622a1a8f9ed850f507b177e8098084a440cb204c60b1e6a1b9b023c98c91c594

Sharing

Copy URL

Twitter E-mail

General

Target

622a1a8f9ed850f507b177e8098084a440cb204c60b1e6a1b9b023c98c91c594
Size

474KB
MD5

b96235b9e1570648834439e99317b461
SHA1

ce5eef6c6e30fc62ee0c7d1311fcac4254a85491
SHA256

622a1a8f9ed850f507b177e8098084a440cb204c60b1e6a1b9b023c98c91c594
SHA512

6143d51d5b599195c6cfc53bc7c86d03f6bf78d7106908f50b385e2314d979e0ecee1e38be56a94f805d6d26b2619f7311d3125b0b2ba2b7aae44f5d41a57351
SSDEEP

6144:0lz4Ie8TvPgADDnz/HXnr/vYito3LFDPMTJYhr64Fg0:84Iuim3LFPMdV4Fg0

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

622a1a8f9ed850f507b177e8098084a440cb204c60b1e6a1b9b023c98c91c594
.exe windows x86

074128c95324ffe32e165aa8a7c994f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
ReleaseMutex
lstrcmpW
lstrcpynW
GetLastError
OpenProcess
CreateMutexW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
GetCommandLineW
GetModuleHandleA
GetStartupInfoA
GetProcAddress
Sleep
LoadLibraryA
CloseHandle
lstrcmpiW
WaitForMultipleObjects
CreateThread
GetCurrentThreadId
OpenEventW
CreateEventW
SetEvent
lstrlenW
FindNextVolumeW
GetComputerNameExA
GlobalCompact
GetEnvironmentStringsW
GetProfileSectionA
GetSystemTime
lstrcat
ReplaceFileA
SleepEx
ContinueDebugEvent
WriteTapemark
Heap32First
CancelWaitableTimer
SearchPathA
lstrcatA
lstrlenA
SetTapePosition
lstrcpyn
WriteConsoleInputA
CreateTimerQueueTimer
GetLocaleInfoA
GetStringTypeExA
FreeLibrary
LoadLibraryW
SetLastError
WriteConsoleW
GetFileType
GetStdHandle
MultiByteToWideChar
FindFirstFileW
FindNextFileW
GetFileAttributesW
LocalAlloc
LocalFree
VerifyVersionInfoW
FormatMessageW
GetModuleHandleW
HeapFree
GetProcessHeap
OutputDebugStringW
GetLocalTime
WriteFile
SetFilePointer
ExpandEnvironmentStringsW
GetEnvironmentVariableW
HeapAlloc
CreateFileW
DeviceIoControl
WaitForSingleObject
ExitThread
GetModuleFileNameW
GetWindowsDirectoryW
ProcessIdToSessionId
WideCharToMultiByte
VirtualAlloc
VirtualFree
ExitProcess
SetErrorMode

user32

GetUserObjectSecurity
GetProcessWindowStation
MessageBoxW
LoadStringW
SetProcessWindowStation
OpenWindowStationW
CloseWindowStation
SetWindowPos
OpenInputDesktop
GetDesktopWindow
wsprintfW
EnableWindow
GetDlgItem
IsIconic
EndDialog
IsDlgButtonChecked
WinHelpW
MessageBeep
GetSystemMetrics
PostQuitMessage
ShowWindow
KillTimer
SetTimer
CheckDlgButton
DialogBoxParamW
SystemParametersInfoW
AppendMenuW
GetSystemMenu
CreateDialogParamW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
RegisterWindowMessageW
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
LoadImageW
SendMessageW
GetThreadDesktop
SetThreadDesktop
IsWindowVisible
PostMessageW
GetWindowRect
EnumPropsW
SendIMEMessageExA
SendInput
IsZoomed
SetDlgItemTextA
ShowScrollBar
LockWorkStation
LoadStringA
PaintDesktop
GetShellWindow
LoadCursorFromFileW
SetPropA
OffsetRect
CallWindowProcW
ExitWindowsEx
BeginPaint
GetClientRect
DrawTextA
EndPaint
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
UpdateWindow
GetDC
LoadCursorW

gdi32

GetFontData
GetPath
SetICMProfileA
EngMultiByteToWideChar
EngStrokeAndFillPath
GetTextCharset
LineDDA
PolyPatBlt
PolyTextOutA
GdiEntry3
SetDCPenColor
GdiReleaseLocalDC
EngUnicodeToMultiByteN
GetTextFaceA
StartPage
TextOutW
GdiTransparentBlt
AngleArc
GdiAlphaBlend
GetRelAbs
GdiConvertPalette
EngAlphaBlend
GetTextExtentExPointA
GetObjectType
SetMagicColors
GetTextExtentExPointWPri
EngLineTo
GdiIsPlayMetafileDC
GetStockObject
GetColorSpace

advapi32

RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
GetSecurityDescriptorDacl
GetAclInformation
GetAce
IsWellKnownSid
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
DuplicateTokenEx
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW
GetUserNameA
GetUserNameW
RegOpenKeyA

shell32

ShellExecuteW
SHQueryRecycleBinW
ExtractAssociatedIconExA
SHCreateProcessAsUserW
SHGetFileInfoA
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
ShellExecuteExA

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree

shlwapi

StrStrW

winmm

PlaySoundA

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

074128c95324ffe32e165aa8a7c994f9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

winmm

imm32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 375KB - Virtual size: 375KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 87KB - Virtual size: 86KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 375KB - Virtual size: 375KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 87KB - Virtual size: 86KB