JC_afd13b462aa0b7590934e58bf9846c6111f17711cdac3a1465f8f35933f41857

Sharing

Copy URL Twitter E-mail

General

Target

JC_afd13b462aa0b7590934e58bf9846c6111f17711cdac3a1465f8f35933f41857
Size

1.2MB
MD5

99491ced3e694a5e43fbc612f8545162
SHA1

7cb0312c0eaa06e796aa584d46625aa4d4e5411f
SHA256

afd13b462aa0b7590934e58bf9846c6111f17711cdac3a1465f8f35933f41857
SHA512

006e37bc59edcbfe411a7fcd5450ec9f25e94e22ca7b66495ccd1f35f18704a0e39fe131ce5c0c907974316dda6d826da9006735c6e2ddb0688b5baf9ec58884
SSDEEP

12288:iPohBmy7lE4Gm54sGbkNByfNUueaYseXb1fqbHZ9F:37plE4354bb8ByfUjLbJqTB

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

JC_afd13b462aa0b7590934e58bf9846c6111f17711cdac3a1465f8f35933f41857
.exe windows x86

31f92c4664becceb72a15aa4f677e3c4

Code Sign

3b:b4:7f:ca:21:4b:75:bc:43:e0:ae:39:77:d9:72:ad
Certificate

Issuer

CN=UEWZFGIQYUOCAEMVLY

Not Before

09/06/2020, 07:39

Not After

31/12/2039, 23:59

Subject

CN=UEWZFGIQYUOCAEMVLY

Extended Key Usages

ExtKeyUsageCodeSigning

0f:67:02:c4:95:04:dd:89:3b:df:27:91:ca:6f:9e:d6:9e:b7:b5:71
Signer

Actual PE Digest

0f:67:02:c4:95:04:dd:89:3b:df:27:91:ca:6f:9e:d6:9e:b7:b5:71

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
LoadLibraryA
GetProcAddress
GetLastError
Sleep
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
HeapReAlloc
HeapSize
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
RaiseException
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
GetStdHandle
GetModuleHandleA
ExitProcess
GetCommandLineA
GetStartupInfoA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
CreateFileW
QueryPerformanceCounter
MulDiv
lstrlenW
GetVersionExA
WriteFile
GetFileSize
GlobalAlloc
ReadFile
lstrcpyW
CloseHandle
GlobalFree
lstrcatW
Process32First
GlobalDeleteAtom
GetCurrentDirectoryA
WriteProfileSectionW

user32

LoadCursorFromFileW
GetWindowDC
GetWindowTextLengthW
EndMenu
IsCharLowerW
LoadCursorFromFileA
OemToCharA
GetUserObjectInformationW
MessageBoxIndirectW
SetSysColors
DefDlgProcW
DdeQueryStringA
SetMenuItemBitmaps
SetWindowsHookA
GetTopWindow
EnumWindowStationsW
InSendMessage
GetKeyboardState
LoadStringA
DdePostAdvise
InsertMenuItemW
DefWindowProcW
CreateMDIWindowW
HiliteMenuItem
CreateDialogIndirectParamA
DdeSetUserHandle
GetMenuState
GetAncestor

gdi32

GetColorSpace
GetDCBrushColor
GetBkMode
GetDCPenColor
GetBkColor
GetEnhMetaFileW
GetFontLanguageInfo
GetGraphicsMode
GetEnhMetaFileA
RealizePalette
GetTextColor
CreatePatternBrush
GetStockObject
SaveDC
GetDeviceCaps
CreateFontIndirectW
Ellipse
GetTextExtentPoint32W
GetPixel
GdiFlush
ExcludeClipRect
RestoreDC
CreateCompatibleBitmap
CreateSolidBrush
SetBkMode
SetTextColor
SetPixel
MoveToEx
LineTo
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
DeleteDC
FONTOBJ_vGetInfo
GdiGetLocalDC
OffsetClipRgn
GetEnhMetaFilePixelFormat
CopyEnhMetaFileW
CreateFontW
GetColorAdjustment
IntersectClipRect
LPtoDP
GetOutlineTextMetricsA
RemoveFontResourceExW
CreateDIBSection
RectVisible
GetSystemPaletteEntries
GetNearestPaletteIndex
GdiEntry11
SelectBrushLocal
SetBitmapBits
GdiGetLocalBrush
TranslateCharsetInfo
SetSystemPaletteUse
SelectClipRgn
GdiReleaseDC
GetPath
UnrealizeObject
CLIPOBJ_ppoGetPath
EnumICMProfilesA
SetWindowOrgEx
ExtCreatePen
EngMultiByteToUnicodeN
RemoveFontResourceA
GdiFullscreenControl
GdiQueryTable
GetICMProfileA
EngDeletePalette
DPtoLP
EngStretchBlt

advapi32

GetUserNameA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r2
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r3
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r33
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31f92c4664becceb72a15aa4f677e3c4

Code Sign

3b:b4:7f:ca:21:4b:75:bc:43:e0:ae:39:77:d9:72:adCertificate

Extended Key Usages

0f:67:02:c4:95:04:dd:89:3b:df:27:91:ca:6f:9e:d6:9e:b7:b5:71Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 9KB - Virtual size: 9KB

r2 Size: 512B - Virtual size: 10B

r3 Size: 1024B - Virtual size: 1010B

r33 Size: 122KB - Virtual size: 122KB

.rsrc Size: 28KB - Virtual size: 27KB

3b:b4:7f:ca:21:4b:75:bc:43:e0:ae:39:77:d9:72:ad
Certificate

0f:67:02:c4:95:04:dd:89:3b:df:27:91:ca:6f:9e:d6:9e:b7:b5:71
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 9KB - Virtual size: 9KB

r2
Size: 512B - Virtual size: 10B

r3
Size: 1024B - Virtual size: 1010B

r33
Size: 122KB - Virtual size: 122KB

.rsrc
Size: 28KB - Virtual size: 27KB