c0c8c9bd59878b035135f469fbdf5a3f

Sharing

Copy URL Twitter E-mail

General

Target

c0c8c9bd59878b035135f469fbdf5a3f
Size

88KB
MD5

c0c8c9bd59878b035135f469fbdf5a3f
SHA1

8bdf858a3e00d42221b7d06b8f3daf220a250291
SHA256

c7471db4f3956c462bb68ba0524288c4e4aca3184bd865f0f04ebc7672879f99
SHA512

eaf1671febba3b807a77da63c0fd3f4d8428619b1cc9225f937a8d365a34faa11289eeb4d03b5542fc65067673ec304347ea43f09df36899073d61690c651eee
SSDEEP

1536:4spJ5Bftrr3BVkFVaan1qOEXhXVCcbnBoLdLkuDNd3QkKOSPf1GvT5xab1lpmc:NJ5ltrbkFEEqOWYnLdLfD/gTf1GL5x4F

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

c0c8c9bd59878b035135f469fbdf5a3f
.exe windows:5 windows x86 arch:x86

ff22a36f896feec1ece1a35d6bad2742

Code Sign

7f:9d:a2:9f:3a:dc:7c:66:b3:de:e9:a4:d0:48:39:fa
Certificate

Issuer

CN=HXFFBWRB

Not Before

05/04/2019, 15:02

Not After

31/12/2039, 23:59

Subject

CN=HXFFBWRB

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

df:1c:3d:62:c9:d4:b1:a1:07:1c:01:27:ef:54:59:b9:6e:b7:ff:0c:1b:99:32:3c:ce:2a:89:14:d3:dd:53:85
Signer

Actual PE Digest

df:1c:3d:62:c9:d4:b1:a1:07:1c:01:27:ef:54:59:b9:6e:b7:ff:0c:1b:99:32:3c:ce:2a:89:14:d3:dd:53:85

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
FindResourceA
FindResourceExA
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleDisplayMode
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileAttributesA
GetFileAttributesExA
GetFileType
GetLastError
GetLocaleInfoA
GetLongPathNameA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetNumberFormatW
GetOEMCP
GetProcessHeap
GetShortPathNameA
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
FindFirstFileA
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
IsBadCodePtr
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MapUserPhysicalPagesScatter
MoveFileA
MulDiv
MultiByteToWideChar
OutputDebugStringW
Process32FirstW
QueryPerformanceCounter
RaiseException
RemoveDirectoryA
ResumeThread
RtlUnwind
SetConsoleActiveScreenBuffer
SetConsoleDisplayMode
SetErrorMode
SetEvent
SetFilePointer
SetFilePointerEx
SetHandleCount
SetLastError
SetStdHandle
SetThreadExecutionState
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepEx
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteConsoleA
WriteConsoleW
WriteFile
lstrcatA
lstrcatW
lstrcmpiA
lstrcpyA
lstrcpyn
lstrlenA
lstrlenW
FindClose
FatalExit
ExitProcess
EraseTape
EnumResourceTypesA
EnterCriticalSection
EndUpdateResourceW
EncodePointer
DeviceIoControl
DeleteFileA
DeleteCriticalSection
DecodePointer
CreateThread
CreateMutexA
CreateMailslotA
CreateFileW
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryA
CopyFileA
CloseHandle
AddConsoleAliasW
GetModuleHandleA
VirtualAllocEx
LoadLibraryA
HeapReAlloc
GetProcAddress

user32

GetWindowTextLengthW
GetWindowTextLengthA
GetMessagePos
DestroyCursor
CloseDesktop
IsClipboardFormatAvailable
IsMenu
GetMenu
OpenIcon
CharLowerA
GetDesktopWindow
GetKeyboardLayout
CloseWindowStation
CharNextA
GetShellWindow
GetListBoxInfo
GetClipboardSequenceNumber
LoadIconA
BeginPaint
ChangeDisplaySettingsExW
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
EndDialog
EndPaint
UpdateWindow
TranslateMessage
TranslateAcceleratorW
ShowWindow
RegisterClassExW
PostQuitMessage
MessageBoxW
LoadStringW
LoadIconW
LoadCursorW
LoadAcceleratorsW
GetProcessWindowStation
GetMessageW
GetMessageA
EnumDisplaySettingsW
EnumDisplayDevicesW
CharNextW
EnumDesktopsA

gdi32

GetObjectType
GetPixelFormat
RealizePalette
DeleteDC
DeleteEnhMetaFile
EndPath
DeleteObject
FillPath
EndDoc
CreateMetaFileW
AddFontMemResourceEx
CreateSolidBrush
EngGetCurrentCodePage
EnumFontFamiliesExA
EnumFontFamiliesW
GdiDescribePixelFormat
GdiEntry13
GetCharABCWidthsW
GetGlyphOutlineA
RemoveFontMemResourceEx
RemoveFontResourceW
ResizePalette
SetICMProfileA
SetMetaRgn
XFORMOBJ_iGetXform
gdiPlaySpoolStream
AbortDoc

shell32

SHFileOperationA
ShellHookProc
ShellExecuteW
ShellExecuteA
ShellAboutW
SHIsFileAvailableOffline
CommandLineToArgvW
DragFinish
DragQueryFile
DragQueryFileA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconExA
SHAddToRecentDocs
SHBindToParent
SHCreateDirectoryExA
SHCreateDirectoryExW
Shell_NotifyIconA
SHFormatDrive
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetFileInfo
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDList
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHInvokePrinterCommandW

shlwapi

StrCmpNW
StrRChrA
StrStrA
StrStrIA
StrChrW
StrStrIW

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff22a36f896feec1ece1a35d6bad2742

Code Sign

7f:9d:a2:9f:3a:dc:7c:66:b3:de:e9:a4:d0:48:39:faCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

df:1c:3d:62:c9:d4:b1:a1:07:1c:01:27:ef:54:59:b9:6e:b7:ff:0c:1b:99:32:3c:ce:2a:89:14:d3:dd:53:85Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

shlwapi

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

7f:9d:a2:9f:3a:dc:7c:66:b3:de:e9:a4:d0:48:39:fa
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

df:1c:3d:62:c9:d4:b1:a1:07:1c:01:27:ef:54:59:b9:6e:b7:ff:0c:1b:99:32:3c:ce:2a:89:14:d3:dd:53:85
Signer

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB