c31b712ff3c1306d59b1a2d1d7deb622d940b3476a144436915973f14e4dc97f

Sharing

Copy URL

Twitter E-mail

General

Target

c31b712ff3c1306d59b1a2d1d7deb622d940b3476a144436915973f14e4dc97f
Size

352KB
MD5

f3ec6b1de5f902de677abc433db676af
SHA1

51245273152265ad1b78247c46d0b8ea4e154d09
SHA256

c31b712ff3c1306d59b1a2d1d7deb622d940b3476a144436915973f14e4dc97f
SHA512

9f013e46993b02e09ba0c26a19fc5db9185d154218d6f8d1c04afaa1ce7ceec7b63aeb88f5921a60c460002fd60eb9bb52fd052e4da66e0a2992d6848c16f96b
SSDEEP

6144:RBf46wO7HK3Uwo5VUg+4sEjoKnun1Knun1Knun1Knun1Knun1Knun1Knun1Knunc:Tf9oWVp2WOWOWOWOWOWOWOWOWDGFoPxb

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

c31b712ff3c1306d59b1a2d1d7deb622d940b3476a144436915973f14e4dc97f
.exe windows x86

6154995aa850c4af662db81d4bc9f2ae

Code Sign

05:38:cb:3c:46:c0:f4:80:49:91:ae:41:50:f2:e7:2e
Certificate

Issuer

CN=SSSRYVRZ

Not Before

19-03-2019 20:29

Not After

31-12-2039 23:59

Subject

CN=SSSRYVRZ

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

16:ac:2d:18:72:f3:1f:05:4c:69:9f:1c:d0:36:a0:89:86:b2:76:b8:10:57:15:63:22:1e:f9:02:db:e5:72:22
Signer

Actual PE Digest

16:ac:2d:18:72:f3:1f:05:4c:69:9f:1c:d0:36:a0:89:86:b2:76:b8:10:57:15:63:22:1e:f9:02:db:e5:72:22

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SSSRYVRZ

20-03-2019 09:30
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCommConfig
SetConsoleOutputCP
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetThreadAffinityMask
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepEx
SuspendThread
SwitchToThread
SystemTimeToTzSpecificLocalTime
TerminateJobObject
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
SearchPathW
UnmapViewOfFile
UpdateResourceW
VerLanguageNameW
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringA
WritePrivateProfileStringW
WriteProcessMemory
_lopen
lstrcatW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW
RtlUnwind
ResumeThread
ResetEvent
RemoveDirectoryW
ReadProcessMemory
ReadFile
ReadConsoleOutputCharacterW
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
OutputDebugStringW
OutputDebugStringA
OpenProcess
OpenMutexW
MultiByteToWideChar
MulDiv
MoveFileW
MoveFileExW
MapViewOfFile
LockResource
LocalReAlloc
LocalFree
LocalAlloc
LoadResource
LoadLibraryW
LoadLibraryExW
LoadLibraryA
LeaveCriticalSection
LCMapStringW
LCMapStringA
IsValidLocale
IsValidCodePage
IsDebuggerPresent
IsBadWritePtr
IsBadReadPtr
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalMemoryStatus
GlobalLock
GlobalHandle
GlobalGetAtomNameA
GlobalFree
GlobalFlags
GlobalFindAtomW
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GlobalAddAtomA
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExW
GetVersionExA
GetVersion
GetUserDefaultUILanguage
GetUserDefaultLangID
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemPowerStatus
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultUILanguage
GetStringTypeW
GetStringTypeExW
GetStringTypeExA
GetStringTypeA
GetStdHandle
GetStartupInfoW
GetStartupInfoA
GetShortPathNameW
GetProfileStringW
GetProcessHeap
GetProcessAffinityMask
GetProcAddress
GetPrivateProfileStringW
GetOEMCP
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLongPathNameW
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameW
GetFileType
GetFileSize
GetFileAttributesW
GetModuleHandleW
GetFileAttributesExW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableW
GetEnvironmentStringsW
GetEnvironmentStrings
GetDriveTypeW
GetDiskFreeSpaceW
GetDiskFreeSpaceExA
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetCurrentDirectoryA
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetConsoleAliasesW
GetConsoleAliasesLengthW
GetConsoleAliasExesLengthW
GetComputerNameW
GetCommandLineW
GetCommandLineA
GetCPInfoExW
GetCPInfo
GetAtomNameA
GetACP
FreeResource
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageW
FormatMessageA
FlushViewOfFile
FlushInstructionCache
FlushFileBuffers
FindResourceW
FindResourceExW
FindResourceExA
FindResourceA
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnumSystemLocalesW
EnumResourceTypesW
EnumResourceTypesA
EnumResourceNamesW
EnumResourceNamesA
EnumResourceLanguagesW
EnumResourceLanguagesA
EnumDateFormatsW
EnumCalendarInfoW
EnterCriticalSection
EndUpdateResourceW
DuplicateHandle
DeviceIoControl
DeleteTimerQueueTimer
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateTimerQueue
CreateThread
CreateProcessW
CreateProcessA
CreatePipe
CreateMutexW
CreateFileW
CreateFileMappingW
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileExA
ConvertDefaultLocale
CompareStringW
CompareStringA
CompareFileTime
CloseHandle
BeginUpdateResourceW
VirtualAlloc
UnhandledExceptionFilter

user32

RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RegisterClassExW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MonitorFromWindow
MonitorFromPoint
MessageBoxW
MessageBoxIndirectW
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDlgButtonChecked
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
IsCharAlphaW
IsCharAlphaNumericW
InvalidateRect
IntersectRect
InsertMenuW
InsertMenuItemW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindow
GetUpdateRect
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
ScreenToClient
GetMonitorInfoW
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItemTextW
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowW
FindWindowExW
FillRect
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumDisplayMonitors
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDialog
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextW
ScrollWindow
SendDlgItemMessageW
SendMessageA
SendMessageTimeoutW
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetKeyboardState
SetMenu
SetMenuDefaultItem
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
wvsprintfW
wsprintfW
wsprintfA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
TabbedTextOutW
SystemParametersInfoW
ShowWindow
GetTopWindow
ActivateKeyboardLayout
AdjustWindowRectEx
AppendMenuW
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextA
CharNextW
CharPrevW
CharUpperBuffW
CharUpperW
CheckDlgButton
CheckMenuItem
ShowScrollBar
GetParent
ShowOwnedPopups
DrawTextExW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DialogBoxParamW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreateWindowExW
CreatePopupMenu
CreateMenu
CreateIconIndirect
CreateIcon
CreateDialogParamW
CountClipboardFormats
CopyImage
CloseClipboard
ClientToScreen
ChildWindowFromPoint
GetWindowDC

gdi32

GdiGetDevmodeForPage
GdiGetPageHandle
GdiSetBatchLimit
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentObject
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetEnhMetaFilePixelFormat
GetFontData
GetMetaRgn
GetNearestPaletteIndex
GetObjectType
GetObjectW
GetOutlineTextMetricsA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointW
GetTextFaceA
GetTextFaceAliasW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
OffsetRgn
PatBlt
Pie
GdiGetCodePage
PlayEnhMetaFileRecord
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetDIBitsToDevice
SetEnhMetaFileBits
SetMapMode
SetPaletteEntries
SetPixel
SetPixelV
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocA
StartDocW
StartPage
StretchBlt
StretchDIBits
TextOutA
UnrealizeObject
XFORMOBJ_iGetXform
GdiGetBatchLimit
GdiFixUpHandle
GdiFlush
GdiEntry16
GdiEntry10
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EudcLoadLinkW
EnumFontsW
EnumFontsA
EnumFontFamiliesExW
EngGradientFill
EngAcquireSemaphore
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
DPtoLP
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePolyPolygonRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontW
CreateFontIndirectW
CreateFontA
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CopyEnhMetaFileA
CombineRgn
Chord
CLIPOBJ_ppoGetPath
BitBlt
ArcTo
Arc
AngleArc
PlayEnhMetaFile
AddFontResourceExA

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegFlushKey
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegOpenKeyA

shell32

SHEmptyRecycleBinA
Shell_NotifyIconW
CommandLineToArgvW
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileW
ExtractAssociatedIconExA
ExtractIconEx
ord18
ord25
ord24
ord16
ord153
ord680
SHBindToParent
SHBrowseForFolderA
SHBrowseForFolderW
SHChangeNotify
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateProcessAsUserW
WOWShellExecute
SHFileOperationW
SHFormatDrive
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
SHGetFolderPathA
SHGetIconOverlayIndexW
SHGetMalloc
SHGetPathFromIDList
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHInvokePrinterCommandW
SHLoadNonloadedIconOverlayIdentifiers
SHQueryRecycleBinA
ShellAboutW
ShellExecuteA
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
Shell_NotifyIcon

ole32

StringFromCLSID
RevokeDragDrop
ReleaseStgMedium
RegisterDragDrop
OleUninitialize
OleInitialize
IsEqualGUID
DoDragDrop
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoInitialize
CoCreateInstance
CLSIDFromString

shlwapi

StrCmpNIW
StrStrIW

comctl32

ImageList_GetBkColor
ImageList_EndDrag
ImageList_DrawEx
ImageList_Draw
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_GetDragImage
ImageList_Copy
ImageList_BeginDrag
ImageList_AddMasked
ImageList_Add
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
ord17
InitializeFlatSB
ImageList_Create
_TrackMouseEvent

imm32

ImmAssociateContext
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetContext
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionWindow

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6154995aa850c4af662db81d4bc9f2ae

Code Sign

05:38:cb:3c:46:c0:f4:80:49:91:ae:41:50:f2:e7:2eCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

16:ac:2d:18:72:f3:1f:05:4c:69:9f:1c:d0:36:a0:89:86:b2:76:b8:10:57:15:63:22:1e:f9:02:db:e5:72:22Signer

Signature Validations

Verification

20-03-2019 09:30 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

imm32

Sections

.text Size: 292KB - Virtual size: 292KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 308B

.rsrc Size: 35KB - Virtual size: 35KB

05:38:cb:3c:46:c0:f4:80:49:91:ae:41:50:f2:e7:2e
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

16:ac:2d:18:72:f3:1f:05:4c:69:9f:1c:d0:36:a0:89:86:b2:76:b8:10:57:15:63:22:1e:f9:02:db:e5:72:22
Signer

20-03-2019 09:30
Valid: false

.text
Size: 292KB - Virtual size: 292KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 308B

.rsrc
Size: 35KB - Virtual size: 35KB