f8a54a47dca5a7de477d869a549679a10fb2e60d93c6ab648231cda812128fd6

Sharing

Copy URL Twitter E-mail

General

Target

f8a54a47dca5a7de477d869a549679a10fb2e60d93c6ab648231cda812128fd6
Size

2.7MB
MD5

aac5fc030c8e8f551b7f29c69004a4f0
SHA1

d13e9b6d09ba64a320ced29bab619eab505e8217
SHA256

f8a54a47dca5a7de477d869a549679a10fb2e60d93c6ab648231cda812128fd6
SHA512

296ddfd1a6953bd36ad415b60bfa4058a5a57cb1b5ebb0b068141a3b779bc760c30003d310f5bd4ac75612de99851f755dab80be6c79fbd6498b753537bbcec3
SSDEEP

12288:Shum52wwLHqpVxTXLqVrytXS/eMAdIiftnui:A2wwTEmy5SmvL

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

f8a54a47dca5a7de477d869a549679a10fb2e60d93c6ab648231cda812128fd6
.exe windows x86

ce675a12e61fdec756d3e26b0c2e9085

Code Sign

5d:a2:97:ae:28:d9:43:bc:4e:5d:71:f6:71:a3:e9:83
Certificate

Issuer

CN=HFQAOBLCWSJIQHWAST

Not Before

19/06/2020, 14:35

Not After

31/12/2039, 23:59

Subject

CN=HFQAOBLCWSJIQHWAST

Extended Key Usages

ExtKeyUsageCodeSigning

f3:fe:6b:ce:ec:f0:70:96:97:87:5c:a0:d1:72:20:f8:cf:2f:38:7c
Signer

Actual PE Digest

f3:fe:6b:ce:ec:f0:70:96:97:87:5c:a0:d1:72:20:f8:cf:2f:38:7c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersion
GetLastError
SetEvent
CompareStringW
WaitForSingleObject
CreateEventW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
RtlUnwind
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
SetUnhandledExceptionFilter
CreateDirectoryExW
GetWriteWatch
EnumTimeFormatsW
FindResourceA
GetCommState
CreateMailslotW
GetWindowsDirectoryW
BeginUpdateResourceW
LCMapStringA
LocalReAlloc
LocalFlags
WriteConsoleOutputAttribute
CreateFileW
RequestWakeupLatency
UnregisterWaitEx
GetConsoleDisplayMode
HeapValidate
IsBadReadPtr
GetModuleFileNameW
lstrlenW
GetDriveTypeW
GetLogicalDrives
lstrcmpW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitProcess
InitializeCriticalSection
GetCommandLineW
ReleaseMutex
ResetEvent
WaitForMultipleObjectsEx
SetErrorMode
CreateMutexW
CreateProcessW
MoveFileExW
GetSystemInfo
CreateFileA
ReadFile
SetFilePointer
DosDateTimeToFileTime
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
ReleaseSemaphore
WaitForMultipleObjects
CreateThread
CreateSemaphoreW
VirtualFree
VirtualAlloc
SetFilePointerEx
ExpandEnvironmentStringsW
SystemTimeToFileTime
GetSystemTime
SetFileTime
SetEndOfFile
WriteFile
LocalFree
lstrlenA
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetFileSizeEx
FindClose
FindFirstFileW
GetFileAttributesW
CreateDirectoryW
GetTempPathW
GlobalFree
GlobalAlloc
GetFileAttributesExW
CopyFileW
CreateHardLinkW
SetFileAttributesW
DeleteFileW
GetTempPathA
GetFileTime
FindNextFileW
GetStdHandle
GetCurrentThread
RemoveDirectoryW
FormatMessageA
GetComputerNameW
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
IsDebuggerPresent
RaiseException
GetCPInfo
GetACP
GetOEMCP
LCMapStringW
LoadLibraryA
HeapReAlloc
GetLocaleInfoA
HeapSize
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetModuleHandleW

user32

SendMessageW
FindWindowW
OemToCharA
MapVirtualKeyW
DefMDIChildProcW
GetMonitorInfoW
BroadcastSystemMessageA
UnregisterDeviceNotification
SetWindowWord
OemToCharBuffA
GetMenuDefaultItem
DestroyWindow
TrackPopupMenu
WindowFromPoint
MessageBoxA
DrawTextW
GetMenuItemID
ScrollWindowEx
GetMenuInfo
DlgDirSelectExA
LoadAcceleratorsW
DdeInitializeA
SetProcessWindowStation
CharToOemBuffA
GetLastInputInfo
GetScrollBarInfo
SetSysColors
MessageBoxExA
DdeCreateStringHandleA
DefDlgProcA
LoadCursorFromFileA

gdi32

SetPaletteEntries
HT_Get8BPPMaskPalette
GetMapMode
DeleteMetaFile
PATHOBJ_vEnumStart
EngCreateDeviceBitmap
CLIPOBJ_bEnum
SetRelAbs
ScaleViewportExtEx
GdiCleanCacheDC
GetLayout
GdiGetCodePage
RectVisible
GetWinMetaFileBits
ResizePalette
GdiConvertRegion
GetCharWidthA
CreateDCW
InvertRgn
TranslateCharsetInfo
GetTextFaceW
GetTextMetricsA
RemoveFontResourceW
GdiRealizationInfo
XFORMOBJ_bApplyXform
EnumEnhMetaFile
RectInRegion
EndDoc
DeleteColorSpace
FillPath
DeleteEnhMetaFile
CreateCompatibleDC
CreateSolidBrush
FlattenPath
CreateHalftonePalette
CreateMetaFileA
CreatePatternBrush
DeleteObject
EndPage
EndPath
CloseFigure
DeleteDC
CreateMetaFileW
CloseMetaFile
RealizePalette
GetColorSpace
GetStockObject
GetEnhMetaFileA

advapi32

TraceMessage
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
SetThreadToken
RegEnumValueW
RegQueryValueExW
RegNotifyChangeKeyValue
SetServiceStatus
StartServiceCtrlDispatcherW
DuplicateToken
RegDeleteValueW
RegisterServiceCtrlHandlerW
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptHashData
FreeSid
AllocateAndInitializeSid
LookupAccountNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership
OpenThreadToken
RegDeleteKeyW
SetFileSecurityW
CryptAcquireContextW
CryptReleaseContext
RegOpenKeyA
RegQueryValueExA
GetUserNameA

shell32

WOWShellExecute
SHCreateDirectoryExA
CommandLineToArgvW
SHGetPathFromIDList
SHQueryRecycleBinW
ExtractAssociatedIconExW
SHAppBarMessage
SHBrowseForFolderW
ShellExecuteA
ExtractIconA
CheckEscapesW
SHCreateDirectoryExW
ShellHookProc
DragQueryFile
DoEnvironmentSubstA
SHGetDataFromIDListA
SHEmptyRecycleBinA
ExtractAssociatedIconA
FindExecutableW
SHLoadInProc
SHEmptyRecycleBinW
SHFreeNameMappings
SHGetSpecialFolderPathA
DragQueryFileW
FindExecutableA
ExtractAssociatedIconExA
SHGetInstanceExplorer
SHFormatDrive
SHGetFileInfoA
SHFileOperationW
ExtractIconExA
SHBrowseForFolder
SHPathPrepareForWriteW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CLSIDFromString
CoRegisterClassObject
CreateBindCtx
CoRevokeClassObject
CoInitializeEx

shlwapi

StrRStrIW
StrRChrW
StrStrA
StrCmpNA
StrChrIW

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a21
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a2
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a3
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a32
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a322
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce675a12e61fdec756d3e26b0c2e9085

Code Sign

5d:a2:97:ae:28:d9:43:bc:4e:5d:71:f6:71:a3:e9:83Certificate

Extended Key Usages

f3:fe:6b:ce:ec:f0:70:96:97:87:5c:a0:d1:72:20:f8:cf:2f:38:7cSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 512B - Virtual size: 174B

.data Size: 12KB - Virtual size: 11KB

a21 Size: 512B - Virtual size: 10B

a2 Size: 512B - Virtual size: 10B

a3 Size: 2.4MB - Virtual size: 2.4MB

a32 Size: 1024B - Virtual size: 1010B

a322 Size: 124KB - Virtual size: 124KB

.rsrc Size: 116KB - Virtual size: 116KB

5d:a2:97:ae:28:d9:43:bc:4e:5d:71:f6:71:a3:e9:83
Certificate

f3:fe:6b:ce:ec:f0:70:96:97:87:5c:a0:d1:72:20:f8:cf:2f:38:7c
Signer

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 512B - Virtual size: 174B

.data
Size: 12KB - Virtual size: 11KB

a21
Size: 512B - Virtual size: 10B

a2
Size: 512B - Virtual size: 10B

a3
Size: 2.4MB - Virtual size: 2.4MB

a32
Size: 1024B - Virtual size: 1010B

a322
Size: 124KB - Virtual size: 124KB

.rsrc
Size: 116KB - Virtual size: 116KB