6d9d47e4fc09dd5d10386269ba64f08cca99914ee1ea8ec4953ba906e4e6ece1

Sharing

Copy URL

Twitter E-mail

General

Target

6d9d47e4fc09dd5d10386269ba64f08cca99914ee1ea8ec4953ba906e4e6ece1
Size

185KB
MD5

49c5427fd6daed51266b1195073a85e8
SHA1

a8d9c92f7a8bcf2c8d3e420691b38dff2181b3fc
SHA256

6d9d47e4fc09dd5d10386269ba64f08cca99914ee1ea8ec4953ba906e4e6ece1
SHA512

e36e649f24bd36d99ef768dc330a760f80334194bc47c28b0fff3d21a621613e3e3e7399881c5a55137dcc5d8c5dc257909939d453a5760c26ece4d5fe6b0665
SSDEEP

3072:L8ENSRg5KrR52iOG7jWXlnYNav5K8dIIPF4j5dF1:L8KSRg5KPHOGErRK86Gw

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

6d9d47e4fc09dd5d10386269ba64f08cca99914ee1ea8ec4953ba906e4e6ece1
.exe windows x86

7c9c585157998e34796c9fbbea371bb8

Code Sign

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06
Certificate

Issuer

CN=MOEITMWPTGYIMDGFLU

Not Before

15-04-2019 20:49

Not After

31-12-2039 23:59

Subject

CN=MOEITMWPTGYIMDGFLU

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:67:b6:40:ec:38:98:eb:26:64:35:f9:98:7d:46:9d:c8:ca:9f:2c:ce:26:69:f6:7c:6f:61:31:1b:9a:23:7f
Signer

Actual PE Digest

2a:67:b6:40:ec:38:98:eb:26:64:35:f9:98:7d:46:9d:c8:ca:9f:2c:ce:26:69:f6:7c:6f:61:31:1b:9a:23:7f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=MOEITMWPTGYIMDGFLU

16-04-2019 08:24
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
DeleteCriticalSection
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
RemoveDirectoryA
RtlUnwind
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerifyVersionInfoW
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
CreateThread
CreateProcessA
CreateMutexA
CreateFileA
CompareStringW
CompareStringA
GetVolumeInformationA
CloseHandle

user32

InvalidateRect
IsIconic
IsWindowEnabled
IsWindowVisible
KillTimer
LoadCursorA
LoadCursorW
LoadIconA
LoadStringW
LockWindowUpdate
MapWindowPoints
MessageBoxW
MoveWindow
OemToCharA
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassExA
RegisterClipboardFormatW
ReleaseCapture
ReleaseDC
RemovePropW
SendMessageTimeoutA
SendMessageW
SetClassLongW
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetPropW
SetScrollInfo
SetTimer
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowsHookExW
ShowCaret
ShowWindow
SystemParametersInfoW
TranslateMessage
UnhookWindowsHookEx
UpdateLayeredWindow
UpdateWindow
WaitForInputIdle
LoadIconW
IntersectRect
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetWindow
GetSystemMetrics
GetSysColor
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetMessageA
GetIconInfo
GetForegroundWindow
GetDlgItemTextA
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClassNameW
GetClassLongW
GetCapture
GetActiveWindow
FrameRect
FindWindowW
FindWindowExW
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EndPaint
EndDialog
DrawTextW
DrawFrameControl
DispatchMessageW
DispatchMessageA
DialogBoxParamA
DestroyIcon
DefWindowProcW
DefWindowProcA
CreateWindowExA
CharToOemA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
GetClientRect

gdi32

CreateSolidBrush

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey

shell32

DoEnvironmentSubstA
DragQueryFileA
DragQueryFileW
ExtractAssociatedIconExA
ExtractAssociatedIconW
FindExecutableA
FindExecutableW
SHAppBarMessage
SHBrowseForFolder
SHCreateDirectoryExW
SHCreateProcessAsUserW
SHEmptyRecycleBinW
SHFileOperationA
SHFileOperationW
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDiskFreeSpaceA
SHGetFileInfo
SHGetFolderLocation
SHGetInstanceExplorer
SHGetSettings
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHInvokePrinterCommandW
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHPathPrepareForWriteA
SHQueryRecycleBinA
SHQueryRecycleBinW
ShellAboutW
ShellExecuteA
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
Shell_NotifyIcon
Shell_NotifyIconA
CheckEscapesW

shlwapi

StrChrIW
StrCmpNA
StrCmpNIA
StrRStrIA
StrRStrIW
StrChrIA

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c9c585157998e34796c9fbbea371bb8

Code Sign

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

2a:67:b6:40:ec:38:98:eb:26:64:35:f9:98:7d:46:9d:c8:ca:9f:2c:ce:26:69:f6:7c:6f:61:31:1b:9a:23:7fSigner

Signature Validations

Verification

16-04-2019 08:24 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 572B

.rsrc Size: 31KB - Virtual size: 30KB

09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

2a:67:b6:40:ec:38:98:eb:26:64:35:f9:98:7d:46:9d:c8:ca:9f:2c:ce:26:69:f6:7c:6f:61:31:1b:9a:23:7f
Signer

16-04-2019 08:24
Valid: false

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 572B

.rsrc
Size: 31KB - Virtual size: 30KB