416d2c5e0f1306321ff4aa05aebd175e55aea6579f8062777a5feb2bb5ea6c95

Sharing

Copy URL

Twitter E-mail

General

Target

416d2c5e0f1306321ff4aa05aebd175e55aea6579f8062777a5feb2bb5ea6c95
Size

1.0MB
MD5

db0c5cbd776f17c7c06df6cabd908282
SHA1

44da893813ce219c616aefb6cf29e71e27e6f419
SHA256

416d2c5e0f1306321ff4aa05aebd175e55aea6579f8062777a5feb2bb5ea6c95
SHA512

2cfa156bb4820db963c6219483948a72c51c4849215198df8d1fb474d6e4943340bef46fc3ebcd4befbd7596913742c2f197f640b4508c9f1982cf69cbaf2079
SSDEEP

3072:FS4IE2ArRC2PRQ6CgxoCxmUd12i/8Y8rfulU8bax1i2NXu02LbjfrzyJKqAcwBu8:FcEGCxz3dUi278b4NX07fsALu8

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

416d2c5e0f1306321ff4aa05aebd175e55aea6579f8062777a5feb2bb5ea6c95
.exe windows:4 windows x86 arch:x86

7299e8d825a9aa413f25ae1fc6c903fc

Code Sign

67:00:21:b1:60:2f:d0:74:be:08:94:59:9c:90:95:0c
Certificate

Issuer

CN=GBMKLQJNMMDAVCCUKT

Not Before

23-07-2020 17:43

Not After

31-12-2039 23:59

Subject

CN=GBMKLQJNMMDAVCCUKT

Extended Key Usages

ExtKeyUsageCodeSigning

a3:b9:e4:f9:94:dc:a9:d9:b7:1a:c3:c7:ce:70:31:87:e9:2a:6a:e2
Signer

Actual PE Digest

a3:b9:e4:f9:94:dc:a9:d9:b7:1a:c3:c7:ce:70:31:87:e9:2a:6a:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleOutputCP
WriteConsoleA
SetStdHandle
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
SetErrorMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
GetTimeZoneInformation
GetCPInfo
SetFilePointerEx
OutputDebugStringW
WriteConsoleW
SetEnvironmentVariableA
VirtualFree
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetOEMCP
GetACP
PeekNamedPipe
IsValidCodePage
GetStartupInfoW
GetStdHandle
VirtualQuery
VirtualAlloc
GetModuleHandleExW
ExitProcess
HeapQueryInformation
ExitThread
CreateThread
IsProcessorFeaturePresent
RtlUnwind
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
VirtualProtect
SearchPathW
GetProfileIntW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
GlobalFindAtomW
GlobalDeleteAtom
GlobalFlags
GetUserDefaultUILanguage
EncodePointer
GlobalAddAtomW
ResumeThread
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameW
FlushFileBuffers
GetFileAttributesExW
GlobalGetAtomNameW
GetCurrentProcessId
LocalReAlloc
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleA
OutputDebugStringA
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
FormatMessageW
GlobalSize
FindResourceExW
SetThreadPriority
CompareStringW
WideCharToMultiByte
GetVersionExA
GetVolumeInformationW
FindFirstFileW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
GetWindowsDirectoryW
GetTempPathW
GetSystemDirectoryW
GetDriveTypeW
GetPrivateProfileStringW
GetPrivateProfileIntW
LoadLibraryW
lstrlenW
lstrcpynW
GetFileTime
FindClose
GetFileSize
GetFileInformationByHandle
GetCurrentThread
GetProcessHeap
HeapSize
HeapReAlloc
HeapDestroy
GetTickCount
Sleep
WaitForSingleObject
LocalFree
LocalAlloc
SetCurrentDirectoryW
LoadLibraryExW
lstrcmpiW
FreeLibrary
DecodePointer
MultiByteToWideChar
GetVersionExW
CopyFileW
DeleteFileW
FindResourceW
CreateProcessW
GetModuleHandleW
GetModuleFileNameW
lstrcmpW
GetSystemInfo
MulDiv
SizeofResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetCurrentThreadId
RaiseException
FlushInstructionCache
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
GetProcAddress
LockResource
FreeResource
InterlockedDecrement
InterlockedIncrement
CreateFileW
CloseHandle
ReadFile
WriteFile
ReadConsoleW
GetFileSizeEx
LoadLibraryExA
VirtualAllocEx

user32

LoadIconA
IsGUIThread
LoadCursorFromFileA
GetWindowTextLengthW

gdi32

GetStockObject

advapi32

GetUserNameA
RegOpenKeyA
RegQueryValueExA

comctl32

ImageList_Destroy
ImageList_Create
ord17

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdata
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdat2z
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdat2a
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdat2b
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdat2a1
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 690KB - Virtual size: 689KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7299e8d825a9aa413f25ae1fc6c903fc

Code Sign

67:00:21:b1:60:2f:d0:74:be:08:94:59:9c:90:95:0cCertificate

Extended Key Usages

a3:b9:e4:f9:94:dc:a9:d9:b7:1a:c3:c7:ce:70:31:87:e9:2a:6a:e2Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

Sections

.text Size: 141KB - Virtual size: 141KB

.rdata Size: 24KB - Virtual size: 23KB

.tdata Size: 182KB - Virtual size: 182KB

.tdat2z Size: 1024B - Virtual size: 700B

.tdat2a Size: 1024B - Virtual size: 700B

.tdat2b Size: 1024B - Virtual size: 700B

.tdat2a1 Size: 1024B - Virtual size: 700B

.data Size: 6KB - Virtual size: 5KB

2 Size: 690KB - Virtual size: 689KB

.rsrc Size: 2KB - Virtual size: 1KB

67:00:21:b1:60:2f:d0:74:be:08:94:59:9c:90:95:0c
Certificate

a3:b9:e4:f9:94:dc:a9:d9:b7:1a:c3:c7:ce:70:31:87:e9:2a:6a:e2
Signer

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 24KB - Virtual size: 23KB

.tdata
Size: 182KB - Virtual size: 182KB

.tdat2z
Size: 1024B - Virtual size: 700B

.tdat2a
Size: 1024B - Virtual size: 700B

.tdat2b
Size: 1024B - Virtual size: 700B

.tdat2a1
Size: 1024B - Virtual size: 700B

.data
Size: 6KB - Virtual size: 5KB

2
Size: 690KB - Virtual size: 689KB

.rsrc
Size: 2KB - Virtual size: 1KB