f4c6470686b385378a04ad01937a125af6f1bbf62e09bc143be937b835306057

Sharing

Copy URL Twitter E-mail

General

Target

f4c6470686b385378a04ad01937a125af6f1bbf62e09bc143be937b835306057
Size

1.1MB
MD5

c0524801008ee715be12b40905775327
SHA1

8be4831719184559e3051e5f0b38707ca6141302
SHA256

f4c6470686b385378a04ad01937a125af6f1bbf62e09bc143be937b835306057
SHA512

2eec77b5b54203077b126e4dc1ef8457f15f047bb4e4ab6752113779dfd505e6c43cd7f6157d4b1674e8b67b4f4466cd287781414683d47005a758c8a96dee38
SSDEEP

12288:rhvgrb1rbX82UML/axdZP/rmhLeh3Kb2GH71NQTLBR32Yrm25Q7aDaNb:L2UM7YGedKaGHJNQTVR32Ya2KOeb

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

f4c6470686b385378a04ad01937a125af6f1bbf62e09bc143be937b835306057
.exe windows x86

73e784df7976627d6e00127c7aa547b7

Code Sign

38:b8:c7:5f:ad:f0:2b:ac:4f:a8:1a:70:f7:f5:01:6c
Certificate

Issuer

CN=QIJNAOFJMEMPPPJXNK

Not Before

13/06/2020, 08:42

Not After

31/12/2039, 23:59

Subject

CN=QIJNAOFJMEMPPPJXNK

Extended Key Usages

ExtKeyUsageCodeSigning

0e:56:60:de:e2:62:5b:0e:b5:df:ab:40:2f:fb:df:b1:9e:19:be:57
Signer

Actual PE Digest

0e:56:60:de:e2:62:5b:0e:b5:df:ab:40:2f:fb:df:b1:9e:19:be:57

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetModuleHandleW
GetLastError
Sleep
_lread
GetUserDefaultUILanguage
GetLocaleInfoW
_llseek
GlobalReAlloc
_lclose
SetThreadExecutionState
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
CreateFileW
WideCharToMultiByte
GlobalFree
FreeLibrary
LoadLibraryW
CreateMutexW
ReleaseMutex
CloseHandle
LocalAlloc
LocalFree
GetCommandLineW
GetModuleHandleA
GetStartupInfoA
GetCurrentThreadId
ReadFile
GetExitCodeThread
GetLogicalDrives
DeleteCriticalSection
GetDriveTypeW
GetTickCount
SetErrorMode
ExitProcess
GetVersionExW
GetUserDefaultLCID
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTempPathW
GetTempFileNameW
WriteFile
CreateThread
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
DeleteFileW
WaitForSingleObject
InitializeCriticalSection
GetFileAttributesW
GetSystemDirectoryW
ProcessIdToSessionId
GetCurrentProcessId
ExitThread
GetModuleFileNameW
lstrcmpW
ExpandEnvironmentStringsW
lstrlenW
MultiByteToWideChar
GetShortPathNameW
lstrcpyW
GetVolumeNameForVolumeMountPointW
lstrcmpiW
GetLogicalDriveStringsW
lstrcatW
SearchPathW

user32

GetWindowContextHelpId
IsCharAlphaW
GetParent
WindowFromDC
GetTopWindow
IsWindowVisible
GetQueueStatus
IsCharLowerA
IsCharLowerW
IsCharAlphaNumericA
GetWindowDC
GetWindowTextLengthW
ShowCaret
VkKeyScanA
VkKeyScanW
GetSystemMetrics
LoadCursorFromFileW
IsIconic
OpenIcon
GetMenuItemCount
IsCharUpperW
IsCharAlphaNumericW
PaintDesktop
IsWindowEnabled
IsClipboardFormatAvailable
GetWindowTextLengthA
IsCharUpperA
GetThreadDesktop
IsWindowUnicode
IsWindow
IsGUIThread
GetSysColor
LoadCursorFromFileA
GetSysColorBrush
IsMenu
OemKeyScan
IsCharAlphaA
LoadIconA
GetCursor
CharNextW
GetKeyState
GetCaretBlinkTime
CloseWindow
EndMenu
GetShellWindow
GetForegroundWindow

gdi32

GetStockObject
RealizePalette
GetColorSpace
GetSystemPaletteUse
CreateMetaFileW
AbortDoc
GetPolyFillMode
GetTextAlign
DeleteColorSpace
GetROP2
CloseEnhMetaFile
GdiFlush
UpdateColors

advapi32

RegOpenKeyA
RegQueryValueExA
GetUserNameA

Sections

.text
Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 554B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a2
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a3
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a33
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a334
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a3342
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73e784df7976627d6e00127c7aa547b7

Code Sign

38:b8:c7:5f:ad:f0:2b:ac:4f:a8:1a:70:f7:f5:01:6cCertificate

Extended Key Usages

0e:56:60:de:e2:62:5b:0e:b5:df:ab:40:2f:fb:df:b1:9e:19:be:57Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 916KB - Virtual size: 916KB

.rdata Size: 1024B - Virtual size: 554B

.data Size: 5KB - Virtual size: 5KB

a2 Size: 512B - Virtual size: 10B

a3 Size: 1024B - Virtual size: 1010B

a33 Size: 512B - Virtual size: 10B

a334 Size: 512B - Virtual size: 10B

a3342 Size: 122KB - Virtual size: 122KB

.rsrc Size: 103KB - Virtual size: 103KB

38:b8:c7:5f:ad:f0:2b:ac:4f:a8:1a:70:f7:f5:01:6c
Certificate

0e:56:60:de:e2:62:5b:0e:b5:df:ab:40:2f:fb:df:b1:9e:19:be:57
Signer

.text
Size: 916KB - Virtual size: 916KB

.rdata
Size: 1024B - Virtual size: 554B

.data
Size: 5KB - Virtual size: 5KB

a2
Size: 512B - Virtual size: 10B

a3
Size: 1024B - Virtual size: 1010B

a33
Size: 512B - Virtual size: 10B

a334
Size: 512B - Virtual size: 10B

a3342
Size: 122KB - Virtual size: 122KB

.rsrc
Size: 103KB - Virtual size: 103KB