053f8d5670c666f54c76fc8f3273ed916b1c323bc1a6c71a13f9f02a4746a061

Sharing

Copy URL Twitter E-mail

General

Target

053f8d5670c666f54c76fc8f3273ed916b1c323bc1a6c71a13f9f02a4746a061
Size

1.0MB
MD5

a7c930732560445a040bf5534d87013e
SHA1

585d7cbb0dd5ae9a166f94949d2ac815b02fbc88
SHA256

053f8d5670c666f54c76fc8f3273ed916b1c323bc1a6c71a13f9f02a4746a061
SHA512

d1ac91f1cacb695d11c7e5d12bd50112a5b1790feec83ef21bb2cb1be7fe6ff0692c1d13779f99eb2e9a6713e34d47704bcd5829e2afb68f66fd00ad7aeead18
SSDEEP

12288:tRWOA1eeCaGDpeHWCo8YpNFN5dEr9n5RGxXuZn:CO1vX4zoLNF/dwfGxXut

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

053f8d5670c666f54c76fc8f3273ed916b1c323bc1a6c71a13f9f02a4746a061
.exe windows x86

1c3600c8cacb95d648e36f41e2534ceb

Code Sign

46:27:7e:de:01:8e:5a:ba:40:eb:17:4b:9a:b4:18:ee
Certificate

Issuer

CN=EJJITOWJDYSFOZIJDD

Not Before

10/06/2020, 17:50

Not After

31/12/2039, 23:59

Subject

CN=EJJITOWJDYSFOZIJDD

Extended Key Usages

ExtKeyUsageCodeSigning

91:74:d9:39:69:fc:43:e0:47:92:7d:bb:2d:c5:81:b2:c3:5f:a7:2b
Signer

Actual PE Digest

91:74:d9:39:69:fc:43:e0:47:92:7d:bb:2d:c5:81:b2:c3:5f:a7:2b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
LoadLibraryA
GetProcAddress
GetLastError
Sleep

user32

LoadCursorFromFileW
GetWindowDC
GetWindowTextLengthW

gdi32

GetColorSpace
GetDCBrushColor
GetBkMode
GetDCPenColor
GetBkColor
GetEnhMetaFileW
GetFontLanguageInfo
GetGraphicsMode
GetEnhMetaFileA
RealizePalette
GetTextColor
GetStockObject

advapi32

GetUserNameA
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 554B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r2
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r3
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r33
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r334
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c3600c8cacb95d648e36f41e2534ceb

Code Sign

46:27:7e:de:01:8e:5a:ba:40:eb:17:4b:9a:b4:18:eeCertificate

Extended Key Usages

91:74:d9:39:69:fc:43:e0:47:92:7d:bb:2d:c5:81:b2:c3:5f:a7:2bSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 916KB - Virtual size: 916KB

.rdata Size: 1024B - Virtual size: 554B

.data Size: 6KB - Virtual size: 6KB

r2 Size: 512B - Virtual size: 10B

r3 Size: 1024B - Virtual size: 1010B

r33 Size: 512B - Virtual size: 10B

r334 Size: 122KB - Virtual size: 121KB

.rsrc Size: 4KB - Virtual size: 3KB

46:27:7e:de:01:8e:5a:ba:40:eb:17:4b:9a:b4:18:ee
Certificate

91:74:d9:39:69:fc:43:e0:47:92:7d:bb:2d:c5:81:b2:c3:5f:a7:2b
Signer

.text
Size: 916KB - Virtual size: 916KB

.rdata
Size: 1024B - Virtual size: 554B

.data
Size: 6KB - Virtual size: 6KB

r2
Size: 512B - Virtual size: 10B

r3
Size: 1024B - Virtual size: 1010B

r33
Size: 512B - Virtual size: 10B

r334
Size: 122KB - Virtual size: 121KB

.rsrc
Size: 4KB - Virtual size: 3KB