b779aa18df748324fc592ee7697f6c50c3716a4deccba2dc013b1ffe624eab60

Sharing

Copy URL Twitter E-mail

General

Target

b779aa18df748324fc592ee7697f6c50c3716a4deccba2dc013b1ffe624eab60
Size

1.2MB
MD5

2338e217e933e8b7ee89025b671257cd
SHA1

1b51b101dd10dbd417e8eecd4fe82d349a7efe1f
SHA256

b779aa18df748324fc592ee7697f6c50c3716a4deccba2dc013b1ffe624eab60
SHA512

0ab37a83490e9fd6e936f026e810dc7e7541491e3db76012c93b18d83ca2ceb16f53920720780a372b48c9c2bf13e56440acd66888103579ef43b394584b2883
SSDEEP

12288:iPohBmy7lE4Gm54sGbkNByfNUueazseXb1fqbHZ9F:37plE4354bb8ByfUoLbJqTB

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

b779aa18df748324fc592ee7697f6c50c3716a4deccba2dc013b1ffe624eab60
.exe windows x86

31f92c4664becceb72a15aa4f677e3c4

Code Sign

3b:b4:7f:ca:21:4b:75:bc:43:e0:ae:39:77:d9:72:ad
Certificate

Issuer

CN=UEWZFGIQYUOCAEMVLY

Not Before

09/06/2020, 07:39

Not After

31/12/2039, 23:59

Subject

CN=UEWZFGIQYUOCAEMVLY

Extended Key Usages

ExtKeyUsageCodeSigning

47:d3:f9:0a:6b:ad:e8:78:72:05:43:e7:9a:7f:eb:2d:0e:9f:b1:d8
Signer

Actual PE Digest

47:d3:f9:0a:6b:ad:e8:78:72:05:43:e7:9a:7f:eb:2d:0e:9f:b1:d8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
LoadLibraryA
GetProcAddress
GetLastError
Sleep
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
HeapReAlloc
HeapSize
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
RaiseException
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
GetStdHandle
GetModuleHandleA
ExitProcess
GetCommandLineA
GetStartupInfoA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
CreateFileW
QueryPerformanceCounter
MulDiv
lstrlenW
GetVersionExA
WriteFile
GetFileSize
GlobalAlloc
ReadFile
lstrcpyW
CloseHandle
GlobalFree
lstrcatW
Process32First
GlobalDeleteAtom
GetCurrentDirectoryA
WriteProfileSectionW

user32

LoadCursorFromFileW
GetWindowDC
GetWindowTextLengthW
EndMenu
IsCharLowerW
LoadCursorFromFileA
OemToCharA
GetUserObjectInformationW
MessageBoxIndirectW
SetSysColors
DefDlgProcW
DdeQueryStringA
SetMenuItemBitmaps
SetWindowsHookA
GetTopWindow
EnumWindowStationsW
InSendMessage
GetKeyboardState
LoadStringA
DdePostAdvise
InsertMenuItemW
DefWindowProcW
CreateMDIWindowW
HiliteMenuItem
CreateDialogIndirectParamA
DdeSetUserHandle
GetMenuState
GetAncestor

gdi32

GetColorSpace
GetDCBrushColor
GetBkMode
GetDCPenColor
GetBkColor
GetEnhMetaFileW
GetFontLanguageInfo
GetGraphicsMode
GetEnhMetaFileA
RealizePalette
GetTextColor
CreatePatternBrush
GetStockObject
SaveDC
GetDeviceCaps
CreateFontIndirectW
Ellipse
GetTextExtentPoint32W
GetPixel
GdiFlush
ExcludeClipRect
RestoreDC
CreateCompatibleBitmap
CreateSolidBrush
SetBkMode
SetTextColor
SetPixel
MoveToEx
LineTo
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
DeleteDC
FONTOBJ_vGetInfo
GdiGetLocalDC
OffsetClipRgn
GetEnhMetaFilePixelFormat
CopyEnhMetaFileW
CreateFontW
GetColorAdjustment
IntersectClipRect
LPtoDP
GetOutlineTextMetricsA
RemoveFontResourceExW
CreateDIBSection
RectVisible
GetSystemPaletteEntries
GetNearestPaletteIndex
GdiEntry11
SelectBrushLocal
SetBitmapBits
GdiGetLocalBrush
TranslateCharsetInfo
SetSystemPaletteUse
SelectClipRgn
GdiReleaseDC
GetPath
UnrealizeObject
CLIPOBJ_ppoGetPath
EnumICMProfilesA
SetWindowOrgEx
ExtCreatePen
EngMultiByteToUnicodeN
RemoveFontResourceA
GdiFullscreenControl
GdiQueryTable
GetICMProfileA
EngDeletePalette
DPtoLP
EngStretchBlt

advapi32

GetUserNameA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r2
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r3
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r33
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31f92c4664becceb72a15aa4f677e3c4

Code Sign

3b:b4:7f:ca:21:4b:75:bc:43:e0:ae:39:77:d9:72:adCertificate

Extended Key Usages

47:d3:f9:0a:6b:ad:e8:78:72:05:43:e7:9a:7f:eb:2d:0e:9f:b1:d8Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 9KB - Virtual size: 9KB

r2 Size: 512B - Virtual size: 10B

r3 Size: 1024B - Virtual size: 1010B

r33 Size: 122KB - Virtual size: 122KB

.rsrc Size: 28KB - Virtual size: 27KB

3b:b4:7f:ca:21:4b:75:bc:43:e0:ae:39:77:d9:72:ad
Certificate

47:d3:f9:0a:6b:ad:e8:78:72:05:43:e7:9a:7f:eb:2d:0e:9f:b1:d8
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 9KB - Virtual size: 9KB

r2
Size: 512B - Virtual size: 10B

r3
Size: 1024B - Virtual size: 1010B

r33
Size: 122KB - Virtual size: 122KB

.rsrc
Size: 28KB - Virtual size: 27KB