a1388cb3e6ae68a6130ae12f9db4881238c97718875a3362b6bc5788e61c6663[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

a1388cb3e6ae68a6130ae12f9db4881238c97718875a3362b6bc5788e61c6663.zip
Size

181KB
MD5

e86b9fc13bdec54c63cb83b662de1b9f
SHA1

faf8fb1f11bc445b38f275561221e697b84a8394
SHA256

7f402727ef573c5129942b76944827de00f12453f537c592caf84e5430fa328e
SHA512

824b97d0322e67380b2e8d6d3d570cfe92315a3541ce4648154831fd9acec2732fa1126a985b1ca7ad6f9d7fed85e94c8c0b5feb356d4de286167a6f24bc9692
SSDEEP

3072:XzQP2YSL8Xd1nptQ2+8x1f83Yru1VwS2yFrw1kUzNDpw5gGHhAWsjWuji+VUI:jK2TSbpS2+sk3YK1Vr2dkURpHMVcWKiw

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
static1/unpack001/a1388cb3e6ae68a6130ae12f9db4881238c97718875a3362b6bc5788e61c6663.exe	cryptone

Files

a1388cb3e6ae68a6130ae12f9db4881238c97718875a3362b6bc5788e61c6663.zip
.zip

Password: infected
a1388cb3e6ae68a6130ae12f9db4881238c97718875a3362b6bc5788e61c6663.exe
.exe windows x86

Password: infected

67afc3d7f748518bc69e619e8576d6f5

Code Sign

3e:d5:91:65:aa:b6:45:b2:4e:54:e2:b1:ec:cf:66:da
Certificate

Issuer

CN=XARYIBKEPULWVOHIBL

Not Before

01-04-2020 15:08

Not After

31-12-2039 23:59

Subject

CN=XARYIBKEPULWVOHIBL

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:5c:92:90:86:14:32:26:43:26:f2:f5:45:1d:c1:f7:82:2a:a9:25
Signer

Actual PE Digest

2a:5c:92:90:86:14:32:26:43:26:f2:f5:45:1d:c1:f7:82:2a:a9:25

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=XARYIBKEPULWVOHIBL

09-04-2020 12:05
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumSystemLocalesA
IsValidLocale
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSectionAndSpinCount
CompareStringW
GetLocaleInfoW
SetEnvironmentVariableA
GetProcessHeap
InterlockedCompareExchange
GetStringTypeW
GetStringTypeA
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
HeapSize
SetStdHandle
ExitProcess
GetConsoleCP
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
HeapReAlloc
GetStartupInfoA
GetCommandLineA
PeekNamedPipe
GetFileInformationByHandle
CreateThread
ExitThread
HeapAlloc
VirtualAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetDateFormatA
GetTimeFormatA
RtlUnwind
GetSystemDirectoryW
LoadLibraryW
FindResourceExA
SearchPathA
GetModuleHandleW
GetOEMCP
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GlobalFlags
GetProfileIntA
GetFileSizeEx
GetFileAttributesExA
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetStringTypeExA
GlobalReAlloc
VirtualProtect
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
SetErrorMode
SystemTimeToFileTime
FileTimeToSystemTime
GetCurrentDirectoryA
GlobalSize
GetModuleFileNameW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
WritePrivateProfileStringA
GetPrivateProfileIntA
GetVolumeInformationA
GetSystemTimeAsFileTime
GetSystemInfo
VirtualQuery
GetFileTime
OutputDebugStringA
GetCurrentProcess
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetUserDefaultLangID
FileTimeToLocalFileTime
FileTimeToDosDateTime
FlushConsoleInputBuffer
GlobalMemoryStatus
QueryPerformanceCounter
GetStdHandle
GetFileType
ExpandEnvironmentStringsA
SetFilePointer
SetEndOfFile
GetTimeZoneInformation
GetFileSize
ReadFile
WinExec
MulDiv
FreeResource
GetCPInfo
GlobalFree
lstrcpynA
GetVersionExA
CreateProcessA
FindNextFileA
RemoveDirectoryA
GetTempPathA
WriteFile
LoadLibraryExA
FreeLibrary
InterlockedIncrement
FormatMessageA
LocalAlloc
GetVersion
lstrcmpA
GetPrivateProfileStringA
GetLocalTime
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
MoveFileExA
CopyFileA
CreateFileA
CreateDirectoryA
GetModuleHandleA
LoadLibraryA
GetProcAddress
SetLastError
GetCurrentThreadId
GetWindowsDirectoryA
lstrcmpiA
WaitForMultipleObjects
SetEvent
GetExitCodeThread
GetDriveTypeA
lstrcpyA
GetTickCount
GetCurrentProcessId
LocalFree
GetComputerNameA
lstrcatA
OpenMutexA
CreateMutexA
GetShortPathNameA
GetSystemDirectoryA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
WaitForSingleObject
ReleaseMutex
DeleteFileA
MoveFileA
GetLastError
InterlockedDecrement
lstrlenA
MultiByteToWideChar
lstrlenW
FindFirstFileA
FindClose
GetFileAttributesA
SetFileAttributesA
LoadResource
LockResource
SizeofResource
FindResourceA
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
Sleep
RaiseException
GetModuleFileNameA
WriteConsoleA
WriteProfileSectionA
IsBadWritePtr
AllocConsole
SetConsoleTitleW
VirtualFreeEx
UnlockFileEx
EnumSystemLanguageGroupsA
FindNextVolumeA
OpenProcess
OpenEventW
GetVersionExW
GetSystemTime
CreateMutexW
CreateFileW
CopyFileW

user32

GetWindowTextLengthA
SetActiveWindow
DispatchMessageA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageA
ScrollWindow
TrackPopupMenu
SetMenu
ShowScrollBar
CreateWindowExA
GetClassInfoExA
SetScrollInfo
SetWindowPlacement
GetMenu
SetWindowPos
IntersectRect
GetWindowPlacement
MapVirtualKeyA
GetKeyNameTextA
wvsprintfA
GetProcessWindowStation
GetUserObjectInformationW
GetScrollInfo
GetClassLongA
GetWindowRgn
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsZoomed
DrawFrameControl
GetCapture
SetClassLongA
MoveWindow
AdjustWindowRectEx
ShowWindow
GetWindow
GetPropA
RemovePropA
SetPropA
CallWindowProcA
IsRectEmpty
GetWindowTextA
GetClassNameA
ChildWindowFromPoint
IsWindowEnabled
GetClassInfoA
LoadStringA
CopyIcon
DrawIcon
GetMessagePos
MapWindowPoints
GetScrollPos
UnregisterClassA
RegisterClassA
DefWindowProcA
SetWindowLongA
SetCapture
ReleaseCapture
GetScrollRange
SetScrollRange
GetIconInfo
CreateIconIndirect
DrawStateA
DrawFocusRect
WindowFromPoint
GetActiveWindow
SetCursor
GetNextDlgTabItem
IsMenu
GetWindowLongA
DestroyCursor
GetWindowDC
DeleteMenu
RemoveMenu
GetAsyncKeyState
CreatePopupMenu
SetFocus
EnableScrollBar
GetMenuItemCount
InsertMenuA
AppendMenuA
GrayStringA
DrawTextExA
TabbedTextOutA
SystemParametersInfoA
GetMenuItemInfoA
DrawEdge
FrameRect
RegisterWindowMessageA
ScreenToClient
SetScrollPos
MessageBoxA
SetMenuDefaultItem
GetMenuItemID
SetWindowRgn
MessageBeep
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
LoadCursorA
GetSysColorBrush
TranslateMDISysAccel
TranslateAcceleratorA
EnableWindow
GetClientRect
GetSystemMetrics
RegisterClassExA
IsIconic
GetDC
ReleaseDC
PtInRect
CheckMenuItem
GetDlgItem
wsprintfA
EqualRect
SetRect
ClientToScreen
EnableMenuItem
GetDlgCtrlID
DrawIconEx
FillRect
GetWindowRect
OffsetRect
GetFocus
GetParent
IsChild
RedrawWindow
LoadBitmapA
GetKeyState
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
SetTimer
LoadImageA
LoadMenuA
GetSubMenu
DestroyIcon
FindWindowA
GetLastActivePopup
SetForegroundWindow
LoadIconA
GetDesktopWindow
UpdateWindow
IsWindowVisible
CallNextHookEx
SetWindowsHookExA
WinHelpA
SendDlgItemMessageA
EndDialog
CreateDialogIndirectParamA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckDlgButton
IsWindow
DrawTextA
CopyRect
SetRectEmpty
UnionRect
InflateRect
GetSysColor
InvalidateRect
GetCursorPos
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PostMessageA
IsDialogMessageA
SetWindowTextA
BeginPaint
EndPaint
GetMenuStringA
GetMenuState
ValidateRect
SendMessageA
KillTimer
UpdateLayeredWindow
DestroyMenu
ModifyMenuA
GetMessageA
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
PostQuitMessage
TranslateMessage
ShowOwnedPopups
MapDialogRect
GetDoubleClickTime
MapVirtualKeyExA
IsCharLowerA
SubtractRect
IsClipboardFormatAvailable
InvalidateRgn
EnumChildWindows
SetCursorPos
CharNextA
GetUpdateRect
CharUpperBuffA
GetNextDlgGroupItem
CreateAcceleratorTableA
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyAcceleratorTableA
GetMenuDefaultItem
CopyImage
SetParent
LockWindowUpdate
WaitMessage
PostThreadMessageA
CharUpperA
GetSystemMenu
DestroyAcceleratorTable
NotifyWinEvent
RegisterClipboardFormatA
CreateMenu
SetWindowContextHelpId
CheckRadioButton
MessageBoxExA
GetProcessDefaultLayout
TileChildWindows
OemToCharW
keybd_event
UserHandleGrantAccess
mouse_event
DdeUninitialize
CreateIconFromResourceEx
RegisterWindowMessageW
PostMessageW
FindWindowW
DrawTextW
PaintDesktop
IsCharUpperW
GetClipboardOwner
CloseWindow
CloseDesktop
CharNextW
GetClipboardSequenceNumber

gdi32

CreateRoundRectRgn
SetRectRgn
GetWindowOrgEx
GetDCOrgEx
GetClipBox
SaveDC
RestoreDC
SetPolyFillMode
SetROP2
SetMapMode
ExcludeClipRect
IntersectClipRect
SetTextAlign
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
CreatePolygonRgn
GetObjectType
CopyMetaFileA
CreateEllipticRgn
Polyline
Polygon
GetRgnBox
RoundRect
SetDIBColorTable
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
GetCharWidthA
CreateFontA
StretchDIBits
EnumFontFamiliesExA
SetPaletteEntries
PtInRegion
GetBoundsRect
GetViewportOrgEx
GetTextFaceA
SetPixelV
FillRgn
OffsetRgn
SelectClipRgn
FrameRgn
SetBkMode
MoveToEx
LineTo
ExtFloodFill
SetTextJustification
GetTextMetricsA
LPtoDP
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
CreateDCA
GetTextColor
CreateBitmap
SetBkColor
SetTextColor
GetDIBits
GetBkColor
StretchBlt
CreateHatchBrush
Rectangle
SetPixel
CreateDIBSection
DeleteDC
Ellipse
GetTextExtentPoint32W
Escape
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
CreatePen
GetBkMode
GetCurrentObject
BitBlt
CreateCompatibleDC
SelectObject
GetPixel
CreateRectRgn
CombineRgn
GetStockObject
CreateRectRgnIndirect
CreateBitmapIndirect
GetObjectA
CreateFontIndirectA
CreateSolidBrush
DeleteObject
GetDeviceCaps
GetTextExtentPoint32A
PatBlt
ExtTextOutA
ColorMatchToTarget
SetFontEnumeration
SetBrushOrgEx
GetDCBrushColor
AngleArc
GetCharABCWidthsFloatA
GetKerningPairsA
EndPage
GetGlyphOutlineWow
GdiConvertEnhMetaFile
FONTOBJ_pvTrueTypeFontFile
EnumICMProfilesW
PolyTextOutA
RemoveFontResourceExA
EudcUnloadLinkW
Chord
EngEraseSurface
SetGraphicsMode
StartPage
GdiEndPageEMF
bInitSystemAndFontsDirectoriesW
GetTextMetricsW
AnyLinkedFonts
GdiSetServerAttr
ResetDCA
GetColorSpace
GdiEntry10
GetRegionData
AbortPath
CreateEllipticRgnIndirect
GetTextExtentExPointA
GdiConvertFont
GdiGetSpoolFileHandle
SelectBrushLocal
GdiCleanCacheDC
GetCurrentPositionEx
STROBJ_bEnum
GdiStartDocEMF
DeleteEnhMetaFile
FillPath
CreateMetaFileW
AddFontResourceA
SwapBuffers
GetROP2
AddFontResourceW
GetTextCharset
EndDoc
DeleteMetaFile

comdlg32

GetFileTitleA

advapi32

CryptCreateHash
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetUserNameA
LookupAccountNameA
GetLengthSid
IsValidSid
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
RegCloseKey
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyA
RegEnumKeyA
RegSetValueA
RegDeleteValueA
RegEnumValueA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
InitializeSecurityDescriptor
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptAcquireContextA
CryptReleaseContext
RegQueryValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueW
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle

shell32

SHGetFileInfoA
Shell_NotifyIconA
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
DragFinish
ExtractIconA
ShellExecuteA
SHAppBarMessage
DragQueryFileA
SHEmptyRecycleBinW
ExtractIconExA
SHGetDiskFreeSpaceExA
ShellExecuteEx
ExtractAssociatedIconW
SHBrowseForFolderW
DragAcceptFiles
SHBindToParent
SHQueryRecycleBinW
SHGetPathFromIDList
SHGetDiskFreeSpaceA
ExtractAssociatedIconExA
FindExecutableA
ShellExecuteExW
SHBrowseForFolder
SHGetSpecialFolderPathA
SHLoadNonloadedIconOverlayIdentifiers
SHIsFileAvailableOffline
SHGetFolderPathA
SHFileOperationA
CheckEscapesW
ExtractIconEx
ShellAboutA

ole32

CoTaskMemFree
StringFromCLSID
CoCreateInstanceEx
CoFreeUnusedLibraries
CoUninitialize
ReleaseStgMedium
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
OleRun
CoInitialize
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
DoDragDrop
OleIsCurrentClipboard
IsAccelerator
OleFlushClipboard
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
CoRegisterMessageFilter
OleLockRunning
OleGetClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator

shlwapi

PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathCompactPathA
PathRemoveFileSpecW
StrRChrA
StrCmpNIA
StrRChrIA
StrStrW
StrStrA
StrCmpNW
StrChrIA
StrCmpNA
StrRChrW

comctl32

ImageList_Draw
InitCommonControlsEx
ImageList_Destroy
ImageList_GetIconSize
_TrackMouseEvent
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawEx

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 209KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

67afc3d7f748518bc69e619e8576d6f5

Code Sign

3e:d5:91:65:aa:b6:45:b2:4e:54:e2:b1:ec:cf:66:daCertificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

2a:5c:92:90:86:14:32:26:43:26:f2:f5:45:1d:c1:f7:82:2a:a9:25Signer

Signature Validations

Verification

09-04-2020 12:05 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

imm32

Sections

.text Size: 209KB - Virtual size: 210KB

.rdata Size: 512B - Virtual size: 2KB

.data Size: 43KB - Virtual size: 42KB

.rsrc Size: 1024B - Virtual size: 3KB

3e:d5:91:65:aa:b6:45:b2:4e:54:e2:b1:ec:cf:66:da
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

2a:5c:92:90:86:14:32:26:43:26:f2:f5:45:1d:c1:f7:82:2a:a9:25
Signer

09-04-2020 12:05
Valid: false

.text
Size: 209KB - Virtual size: 210KB

.rdata
Size: 512B - Virtual size: 2KB

.data
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 1024B - Virtual size: 3KB