4e363da4b64303394b6980de48849bc3e7010cbe0b3015eb2f95e9737676186f

Sharing

Copy URL

Twitter E-mail

General

Target

4e363da4b64303394b6980de48849bc3e7010cbe0b3015eb2f95e9737676186f
Size

104KB
MD5

4b3339c4fddb9fbbef399fc19659666c
SHA1

5313e44dcbef2f8913042c37573a7ad77a9f4e71
SHA256

4e363da4b64303394b6980de48849bc3e7010cbe0b3015eb2f95e9737676186f
SHA512

c1a16398c048b9c02fcfd906aba16b2a5da49c5df1ef16ad9009e125b46dada4a2d1002e70415ea94e6b100877e0bb212515eafa86d2268f6b8edd33c8ff1446
SSDEEP

1536:a9XM2K4Y3kK5MNq5cktsVPkRcT5nEYJyuXtg/I/rSLfrsSKPHRPmKJjrz3nYxx:a98xkK5h5xwPDTZrJ/rqzsFjrz3nYxx

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

4e363da4b64303394b6980de48849bc3e7010cbe0b3015eb2f95e9737676186f
.exe windows x86

1f73ccef65ac87a71891a2242abcd4e9

Code Sign

66:3f:85:0a:53:d2:a9:bb:47:39:c6:d0:31:89:30:72
Certificate

Issuer

CN=OHPHNFHI

Not Before

10-04-2019 11:35

Not After

31-12-2039 23:59

Subject

CN=OHPHNFHI

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

72:39:dc:cb:bb:9b:fe:ff:c2:6c:a5:e7:7c:84:e7:1b:b8:d5:e6:dd:5e:96:03:13:9d:ca:a0:6b:ff:e6:ed:2c
Signer

Actual PE Digest

72:39:dc:cb:bb:9b:fe:ff:c2:6c:a5:e7:7c:84:e7:1b:b8:d5:e6:dd:5e:96:03:13:9d:ca:a0:6b:ff:e6:ed:2c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OHPHNFHI

10-04-2019 22:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalGetAtomNameW
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByte
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
LocalLock
LocalUnlock
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OpenProcess
OutputDebugStringW
QueryDosDeviceW
RaiseException
ReleaseMutex
ResetEvent
GlobalDeleteAtom
RtlUnwind
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetLastError
SetThreadExecutionState
SetThreadLocale
SignalObjectAndWait
Sleep
SystemTimeToFileTime
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcmpW
lstrcpyA
lstrcpyW
lstrcpynW
lstrlenA
lstrlenW
VirtualAllocEx
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetWindowsDirectoryA
GetVersionExW
GetVersionExA
GetVersion
GetThreadLocale
GetTempPathW
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetStartupInfoW
GetStartupInfoA
GetProcessTimes
GetProcessHeap
GetProcAddress
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPriorityClass
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLongPathNameW
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCommandLineW
GetCPInfo
GetACP
FreeLibrary
FormatMessageW
FormatMessageA
FindFirstFileW
FindClose
FileTimeToSystemTime
ExitThread
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteFileW
DeleteFileA
DeleteCriticalSection
DefineDosDeviceW
CreateThread
CreateProcessW
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingW
CreateFileA
CreateEventW
CreateEventA
CompareStringW
ResumeThread
CloseHandle

user32

UnregisterClassW
UpdateWindow
ValidateRect
ValidateRgn
GetCaretBlinkTime
IsWindowUnicode
IsWindowVisible
GetQueueStatus
DestroyMenu
VkKeyScanW
CopyIcon
CreatePopupMenu
IsCharAlphaW
CountClipboardFormats
IsWindowEnabled
GetMenuCheckMarkDimensions
GetOpenClipboardWindow
GetParent
GetFocus
TranslateMessage
TranslateAcceleratorA
TileChildWindows
TabbedTextOutA
ShowWindow
SetSystemCursor
SetMenuItemInfoW
SetDlgItemTextA
SetClassWord
SetClassLongW
SendMessageTimeoutW
RemovePropW
RegisterClassW
PtInRect
PostThreadMessageW
PostMessageW
PeekMessageW
OemToCharA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBoxA
LockWorkStation
LoadStringW
LoadMenuW
LoadIconW
LoadCursorW
IsWindow
IsCharUpperW
InternalGetWindowText
GetSystemMetrics
GetSystemMenu
GetNextDlgTabItem
GetMessageW
GetKeyboardType
GetKeyboardLayoutNameW
GetCursorPos
GetClassLongA
ExitWindowsEx
EnumPropsW
EnumPropsExA
EnumDesktopsW
EnumDesktopsA
EndMenu
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawStateW
DrawIconEx
DispatchMessageW
DestroyWindow
DeleteMenu
DefWindowProcW
DefFrameProcA
DefDlgProcA
DdeFreeStringHandle
DdeCmpStringHandles
CreateWindowStationA
CreateWindowExW
CreateDialogIndirectParamA
CharUpperBuffW
CharToOemW
CharToOemBuffA
CharToOemA
CharNextW
CharLowerBuffA
CharLowerA
ChangeMenuW
DdeQueryStringA

gdi32

AddFontResourceA
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateEllipticRgn
CreateEnhMetaFileA
CreateFontIndirectA
CreateFontIndirectExW
CreateFontW
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EndPath
EngBitBlt
EngFindResource
EngMultiByteToWideChar
EngQueryLocalTime
ExtCreatePen
FillRgn
GdiAlphaBlend
GdiEntry8
GdiGetPageCount
GetDIBits
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetPixel
GetStockObject
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
GetWinMetaFileBits
LineTo
MoveToEx
PolyDraw
PolylineTo
Rectangle
RoundRect
STROBJ_bEnumPositionsOnly
SelectObject
SetBkColor
SetBkMode
SetBoundsRect
SetPixel
SetTextColor
SetViewportOrgEx
StartDocW
StartFormPage
StretchBlt
StrokeAndFillPath
BeginPath
StrokePath
PathToRegion
GetTextCharacterExtra
GetPolyFillMode
GetDCBrushColor
CreateHalftonePalette
DeleteMetaFile
GetLayout
EndPage
FillPath
CreateMetaFileW
AngleArc
CloseFigure

shell32

DragFinish

ole32

CoTaskMemFree

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f73ccef65ac87a71891a2242abcd4e9

Code Sign

66:3f:85:0a:53:d2:a9:bb:47:39:c6:d0:31:89:30:72Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

72:39:dc:cb:bb:9b:fe:ff:c2:6c:a5:e7:7c:84:e7:1b:b8:d5:e6:dd:5e:96:03:13:9d:ca:a0:6b:ff:e6:ed:2cSigner

Signature Validations

Verification

10-04-2019 22:35 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 600B

.rsrc Size: 20KB - Virtual size: 20KB

66:3f:85:0a:53:d2:a9:bb:47:39:c6:d0:31:89:30:72
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

72:39:dc:cb:bb:9b:fe:ff:c2:6c:a5:e7:7c:84:e7:1b:b8:d5:e6:dd:5e:96:03:13:9d:ca:a0:6b:ff:e6:ed:2c
Signer

10-04-2019 22:35
Valid: false

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 600B

.rsrc
Size: 20KB - Virtual size: 20KB