6fe77c39366348a7875b68661c6b188c

Sharing

Copy URL

Twitter E-mail

General

Target

6fe77c39366348a7875b68661c6b188c
Size

684KB
MD5

6fe77c39366348a7875b68661c6b188c
SHA1

214ff4553445c9eaf2cae61095b44e59bcb8ef29
SHA256

20f91a1e7beb2c3b2472aec59540286d02ec10448a0aaab2e7e0272df4bcc629
SHA512

4052edfcc6d8c270c45a2aaec9183b23038767e96dab0391153862657e2feaafcc3431443188a37f021ae74caa8673d3777a925a458f5def5601141887ba5958
SSDEEP

12288:hGTqN0366nBlHdSkC1NaZfcDtnvfDiT4wHfYiqQGFWvBEoBNzHWDvrQ9htaGK1Tw:hGTqNV6nBlHdSkgaZcDtnvQQLBFoBhHj

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fe77c39366348a7875b68661c6b188c

Files

6fe77c39366348a7875b68661c6b188c
.exe windows:4 windows x86 arch:x86

5958f133ad381de34b6eb759b0d0a450

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetConnectA
InternetOpenA
FtpSetCurrentDirectoryA
FtpCreateDirectoryA
FtpPutFileA
InternetQueryDataAvailable
InternetOpenUrlA
DeleteUrlCacheEntry
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpQueryInfoA

winmm

timeGetTime

dsetup

ord11

kernel32

SetEndOfFile
InterlockedExchange
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
WideCharToMultiByte
FindResourceA
SizeofResource
LockResource
LoadResource
MoveFileA
Sleep
DeleteFileA
GetFileAttributesExA
GetLastError
CreateMutexA
QueryPerformanceCounter
QueryPerformanceFrequency
OutputDebugStringA
GetModuleFileNameA
GetModuleHandleA
ExitThread
CreateDirectoryA
LocalFree
FormatMessageA
CreateProcessA
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsBadCodePtr
IsBadReadPtr
ExitProcess
SetFileAttributesA
FreeLibrary
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
ReadFile
GetFileSize
LoadLibraryA
GetProcAddress
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentDirectoryA
FindFirstFileA
FindNextFileA
GetStringTypeW
GetStringTypeA
GetDriveTypeA
GetEnvironmentStringsW
CopyFileA
GetWindowsDirectoryA
GetSystemDirectoryA
EnterCriticalSection
CreateFileA
SetFilePointer
WriteFile
LeaveCriticalSection
GetCurrentThreadId
GetLocalTime
RaiseException
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
lstrcmpiA
lstrlenW
CompareStringA
CompareStringW
GetVersion
MultiByteToWideChar
CreateThread
GetDiskFreeSpaceExA
GetExitCodeProcess
CloseHandle
GetExitCodeThread
GetCommandLineA
GetTempPathA
GetTickCount
GetCurrentProcessId
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
lstrcpynA
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
SetLastError
MulDiv
InterlockedIncrement
WaitForSingleObject
FlushFileBuffers
LockFile
UnlockFile
SetEnvironmentVariableA
DuplicateHandle
FindClose
GetVolumeInformationA
GetFullPathNameA
GlobalAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
GetFileAttributesA
GetFileTime
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GetCurrentThread
WritePrivateProfileStringA
InterlockedDecrement
GlobalFlags
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetStartupInfoA
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

DispatchMessageA
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
IsChild
GetFocus
SendDlgItemMessageA
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetCapture
WinHelpA
RegisterWindowMessageA
IsDialogMessageA
SetWindowTextA
MoveWindow
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
FillRect
TabbedTextOutA
DrawTextExA
GrayStringA
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
CharNextA
IsRectEmpty
SetWindowRgn
SetCapture
LoadCursorA
SetCursor
ReleaseCapture
GetCursorPos
TranslateAcceleratorA
SetMenu
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
DestroyMenu
LoadMenuA
wsprintfA
ValidateRect
TranslateMessage
GetMessageA
PostQuitMessage
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
WindowFromPoint
GetSysColorBrush
InflateRect
GetMenuItemInfoA
SetRect
ScrollWindow
InvalidateRgn
BeginDeferWindowPos
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
PtInRect
GetWindow
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
EnableWindow
ReleaseDC
GetDC
MessageBoxA
LoadIconA
SetActiveWindow
SetForegroundWindow
SetFocus
ShowWindow
FindWindowA
InvalidateRect
UpdateWindow
SetTimer
GetWindowRect
SendMessageA
PostMessageA
DrawTextA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
KillTimer
CharUpperA
UnregisterClassA
LoadBitmapA
LoadImageA
GetParent
TrackPopupMenu
GetKeyState
SetScrollRange
IsWindowVisible
GetScrollRange
SetScrollPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetScrollPos
ShowScrollBar
CopyAcceleratorTableA
GetMenu

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
CreateSolidBrush
GetBkColor
GetTextColor
CreateEllipticRgn
LPtoDP
Ellipse
ScaleViewportExtEx
SelectClipRgn
CreateFontIndirectA
CreateRectRgnIndirect
GetMapMode
GetRgnBox
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetTextAlign
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
GetClipBox
SetBitmapBits
GetObjectA
CreateCompatibleBitmap
CreateFontA
CombineRgn
CreateRectRgn
ExtCreateRegion
DeleteDC
GetDIBits
CreateICA
GetDeviceCaps
GetTextAlign
TextOutA
SetTextColor
BitBlt
CreateCompatibleDC
CreateBitmap
GetTextExtentPoint32A

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptDeriveKey
CryptHashData
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA
DragFinish
DragQueryFileA
SHGetSpecialFolderLocation

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoRegisterMessageFilter
CoTaskMemFree
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoInitialize
CoCreateInstance
CoUninitialize
OleInitialize
CoFreeUnusedLibraries
OleUninitialize

oleaut32

SysAllocString
SysAllocStringLen
VariantClear
SysFreeString
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
DispCallFunc
VariantCopy
OleCreateFontIndirect
VariantInit
VariantChangeType

msimg32

TransparentBlt

comctl32

_TrackMouseEvent
ord17
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy

shlwapi

PathFileExistsA
PathIsUNCA
UrlUnescapeA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA

oledlg

ord8

urlmon

URLDownloadToFileA

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comdlg32

GetFileTitleA

Exports

Exports

??0CCrc16@FnlApi@@AAE@ABV01@@Z
??0CCrc16@FnlApi@@QAE@XZ
??0CCrc32@FnlApi@@AAE@ABV01@@Z
??0CCrc32@FnlApi@@QAE@XZ
??0CMd5@FnlApi@@AAE@ABV01@@Z
??0CMd5@FnlApi@@QAE@XZ
??0CRc4Md5@FnlApi@@AAE@ABV01@@Z
??0CRc4Md5@FnlApi@@QAE@XZ
??1CRc4Md5@FnlApi@@QAE@XZ
??4CCrc16@FnlApi@@AAEAAV01@ABV01@@Z
??4CCrc32@FnlApi@@AAEAAV01@ABV01@@Z
??4CMd5@FnlApi@@AAEAAV01@ABV01@@Z
??4CRc4Md5@FnlApi@@AAEAAV01@ABV01@@Z
?CalcCrc@CCrc16@FnlApi@@QBEGPBEKG@Z
?CalcCrc@CCrc32@FnlApi@@QBEKPBEKK@Z
?Close@CRc4Md5@FnlApi@@QAEXXZ
?Decode@CRc4Md5@FnlApi@@QAEKPAEAAKH@Z
?Encode@CRc4Md5@FnlApi@@QAEKPAEAAKH@Z
?Final@CMd5@FnlApi@@QAEXQAE@Z
?GetDigest@CRc4Md5@FnlApi@@QAEKPAE@Z
?GetLngDigest@CRc4Md5@FnlApi@@SAKXZ
?Initial@CMd5@FnlApi@@QAEXQBI@Z
?IsOpen@CRc4Md5@FnlApi@@QBEHXZ
?Open@CRc4Md5@FnlApi@@QAEKPBDPBEK@Z
?SetPolynomial@CCrc16@FnlApi@@QAEXG@Z
?SetPolynomial@CCrc32@FnlApi@@QAEXK@Z
?Update@CMd5@FnlApi@@QAEXPBEK@Z
?__Dtor@CRc4Md5@FnlApi@@AAEXXZ
?__Reflect@CCrc32@FnlApi@@ABEKKD@Z
?__ResetAttr@CCrc16@FnlApi@@AAEXXZ
?__ResetAttr@CCrc32@FnlApi@@AAEXXZ
?__ResetAttr@CMd5@FnlApi@@AAEXXZ
?__ResetAttr@CRc4Md5@FnlApi@@AAEXXZ
?__Transform@CMd5@FnlApi@@AAEXQAIQBI@Z
?__mAlgEncrypt@CRc4Md5@FnlApi@@0IB
?__mAlgHash@CRc4Md5@FnlApi@@0IB
?__mLngDigest@CRc4Md5@FnlApi@@0KB
?__mLngSesKey@CRc4Md5@FnlApi@@0KB

Sections

.text
Size: 500KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5958f133ad381de34b6eb759b0d0a450

Headers

File Characteristics

Imports

wininet

winmm

dsetup

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

oledlg

urlmon

oleacc

winspool.drv

comdlg32

Exports

Exports

Sections

.text Size: 500KB - Virtual size: 498KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 60KB - Virtual size: 57KB

.text
Size: 500KB - Virtual size: 498KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 60KB - Virtual size: 57KB