822794b9e0379736447f02974e557914c5ba66236c70607a9fdec83b33e6750a

Sharing

Copy URL

Twitter E-mail

General

Target

822794b9e0379736447f02974e557914c5ba66236c70607a9fdec83b33e6750a
Size

185KB
MD5

9cfe6dfcbbcd77ca32d6ec50352f8bb9
SHA1

2c0db337b84771a656c6ea73acfe0160f6c8e66e
SHA256

822794b9e0379736447f02974e557914c5ba66236c70607a9fdec83b33e6750a
SHA512

95db1f06288ac2a250d2eb5e44ba8fb16592fc108b6f0392b9e5379f4e17ea4763e625a3f9a97bdf58ecd132fb8e58a73d0224815f8b5412849a3dfb3e51cc4a
SSDEEP

3072:s8ENSRg5KrR52iOG7jWXlnYNav5KLdIIPF4j5dFI:s8KSRg5KPHOGErRKL6Gd

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

822794b9e0379736447f02974e557914c5ba66236c70607a9fdec83b33e6750a
.exe windows x86

7c9c585157998e34796c9fbbea371bb8

Code Sign

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06
Certificate

Issuer

CN=MOEITMWPTGYIMDGFLU

Not Before

15-04-2019 20:49

Not After

31-12-2039 23:59

Subject

CN=MOEITMWPTGYIMDGFLU

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d4:46:6d:10:d3:2c:79:77:75:e1:de:7c:93:d6:fa:b9:d5:cb:ec:67:d0:34:10:c0:be:81:32:61:6d:11:7c:6c
Signer

Actual PE Digest

d4:46:6d:10:d3:2c:79:77:75:e1:de:7c:93:d6:fa:b9:d5:cb:ec:67:d0:34:10:c0:be:81:32:61:6d:11:7c:6c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=MOEITMWPTGYIMDGFLU

16-04-2019 08:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
DeleteCriticalSection
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
RemoveDirectoryA
RtlUnwind
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerifyVersionInfoW
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
CreateThread
CreateProcessA
CreateMutexA
CreateFileA
CompareStringW
CompareStringA
GetVolumeInformationA
CloseHandle

user32

InvalidateRect
IsIconic
IsWindowEnabled
IsWindowVisible
KillTimer
LoadCursorA
LoadCursorW
LoadIconA
LoadStringW
LockWindowUpdate
MapWindowPoints
MessageBoxW
MoveWindow
OemToCharA
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassExA
RegisterClipboardFormatW
ReleaseCapture
ReleaseDC
RemovePropW
SendMessageTimeoutA
SendMessageW
SetClassLongW
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetPropW
SetScrollInfo
SetTimer
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowsHookExW
ShowCaret
ShowWindow
SystemParametersInfoW
TranslateMessage
UnhookWindowsHookEx
UpdateLayeredWindow
UpdateWindow
WaitForInputIdle
LoadIconW
IntersectRect
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetWindow
GetSystemMetrics
GetSysColor
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetMessageA
GetIconInfo
GetForegroundWindow
GetDlgItemTextA
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClassNameW
GetClassLongW
GetCapture
GetActiveWindow
FrameRect
FindWindowW
FindWindowExW
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EndPaint
EndDialog
DrawTextW
DrawFrameControl
DispatchMessageW
DispatchMessageA
DialogBoxParamA
DestroyIcon
DefWindowProcW
DefWindowProcA
CreateWindowExA
CharToOemA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
GetClientRect

gdi32

CreateSolidBrush

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey

shell32

DoEnvironmentSubstA
DragQueryFileA
DragQueryFileW
ExtractAssociatedIconExA
ExtractAssociatedIconW
FindExecutableA
FindExecutableW
SHAppBarMessage
SHBrowseForFolder
SHCreateDirectoryExW
SHCreateProcessAsUserW
SHEmptyRecycleBinW
SHFileOperationA
SHFileOperationW
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDiskFreeSpaceA
SHGetFileInfo
SHGetFolderLocation
SHGetInstanceExplorer
SHGetSettings
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHInvokePrinterCommandW
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHPathPrepareForWriteA
SHQueryRecycleBinA
SHQueryRecycleBinW
ShellAboutW
ShellExecuteA
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
Shell_NotifyIcon
Shell_NotifyIconA
CheckEscapesW

shlwapi

StrChrIW
StrCmpNA
StrCmpNIA
StrRStrIA
StrRStrIW
StrChrIA

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c9c585157998e34796c9fbbea371bb8

Code Sign

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

d4:46:6d:10:d3:2c:79:77:75:e1:de:7c:93:d6:fa:b9:d5:cb:ec:67:d0:34:10:c0:be:81:32:61:6d:11:7c:6cSigner

Signature Validations

Verification

16-04-2019 08:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 572B

.rsrc Size: 31KB - Virtual size: 30KB

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

d4:46:6d:10:d3:2c:79:77:75:e1:de:7c:93:d6:fa:b9:d5:cb:ec:67:d0:34:10:c0:be:81:32:61:6d:11:7c:6c
Signer

16-04-2019 08:34
Valid: false

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 572B

.rsrc
Size: 31KB - Virtual size: 30KB