25267d427653c7239c4b7c30eef866540c0aaa1872bf08c1564f68d8209c95ea

Sharing

Copy URL

Twitter E-mail

General

Target

25267d427653c7239c4b7c30eef866540c0aaa1872bf08c1564f68d8209c95ea
Size

474KB
MD5

8b09eafcabc88895f5bb03b0a33a5889
SHA1

283688f634d7d653d6fd10e3b5311d32ac12de33
SHA256

25267d427653c7239c4b7c30eef866540c0aaa1872bf08c1564f68d8209c95ea
SHA512

812b05cbd37c5370640e99e0487ebac0ac1ecc6176b2308594c909bff0852de2612a52ac0223c289dfd887ec43eebef057b60ec2de5fafa90529c35fc0af538a
SSDEEP

6144:ulz4Ie8TvPgADDnz/HXnr/vYitozLFDPMTJYhr64Fg0:24IuimzLFPMdV4Fg0

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

25267d427653c7239c4b7c30eef866540c0aaa1872bf08c1564f68d8209c95ea
.exe windows x86

074128c95324ffe32e165aa8a7c994f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
ReleaseMutex
lstrcmpW
lstrcpynW
GetLastError
OpenProcess
CreateMutexW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
GetCommandLineW
GetModuleHandleA
GetStartupInfoA
GetProcAddress
Sleep
LoadLibraryA
CloseHandle
lstrcmpiW
WaitForMultipleObjects
CreateThread
GetCurrentThreadId
OpenEventW
CreateEventW
SetEvent
lstrlenW
FindNextVolumeW
GetComputerNameExA
GlobalCompact
GetEnvironmentStringsW
GetProfileSectionA
GetSystemTime
lstrcat
ReplaceFileA
SleepEx
ContinueDebugEvent
WriteTapemark
Heap32First
CancelWaitableTimer
SearchPathA
lstrcatA
lstrlenA
SetTapePosition
lstrcpyn
WriteConsoleInputA
CreateTimerQueueTimer
GetLocaleInfoA
GetStringTypeExA
FreeLibrary
LoadLibraryW
SetLastError
WriteConsoleW
GetFileType
GetStdHandle
MultiByteToWideChar
FindFirstFileW
FindNextFileW
GetFileAttributesW
LocalAlloc
LocalFree
VerifyVersionInfoW
FormatMessageW
GetModuleHandleW
HeapFree
GetProcessHeap
OutputDebugStringW
GetLocalTime
WriteFile
SetFilePointer
ExpandEnvironmentStringsW
GetEnvironmentVariableW
HeapAlloc
CreateFileW
DeviceIoControl
WaitForSingleObject
ExitThread
GetModuleFileNameW
GetWindowsDirectoryW
ProcessIdToSessionId
WideCharToMultiByte
VirtualAlloc
VirtualFree
ExitProcess
SetErrorMode

user32

GetUserObjectSecurity
GetProcessWindowStation
MessageBoxW
LoadStringW
SetProcessWindowStation
OpenWindowStationW
CloseWindowStation
SetWindowPos
OpenInputDesktop
GetDesktopWindow
wsprintfW
EnableWindow
GetDlgItem
IsIconic
EndDialog
IsDlgButtonChecked
WinHelpW
MessageBeep
GetSystemMetrics
PostQuitMessage
ShowWindow
KillTimer
SetTimer
CheckDlgButton
DialogBoxParamW
SystemParametersInfoW
AppendMenuW
GetSystemMenu
CreateDialogParamW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
RegisterWindowMessageW
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
LoadImageW
SendMessageW
GetThreadDesktop
SetThreadDesktop
IsWindowVisible
PostMessageW
GetWindowRect
EnumPropsW
SendIMEMessageExA
SendInput
IsZoomed
SetDlgItemTextA
ShowScrollBar
LockWorkStation
LoadStringA
PaintDesktop
GetShellWindow
LoadCursorFromFileW
SetPropA
OffsetRect
CallWindowProcW
ExitWindowsEx
BeginPaint
GetClientRect
DrawTextA
EndPaint
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
UpdateWindow
GetDC
LoadCursorW

gdi32

GetFontData
GetPath
SetICMProfileA
EngMultiByteToWideChar
EngStrokeAndFillPath
GetTextCharset
LineDDA
PolyPatBlt
PolyTextOutA
GdiEntry3
SetDCPenColor
GdiReleaseLocalDC
EngUnicodeToMultiByteN
GetTextFaceA
StartPage
TextOutW
GdiTransparentBlt
AngleArc
GdiAlphaBlend
GetRelAbs
GdiConvertPalette
EngAlphaBlend
GetTextExtentExPointA
GetObjectType
SetMagicColors
GetTextExtentExPointWPri
EngLineTo
GdiIsPlayMetafileDC
GetStockObject
GetColorSpace

advapi32

RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
GetSecurityDescriptorDacl
GetAclInformation
GetAce
IsWellKnownSid
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
DuplicateTokenEx
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW
GetUserNameA
GetUserNameW
RegOpenKeyA

shell32

ShellExecuteW
SHQueryRecycleBinW
ExtractAssociatedIconExA
SHCreateProcessAsUserW
SHGetFileInfoA
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
ShellExecuteExA

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree

shlwapi

StrStrW

winmm

PlaySoundA

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

074128c95324ffe32e165aa8a7c994f9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

winmm

imm32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 375KB - Virtual size: 375KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 87KB - Virtual size: 86KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 375KB - Virtual size: 375KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 87KB - Virtual size: 86KB