22ce2da43d7ea9b5dfdb88e5baeff56353b1c75f96ea9e0b2a60aa3fd481aff9

Sharing

Copy URL

Twitter E-mail

General

Target

22ce2da43d7ea9b5dfdb88e5baeff56353b1c75f96ea9e0b2a60aa3fd481aff9
Size

474KB
MD5

fb2591d54ddb3bb5dc0007ae711f6035
SHA1

e9c7427e7b56890797227d1253e852291d0dd634
SHA256

22ce2da43d7ea9b5dfdb88e5baeff56353b1c75f96ea9e0b2a60aa3fd481aff9
SHA512

07076d047d7c5aa579c9f73c3e356cd57ea6056962d98d4d547da77456043991dfd579d89785c8b3b23702e9bc4cba43f8e653486f8f477021f49cf6f0c74c26
SSDEEP

6144:+lz4Ie8TvPgADDnz/HXnr/vYitozLFDPMTJYhr64Fg0:m4IuimzLFPMdV4Fg0

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

22ce2da43d7ea9b5dfdb88e5baeff56353b1c75f96ea9e0b2a60aa3fd481aff9
.exe windows x86

074128c95324ffe32e165aa8a7c994f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
ReleaseMutex
lstrcmpW
lstrcpynW
GetLastError
OpenProcess
CreateMutexW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
GetCommandLineW
GetModuleHandleA
GetStartupInfoA
GetProcAddress
Sleep
LoadLibraryA
CloseHandle
lstrcmpiW
WaitForMultipleObjects
CreateThread
GetCurrentThreadId
OpenEventW
CreateEventW
SetEvent
lstrlenW
FindNextVolumeW
GetComputerNameExA
GlobalCompact
GetEnvironmentStringsW
GetProfileSectionA
GetSystemTime
lstrcat
ReplaceFileA
SleepEx
ContinueDebugEvent
WriteTapemark
Heap32First
CancelWaitableTimer
SearchPathA
lstrcatA
lstrlenA
SetTapePosition
lstrcpyn
WriteConsoleInputA
CreateTimerQueueTimer
GetLocaleInfoA
GetStringTypeExA
FreeLibrary
LoadLibraryW
SetLastError
WriteConsoleW
GetFileType
GetStdHandle
MultiByteToWideChar
FindFirstFileW
FindNextFileW
GetFileAttributesW
LocalAlloc
LocalFree
VerifyVersionInfoW
FormatMessageW
GetModuleHandleW
HeapFree
GetProcessHeap
OutputDebugStringW
GetLocalTime
WriteFile
SetFilePointer
ExpandEnvironmentStringsW
GetEnvironmentVariableW
HeapAlloc
CreateFileW
DeviceIoControl
WaitForSingleObject
ExitThread
GetModuleFileNameW
GetWindowsDirectoryW
ProcessIdToSessionId
WideCharToMultiByte
VirtualAlloc
VirtualFree
ExitProcess
SetErrorMode

user32

GetUserObjectSecurity
GetProcessWindowStation
MessageBoxW
LoadStringW
SetProcessWindowStation
OpenWindowStationW
CloseWindowStation
SetWindowPos
OpenInputDesktop
GetDesktopWindow
wsprintfW
EnableWindow
GetDlgItem
IsIconic
EndDialog
IsDlgButtonChecked
WinHelpW
MessageBeep
GetSystemMetrics
PostQuitMessage
ShowWindow
KillTimer
SetTimer
CheckDlgButton
DialogBoxParamW
SystemParametersInfoW
AppendMenuW
GetSystemMenu
CreateDialogParamW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
RegisterWindowMessageW
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
LoadImageW
SendMessageW
GetThreadDesktop
SetThreadDesktop
IsWindowVisible
PostMessageW
GetWindowRect
EnumPropsW
SendIMEMessageExA
SendInput
IsZoomed
SetDlgItemTextA
ShowScrollBar
LockWorkStation
LoadStringA
PaintDesktop
GetShellWindow
LoadCursorFromFileW
SetPropA
OffsetRect
CallWindowProcW
ExitWindowsEx
BeginPaint
GetClientRect
DrawTextA
EndPaint
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
UpdateWindow
GetDC
LoadCursorW

gdi32

GetFontData
GetPath
SetICMProfileA
EngMultiByteToWideChar
EngStrokeAndFillPath
GetTextCharset
LineDDA
PolyPatBlt
PolyTextOutA
GdiEntry3
SetDCPenColor
GdiReleaseLocalDC
EngUnicodeToMultiByteN
GetTextFaceA
StartPage
TextOutW
GdiTransparentBlt
AngleArc
GdiAlphaBlend
GetRelAbs
GdiConvertPalette
EngAlphaBlend
GetTextExtentExPointA
GetObjectType
SetMagicColors
GetTextExtentExPointWPri
EngLineTo
GdiIsPlayMetafileDC
GetStockObject
GetColorSpace

advapi32

RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
GetSecurityDescriptorDacl
GetAclInformation
GetAce
IsWellKnownSid
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
DuplicateTokenEx
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW
GetUserNameA
GetUserNameW
RegOpenKeyA

shell32

ShellExecuteW
SHQueryRecycleBinW
ExtractAssociatedIconExA
SHCreateProcessAsUserW
SHGetFileInfoA
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
ShellExecuteExA

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree

shlwapi

StrStrW

winmm

PlaySoundA

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

074128c95324ffe32e165aa8a7c994f9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

winmm

imm32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 375KB - Virtual size: 375KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 87KB - Virtual size: 86KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 375KB - Virtual size: 375KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 87KB - Virtual size: 86KB