766966e7290e6ec39da0b95478a619a00998669b79758a4cc72a41da5a932161

Sharing

Copy URL

Twitter E-mail

General

Target

766966e7290e6ec39da0b95478a619a00998669b79758a4cc72a41da5a932161
Size

104KB
MD5

2d3423339177ee4c7312a227e223468a
SHA1

729752ad88a404f4a0eaffd44f9c3001bc1d436e
SHA256

766966e7290e6ec39da0b95478a619a00998669b79758a4cc72a41da5a932161
SHA512

904b7c08df327deb0bce723d0233ce47c3a455c669dfb6899ee82c3c0b03b13d5e83f9ccd53fdb95cc57d82a0af10531466c961049c2c4da7f22f9890e428ca8
SSDEEP

3072:teOu7+iAakCyv7kVJhtjqZeWsjIiq9Yn50VR:cKimD7kVJhMZeNNq9Ynw

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

766966e7290e6ec39da0b95478a619a00998669b79758a4cc72a41da5a932161
.exe windows x86

4067a70eacf5482d7f06eee28f732db6

Code Sign

79:c0:da:da:58:fc:ba:5a:b8:73:d2:b5:0c:f0:03:f6
Certificate

Issuer

CN=UQQBEKAJ

Not Before

09-04-2019 11:45

Not After

31-12-2039 23:59

Subject

CN=UQQBEKAJ

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5b:e9:1a:ad:94:87:02:ae:85:d3:5d:e0:01:c4:56:6b:6c:33:f4:41:8b:ce:5a:58:69:ec:8d:e3:47:3c:b0:c0
Signer

Actual PE Digest

5b:e9:1a:ad:94:87:02:ae:85:d3:5d:e0:01:c4:56:6b:6c:33:f4:41:8b:ce:5a:58:69:ec:8d:e3:47:3c:b0:c0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=UQQBEKAJ

09-04-2019 18:29
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
GetVersionExW
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
MultiByteToWideChar
OpenSemaphoreA
OutputDebugStringW
Process32First
RaiseException
ResetEvent
ResumeThread
RtlUnwind
SetEnvironmentVariableW
SetEvent
GetThreadLocale
SignalObjectAndWait
Sleep
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerifyVersionInfoA
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForSingleObject
WideCharToMultiByte
WriteConsoleOutputAttribute
WriteFile
lstrcpynW
lstrlenW
LoadLibraryA
LoadLibraryW
GetModuleHandleA
VirtualAllocEx
GetSystemWindowsDirectoryA
GetSystemInfo
GetStdHandle
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLocaleInfoW
GetLocalTime
GetLastError
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
GetCommandLineW
GetCPInfo
GetACP
FreeLibraryAndExitThread
FreeLibrary
FormatMessageW
FindFirstFileW
FindClose
ExitThread
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileW
CreateFileMappingW
CreateEventW
CopyFileExA
CompareStringW
CloseHandle
SetTapePosition
Beep

user32

IsMenu
GetFocus
GetParent
GetOpenClipboardWindow
GetMenuCheckMarkDimensions
IsWindowEnabled
CountClipboardFormats
IsCharAlphaW
CreatePopupMenu
CopyIcon
VkKeyScanW
DestroyMenu
GetQueueStatus
IsWindowVisible
IsWindowUnicode
IsWindow
GetCaretBlinkTime
LoadIconW
ValidateRgn
ValidateRect
TranslateAcceleratorA
TileChildWindows
TabbedTextOutA
SetSystemCursor
SetMenuItemInfoW
SetDlgItemTextA
SetClassWord
SetClassLongW
SendMessageTimeoutW
RemovePropW
PtInRect
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
MessageBoxA
LoadStringW
LoadMenuW
IsCharUpperW
GetSystemMetrics
GetNextDlgTabItem
GetKeyboardType
GetKeyboardLayoutNameW
GetCursorPos
GetClassLongA
EnumPropsW
EnumPropsExA
EnumDesktopsW
EnumDesktopsA
EndMenu
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawStateW
DrawIconEx
DefWindowProcW
DefFrameProcA
DefDlgProcA
DdeQueryStringA
DdeFreeStringHandle
DdeCmpStringHandles
CreateWindowStationA
CreateDialogIndirectParamA
CharUpperBuffW
CharToOemW
CharToOemBuffA
ChangeMenuW
CharLowerA
CharNextW
CharLowerBuffA
InternalGetWindowText

gdi32

CreateMetaFileW
FillPath
EndPage
GetLayout
DeleteMetaFile
CreateHalftonePalette
GetDCBrushColor
GetPolyFillMode
GetTextCharacterExtra
PathToRegion
CreateSolidBrush
EndPath
StartFormPage
StartDocW
SetBoundsRect
STROBJ_bEnumPositionsOnly
PolylineTo
GetWinMetaFileBits
GetTextMetricsW
GetPaletteEntries
GdiGetPageCount
GdiEntry8
GdiAlphaBlend
FillRgn
EngQueryLocalTime
EngMultiByteToWideChar
EngFindResource
EngBitBlt
CreateFontIndirectExW
CreateEnhMetaFileA
CreateEllipticRgn

comdlg32

GetFileTitleA

advapi32

RegQueryValueExW
RegCloseKey
RegEnumKeyA
RegOpenKeyExW

shell32

WOWShellExecute
ShellHookProc
ShellExecuteW
ShellExecuteExW
ShellExecuteA
ShellAboutW
SHQueryRecycleBinW
SHPathPrepareForWriteW
SHPathPrepareForWriteA
SHLoadInProc
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfo
SHGetDesktopFolder
SHGetDataFromIDListW
SHGetDataFromIDListA
SHFileOperation
SHCreateDirectoryExW
SHChangeNotify
ExtractIconExA
ExtractAssociatedIconExW
DuplicateIcon
DragQueryFileA
DragFinish
DoEnvironmentSubstA

ole32

CoTaskMemFree

shlwapi

StrCmpNA
StrRChrA
StrStrIA
StrChrIW

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4067a70eacf5482d7f06eee28f732db6

Code Sign

79:c0:da:da:58:fc:ba:5a:b8:73:d2:b5:0c:f0:03:f6Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

5b:e9:1a:ad:94:87:02:ae:85:d3:5d:e0:01:c4:56:6b:6c:33:f4:41:8b:ce:5a:58:69:ec:8d:e3:47:3c:b0:c0Signer

Signature Validations

Verification

09-04-2019 18:29 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 600B

.rsrc Size: 24KB - Virtual size: 23KB

79:c0:da:da:58:fc:ba:5a:b8:73:d2:b5:0c:f0:03:f6
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

5b:e9:1a:ad:94:87:02:ae:85:d3:5d:e0:01:c4:56:6b:6c:33:f4:41:8b:ce:5a:58:69:ec:8d:e3:47:3c:b0:c0
Signer

09-04-2019 18:29
Valid: false

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 600B

.rsrc
Size: 24KB - Virtual size: 23KB