a66fed36bcae8e3000fdea522c4b76da940a66e29af2c803fe992e3b1c045dd1

Sharing

Copy URL

Twitter E-mail

General

Target

a66fed36bcae8e3000fdea522c4b76da940a66e29af2c803fe992e3b1c045dd1
Size

864KB
MD5

fde78bb97a2c1141495d8ffcf94e658f
SHA1

b684a030c9f496d085cf290802be4dceb9eb58fe
SHA256

a66fed36bcae8e3000fdea522c4b76da940a66e29af2c803fe992e3b1c045dd1
SHA512

021278793ba862b270c0d9f37f2b039d6ac3197b046b4ac539ddb32f1a87acfa60e1c2b12cba5ba5a58653083503c9ec1425fe1295a29dc2706421e07f9881ce
SSDEEP

24576:t5nVOnakRY2trbnGSm/SE5POnqp5QPbE85yg:t5nVOnjYirbGS3EAnO5QTV

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

a66fed36bcae8e3000fdea522c4b76da940a66e29af2c803fe992e3b1c045dd1
.exe windows x86

0a4601be8e3bc9f78fa2f38021e17f1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

socket
closesocket
select
__WSAFDIsSet
bind
listen
accept
WSAStartup
ioctlsocket
WSACleanup
gethostbyname
inet_addr
htons
connect
send
recv

gdi32

SetMapMode
LPtoDP
GetDeviceCaps
DPtoLP
GetStockObject
GetMapMode

kernel32

GetStringTypeW
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
GetStringTypeA
WriteConsoleW
Sleep
CreateThread
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
CloseHandle
WriteFile
CreateFileA
GetTickCount
GetTempPathA
GetWindowsDirectoryA
WaitForSingleObject
DeleteFileA
TerminateThread
CreateEventA
GetModuleFileNameA
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
GetExitCodeProcess
GetLastError
CopyFileA
TerminateProcess
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
CompareStringA
SetEvent
MoveFileA
GetCommandLineA
CreateMutexA
GetEnvironmentVariableA
GetProcAddress
LoadLibraryA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
GetSystemTime
GetLocalTime
ResetEvent
FreeLibrary
ReadFile
ReleaseMutex
GetVersionExA
Module32First
OpenProcess
MulDiv
GetTempFileNameA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetTimeZoneInformation
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetFileAttributesA
HeapCreate
VirtualAlloc
VirtualFree
GetCurrentDirectoryA
GetFullPathNameA
InitializeCriticalSectionAndSpinCount
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
GetStartupInfoA
CreateDirectoryA
GetLocaleInfoA
GetUserDefaultLCID
GetStdHandle
IsValidCodePage
GetOEMCP
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetSystemTimeAsFileTime
RtlUnwind
GetModuleHandleW
ExitProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
HeapAlloc
HeapReAlloc
RaiseException
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetACP

user32

GetWindowDC
LoadCursorA
RegisterClassExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
PostMessageA
InvalidateRect
UpdateWindow
SetWindowTextA
GetTitleBarInfo
GetWindowRect
MoveWindow
CreateWindowExA
MessageBoxA
PostQuitMessage
SetFocus
DefWindowProcA
BeginPaint
EndPaint
CreateIconFromResourceEx
GetDesktopWindow

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

ole32

CreateStreamOnHGlobal

shell32

Shell_NotifyIconA

oleaut32

OleLoadPicture

Sections

.text
Size: 750KB - Virtual size: 749KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0a4601be8e3bc9f78fa2f38021e17f1e

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

gdi32

kernel32

user32

advapi32

ole32

shell32

oleaut32

Sections

.text Size: 750KB - Virtual size: 749KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 82KB - Virtual size: 112KB

.text
Size: 750KB - Virtual size: 749KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 82KB - Virtual size: 112KB