c3be44de65945ca8ee4da7fa1ac8d3d33bc098960c717657ab3f62462ae07ddf

Sharing

Copy URL

Twitter E-mail

General

Target

c3be44de65945ca8ee4da7fa1ac8d3d33bc098960c717657ab3f62462ae07ddf
Size

116KB
MD5

89368f12753a9657d1a0c7fe1817aa8c
SHA1

6ae1889a752a23479550c037647e2d8bc60601f4
SHA256

c3be44de65945ca8ee4da7fa1ac8d3d33bc098960c717657ab3f62462ae07ddf
SHA512

2b646be52e62d3bc487acc26def7dc25fb9876bddbaf5bbc25b30f17e911c340067e6cbbe0976fa6ab1a7530e663dad01d3a3adf1049f5d83f1d5c6c9ef27bc1
SSDEEP

3072:b8ENSRg5KrR52iOG7jWXlnYNav5KLdIIPst5tKRlU:b8KSRg5KPHOGErRKL6GgZ

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

c3be44de65945ca8ee4da7fa1ac8d3d33bc098960c717657ab3f62462ae07ddf
.exe windows x86

1ec3bfe8eec34e810d7e68de32d124a7

Code Sign

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06
Certificate

Issuer

CN=MOEITMWPTGYIMDGFLU

Not Before

15-04-2019 20:49

Not After

31-12-2039 23:59

Subject

CN=MOEITMWPTGYIMDGFLU

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d1:a2:b7:33:93:7c:83:f6:32:ea:9c:9f:47:eb:64:aa:67:ba:f7:98:1a:0b:56:bd:35:ca:e1:b4:74:cf:c9:cb
Signer

Actual PE Digest

d1:a2:b7:33:93:7c:83:f6:32:ea:9c:9f:47:eb:64:aa:67:ba:f7:98:1a:0b:56:bd:35:ca:e1:b4:74:cf:c9:cb

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=MOEITMWPTGYIMDGFLU

16-04-2019 00:21
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetVolumeInformationA
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
LCMapStringA
LCMapStringW
FindClose
GetExitCodeProcess
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
RemoveDirectoryA
RtlUnwind
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
LoadLibraryW
ExpandEnvironmentStringsA
ExitProcess
EnterCriticalSection
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetCPInfo
GetACP
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
FindNextFileA
LoadLibraryA
FindFirstFileA
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateMutexA
CreateFileA
CompareStringW
CompareStringA
LeaveCriticalSection
CloseHandle

user32

LoadIconW
ValidateRgn
UpdateWindow
UnloadKeyboardLayout
TranslateMessage
TranslateAcceleratorA
TileChildWindows
ShowWindow
SetWindowPos
SetRectEmpty
SetMenuItemInfoA
SetForegroundWindow
SetFocus
SetDlgItemTextA
SetCaretPos
SendMessageTimeoutA
SendMessageCallbackA
RegisterClassW
RegisterClassExA
PostQuitMessage
MapDialogRect
LoadMenuIndirectW
LoadIconA
LoadCursorA
GetWindowThreadProcessId
GetWindowLongW
GetUserObjectSecurity
GetMessageA
GetMenuState
GetForegroundWindow
GetDlgItemTextA
GetClipboardData
GetClipCursor
GetClassInfoExW
EnumPropsExA
EnumDisplaySettingsExA
EndDialog
DrawTextExW
DrawEdge
DispatchMessageA
DialogBoxParamA
DefWindowProcA
DdeQueryStringA
DdeNameService
DdeCmpStringHandles
CreateWindowExW
ActivateKeyboardLayout
AttachThreadInput
CallNextHookEx
CharToOemA
CreateMDIWindowA
CreateWindowExA
RegisterDeviceNotificationW

gdi32

AnyLinkedFonts
CLIPOBJ_bEnum
CreateCompatibleDC
CreateSolidBrush
Escape
FillRgn
GdiInitSpool
GdiIsMetaFileDC
GetEnhMetaFileA
GetObjectA
GetTextCharacterExtra
OffsetViewportOrgEx
SaveDC
SetMagicColors
SetWindowOrgEx
BRUSHOBJ_hGetColorTransform

advapi32

RegDeleteKeyW
RegSetValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegDeleteValueW
RegDeleteValueA
RegCloseKey
RegCreateKeyExW
RegDeleteKeyA

shell32

SHGetSpecialFolderPathW
SHInvokePrinterCommandW
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHPathPrepareForWriteA
SHQueryRecycleBinA
SHQueryRecycleBinW
ShellAboutW
ShellExecuteA
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
Shell_NotifyIcon
Shell_NotifyIconA
SHGetSettings
SHGetInstanceExplorer
SHGetFolderLocation
SHGetFileInfo
SHGetDiskFreeSpaceA
SHGetDataFromIDListA
SHFreeNameMappings
SHFileOperationW
SHFileOperationA
SHEmptyRecycleBinW
SHCreateProcessAsUserW
SHCreateDirectoryExW
SHBrowseForFolder
SHAppBarMessage
FindExecutableW
FindExecutableA
ExtractAssociatedIconW
ExtractAssociatedIconExA
DragQueryFileW
DragQueryFileA
DoEnvironmentSubstA
CheckEscapesW
SHGetSpecialFolderPathA

ole32

CoRegisterMessageFilter
CoReleaseServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CreateOleAdviseHolder
CreateStreamOnHGlobal
OleInitialize
OleLockRunning
OleRegEnumVerbs
OleRegGetMiscStatus
OleRegGetUserType
OleSaveToStream
OleUninitialize
ReadClassStm
StringFromCLSID
StringFromGUID2
WriteClassStm
CoInitializeEx
CoGetClassObject
CoCreateInstance
CoAddRefServerProcess
CLSIDFromString
CLSIDFromProgID
CoRegisterClassObject

shlwapi

StrChrIW
StrCmpNA
StrCmpNIA
StrRStrIA
StrRStrIW
StrChrIA

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ec3bfe8eec34e810d7e68de32d124a7

Code Sign

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

d1:a2:b7:33:93:7c:83:f6:32:ea:9c:9f:47:eb:64:aa:67:ba:f7:98:1a:0b:56:bd:35:ca:e1:b4:74:cf:c9:cbSigner

Signature Validations

Verification

16-04-2019 00:21 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 572B

.rsrc Size: 31KB - Virtual size: 30KB

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

d1:a2:b7:33:93:7c:83:f6:32:ea:9c:9f:47:eb:64:aa:67:ba:f7:98:1a:0b:56:bd:35:ca:e1:b4:74:cf:c9:cb
Signer

16-04-2019 00:21
Valid: false

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 572B

.rsrc
Size: 31KB - Virtual size: 30KB