c4863ea662603e636257803d93dc20518375363c8aea0298f3f174f7c1738944

Sharing

Copy URL

Twitter E-mail

General

Target

c4863ea662603e636257803d93dc20518375363c8aea0298f3f174f7c1738944
Size

144KB
MD5

dec76f7277a6e33411bbfd7c1fdb045b
SHA1

6868b92bbd33140bc60811fc3ccb3dec99eea111
SHA256

c4863ea662603e636257803d93dc20518375363c8aea0298f3f174f7c1738944
SHA512

af161eb49159e829a7f17ab6a10162a88c60b830d3bba1914409a7e902245bcc3955fec0777a26b0fc35fac73410239b6bde8161bf4c6f49f58787d29213702f
SSDEEP

1536:zccDTGzg/RnqyACg2uHtdDaxlrxdp9ABRhi6/rDRoKCt5t1Y+ugCiL:dDKzgpACg/7axlrxdQBfi6/rot5t4kL

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

c4863ea662603e636257803d93dc20518375363c8aea0298f3f174f7c1738944
.exe windows x86

408b8ffe7711f6618a8ecb950cefed54

Code Sign

10:18:15:eb:2f:8e:bb:a6:4b:31:01:01:7a:02:fb:32
Certificate

Issuer

CN=CJVSQSXA

Not Before

08-04-2019 18:00

Not After

31-12-2039 23:59

Subject

CN=CJVSQSXA

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:c5:da:e2:cb:88:ef:2a:d0:2f:22:41:3d:4f:81:24:3d:2f:25:e0:4c:5a:ec:96:5d:6f:95:05:8a:a1:87:d5
Signer

Actual PE Digest

04:c5:da:e2:cb:88:ef:2a:d0:2f:22:41:3d:4f:81:24:3d:2f:25:e0:4c:5a:ec:96:5d:6f:95:05:8a:a1:87:d5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=CJVSQSXA

09-04-2019 00:31
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
VirtualAllocEx
lstrlenA
lstrcpyn
lstrcmpiW
WriteFile
WriteConsoleW
WriteConsoleA
AddConsoleAliasW
WideCharToMultiByte
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
TerminateProcess
SleepEx
Sleep
SetUnhandledExceptionFilter
SetStdHandle
SetLastError
SetHandleCount
SetFilePointer
SetConsoleDisplayMode
SetConsoleActiveScreenBuffer
RtlUnwind
RaiseException
QueryPerformanceCounter
Process32FirstW
MultiByteToWideChar
MapUserPhysicalPagesScatter
LocalFree
LocalAlloc
LoadLibraryA
LeaveCriticalSection
LCMapStringW
LCMapStringA
IsValidCodePage
IsDebuggerPresent
IsBadCodePtr
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
HeapSize
HeapSetInformation
HeapReAlloc
HeapFree
HeapCreate
HeapAlloc
GetVersionExA
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeW
GetStringTypeA
GetStdHandle
GetStartupInfoW
GetStartupInfoA
GetProcessHeap
GetProcAddress
GetOEMCP
GetNumberFormatW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetFileType
GetFileAttributesA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetConsoleOutputCP
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCP
GetCommandLineW
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageA
FlushFileBuffers
FindResourceExA
FatalExit
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
ExitProcess
EraseTape
EnumResourceTypesA
EnterCriticalSection
EndUpdateResourceW
DeleteCriticalSection
CreateThread
CreateMailslotA
CreateFileA
CreateEventW
CloseHandle
HeapDestroy

user32

IsMenu
GetFocus
GetParent
GetOpenClipboardWindow
GetMenuCheckMarkDimensions
IsWindowEnabled
CountClipboardFormats
CreatePopupMenu
CopyIcon
VkKeyScanW
DestroyMenu
GetQueueStatus
IsWindowVisible
IsWindowUnicode
IsWindow
GetCaretBlinkTime
LoadIconW
wsprintfW
wsprintfA
PostThreadMessageW
LoadStringW
GetMessageW
DispatchMessageW
CharToOemBuffA
CharNextW
IsCharAlphaW

gdi32

CreateMetaFileW
SetPaletteEntries
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc
SetPixelV
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject
EndPath
PathToRegion
GetTextCharacterExtra
GetPolyFillMode
GetDCBrushColor
DeleteMetaFile
GetLayout
FillPath
SetPixel

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

408b8ffe7711f6618a8ecb950cefed54

Code Sign

10:18:15:eb:2f:8e:bb:a6:4b:31:01:01:7a:02:fb:32Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

04:c5:da:e2:cb:88:ef:2a:d0:2f:22:41:3d:4f:81:24:3d:2f:25:e0:4c:5a:ec:96:5d:6f:95:05:8a:a1:87:d5Signer

Signature Validations

Verification

09-04-2019 00:31 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

imm32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 58KB - Virtual size: 57KB

10:18:15:eb:2f:8e:bb:a6:4b:31:01:01:7a:02:fb:32
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

04:c5:da:e2:cb:88:ef:2a:d0:2f:22:41:3d:4f:81:24:3d:2f:25:e0:4c:5a:ec:96:5d:6f:95:05:8a:a1:87:d5
Signer

09-04-2019 00:31
Valid: false

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 58KB - Virtual size: 57KB