605b4fbf47c1b87fc38f3036457da59c81c34f09e1b23e58494116935ba3944a

Sharing

Copy URL

Twitter E-mail

General

Target

605b4fbf47c1b87fc38f3036457da59c81c34f09e1b23e58494116935ba3944a
Size

103KB
MD5

540dc9c34c792d31e1809e86530062e8
SHA1

d6d7c67c7de33864da4b34c005caebe9f03f5e25
SHA256

605b4fbf47c1b87fc38f3036457da59c81c34f09e1b23e58494116935ba3944a
SHA512

8e9037e66b5918b7f94720f9092ac277cb17e26f216a15b8e3cd064cf901f7b8ff5703b9f74f530bd128fb8d67007bba8c0eaaaa58a0349b51acc12da5ce6dd2
SSDEEP

3072:m98xkK5h5xwPDTZrJ/rqJcd1Jj7z3nYxGp:muxkgh5orrJTYy

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

605b4fbf47c1b87fc38f3036457da59c81c34f09e1b23e58494116935ba3944a
.exe windows x86

6d96138119fd3f96edfc70085506e6d7

Code Sign

66:3f:85:0a:53:d2:a9:bb:47:39:c6:d0:31:89:30:72
Certificate

Issuer

CN=OHPHNFHI

Not Before

10-04-2019 11:35

Not After

31-12-2039 23:59

Subject

CN=OHPHNFHI

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:4f:d9:12:e0:71:75:14:2c:3a:e1:a7:ad:f1:8e:66:07:7c:fb:c9:32:96:e6:19:02:c7:6b:32:67:5b:6e:2c
Signer

Actual PE Digest

41:4f:d9:12:e0:71:75:14:2c:3a:e1:a7:ad:f1:8e:66:07:7c:fb:c9:32:96:e6:19:02:c7:6b:32:67:5b:6e:2c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OHPHNFHI

10-04-2019 18:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OpenProcess
OutputDebugStringW
QueryDosDeviceW
RaiseException
ReleaseMutex
ResetEvent
ResumeThread
RtlUnwind
SetErrorMode
SetEvent
SetFileAttributesA
HeapAlloc
SetLastError
SetThreadExecutionState
SetThreadLocale
SignalObjectAndWait
Sleep
SystemTimeToFileTime
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcmpW
lstrcpyA
lstrcpynW
lstrlenA
lstrlenW
VirtualAllocEx
LoadLibraryA
GlobalGetAtomNameW
GetWindowsDirectoryW
GetWindowsDirectoryA
GetVersionExW
GetVersionExA
GetVersion
GetThreadLocale
GetTempPathW
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetStartupInfoW
GetStartupInfoA
GetProcessTimes
GetProcessHeap
GetProcAddress
GetPrivateProfileStringW
GetPriorityClass
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLongPathNameW
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCommandLineW
GetCPInfo
GetACP
FreeLibrary
FormatMessageW
FormatMessageA
FindFirstFileW
FindClose
FileTimeToSystemTime
ExitThread
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteFileW
DeleteFileA
DeleteCriticalSection
DefineDosDeviceW
CreateThread
CreateProcessW
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingW
CreateFileA
CreateEventW
CreateEventA
CompareStringW
SetFilePointer
CloseHandle

user32

ValidateRect
ValidateRgn
GetCaretBlinkTime
IsWindow
IsWindowUnicode
IsWindowVisible
GetQueueStatus
DestroyMenu
VkKeyScanW
CopyIcon
CreatePopupMenu
IsCharAlphaW
CountClipboardFormats
IsWindowEnabled
GetMenuCheckMarkDimensions
GetOpenClipboardWindow
GetParent
GetFocus
UpdateWindow
UnregisterClassW
TranslateMessage
TranslateAcceleratorA
TileChildWindows
TabbedTextOutA
ShowWindow
SetSystemCursor
SetMenuItemInfoW
SetDlgItemTextA
SetClassWord
SetClassLongW
SendMessageTimeoutW
RemovePropW
RegisterClassW
PtInRect
PostMessageW
PeekMessageW
OemToCharA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBoxA
LoadStringW
LoadMenuW
LoadIconW
LoadCursorW
IsCharUpperW
InternalGetWindowText
GetSystemMetrics
GetSystemMenu
GetNextDlgTabItem
GetMessageW
GetKeyboardType
GetKeyboardLayoutNameW
GetCursorPos
GetClassLongA
EnumPropsW
EnumPropsExA
EnumDesktopsW
EnumDesktopsA
EndMenu
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawStateW
DrawIconEx
DispatchMessageW
DestroyWindow
DefWindowProcW
DefFrameProcA
DefDlgProcA
DdeQueryStringA
DdeFreeStringHandle
DdeCmpStringHandles
CreateWindowStationA
CreateWindowExW
CreateDialogIndirectParamA
CharUpperBuffW
CharToOemW
CharToOemBuffA
CharToOemA
CharNextW
CharLowerBuffA
CharLowerA
ChangeMenuW
DeleteMenu

gdi32

AngleArc
CreateCompatibleDC
CreateDCW
CreateEllipticRgn
CreateEnhMetaFileA
CreateFontIndirectExW
CreateFontW
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EndPath
EngBitBlt
EngFindResource
EngMultiByteToWideChar
EngQueryLocalTime
ExtCreatePen
FillRgn
GdiAlphaBlend
GdiEntry8
GdiGetPageCount
GetDIBits
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetPixel
GetStockObject
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
GetWinMetaFileBits
LineTo
MoveToEx
PolyDraw
PolylineTo
Rectangle
RoundRect
STROBJ_bEnumPositionsOnly
SelectObject
SetBkColor
SetBkMode
SetBoundsRect
SetPixel
SetTextColor
SetViewportOrgEx
CloseFigure
StartDocW
StartFormPage
StretchBlt
StrokeAndFillPath
StrokePath
PathToRegion
GetTextCharacterExtra
GetPolyFillMode
GetDCBrushColor
CreateHalftonePalette
DeleteMetaFile
GetLayout
EndPage
FillPath
CreateMetaFileW
BeginPath
CreateCompatibleBitmap

shell32

DragFinish

ole32

CoTaskMemFree

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d96138119fd3f96edfc70085506e6d7

Code Sign

66:3f:85:0a:53:d2:a9:bb:47:39:c6:d0:31:89:30:72Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

41:4f:d9:12:e0:71:75:14:2c:3a:e1:a7:ad:f1:8e:66:07:7c:fb:c9:32:96:e6:19:02:c7:6b:32:67:5b:6e:2cSigner

Signature Validations

Verification

10-04-2019 18:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 600B

.rsrc Size: 20KB - Virtual size: 20KB

66:3f:85:0a:53:d2:a9:bb:47:39:c6:d0:31:89:30:72
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

41:4f:d9:12:e0:71:75:14:2c:3a:e1:a7:ad:f1:8e:66:07:7c:fb:c9:32:96:e6:19:02:c7:6b:32:67:5b:6e:2c
Signer

10-04-2019 18:34
Valid: false

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 600B

.rsrc
Size: 20KB - Virtual size: 20KB