleFileNameW
FreeLibrary
LoadLibraryW
CreateThread
CreateEventW
lstrcatW
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
Sleep
HeapSetInformation
GetCurrentThreadId
GetCommandLineW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RtlUnwind
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
SetUnhandledExceptionFilter

user32

LoadIconA
IsGUIThread
IsCharAlphaA
IsCharLowerA
IsCharAlphaNumericW
IsCharAlphaNumericA
IsCharLowerW
IsCharAlphaW
IsCharUpperA
IsClipboardFormatAvailable
IsCharUpperW
IsWindowUnicode
GetMenu
DrawIcon
IsChild
GetNextDlgGroupItem
CheckMenuItem
DrawFrame
CreateDialogIndirectParamW
GetMenuInfo
GetInputDesktop
GetThreadDesktop
DdeNameService
UnloadKeyboardLayout
SetClassLongA
GetWindowRgn
GetParent
ReleaseCapture
LoadCursorFromFileA
DefDlgProcW
GetKeyNameTextA
DdeUnaccessData
GetScrollInfo
GetQueueStatus
ChildWindowFromPointEx
EditWndProc
SetWindowPos
IMPSetIMEA
DdeReconnect
IMPQueryIMEW
SetWindowRgn
DdeAddData
DispatchMessageW
CharPrevW
PostThreadMessageW
CharNextW
GetMessageW

gdi32

GetEnhMetaFileA
RectInRegion
CLIPOBJ_cEnumStart
GetTextMetricsW
HT_Get8BPPMaskPalette
GetWindowExtEx
RoundRect
CreateDIBitmap
GdiCreateLocalMetaFilePict
EngDeleteClip
GetICMProfileW
GetCharacterPlacementW
FONTOBJ_pfdg
Rectangle
PolyBezier
DeviceCapabilitiesExA
GetMetaRgn
GdiGetCodePage
SetAbortProc
GdiReleaseLocalDC

advapi32

RegQueryValueExW
GetUserNameW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW

shell32

ShellExecuteExA
DragFinish
ExtractIconW
FindExecutableA
SHGetFolderPathW
DoEnvironmentSubstW
SHLoadInProc
SHFormatDrive
SHCreateProcessAsUserW

ole32

CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 325B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbbd1de76369b9aa2ed2792ba04b4bac

Code Sign

f5:84:18:1e:f8:8f:64:ef:29:09:76:42:42:de:bb:e6Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

76:6b:5b:fc:eb:ce:7d:d8:85:2e:d6:48:b1:f9:fb:92:0b:8d:8d:8aSigner

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 228KB - Virtual size: 228KB

.rdata Size: 512B - Virtual size: 325B

.data Size: 207KB - Virtual size: 207KB

.rsrc Size: 1KB - Virtual size: 1KB

f5:84:18:1e:f8:8f:64:ef:29:09:76:42:42:de:bb:e6
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

76:6b:5b:fc:eb:ce:7d:d8:85:2e:d6:48:b1:f9:fb:92:0b:8d:8d:8a
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 228KB - Virtual size: 228KB

.rdata
Size: 512B - Virtual size: 325B

.data
Size: 207KB - Virtual size: 207KB

.rsrc
Size: 1KB - Virtual size: 1KB