0a25d9f4c2aff6a05c1119c56c58fd81ab16d7e2ba9623886bcaeb87c80ffd11

Sharing

Copy URL Twitter E-mail

General

Target

0a25d9f4c2aff6a05c1119c56c58fd81ab16d7e2ba9623886bcaeb87c80ffd11
Size

12.3MB
MD5

b9bb5b7fb97b395110bb17fe0b0385ea
SHA1

56f89f901d0013b5d06061b5855e772d71f78f97
SHA256

0a25d9f4c2aff6a05c1119c56c58fd81ab16d7e2ba9623886bcaeb87c80ffd11
SHA512

707a7681830586efa2e80055265267122286ad5a8ed9aa4b3afd617ea45ef094c1fe300b3d682a37d86f1b6243dac35c1aaeb0d4a3b76c372f3f3c75e1cc4001
SSDEEP

196608:IZAX/ni1zwRsTp67rkUfMoWG1f7LKIbLmRoJD6/OuZnphqPD:IKPiNwWTUtEol46L0oJDso

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a25d9f4c2aff6a05c1119c56c58fd81ab16d7e2ba9623886bcaeb87c80ffd11

Files

0a25d9f4c2aff6a05c1119c56c58fd81ab16d7e2ba9623886bcaeb87c80ffd11
.exe windows:5 windows x86 arch:x86

dd33b79b3a1478403f71fafd666c52d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\装机大师\ZJDS-08\Release\ZJDS.pdb

Imports

kernel32

TlsFree
lstrlenA
GlobalFlags
SetErrorMode
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
HeapReAlloc
ExitThread
SetStdHandle
GetFileType
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCPInfo
TlsAlloc
GetACP
GetOEMCP
DeleteCriticalSection
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
FlushInstructionCache
InterlockedCompareExchange
SetThreadContext
GetThreadContext
GetLocalTime
GetVersion
FindResourceExW
LocalReAlloc
IsValidCodePage
TlsSetValue
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
InterlockedDecrement
GetCurrentProcessId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
FreeResource
ReleaseMutex
SuspendThread
SetEvent
GetCurrentThreadId
ResumeThread
SetThreadPriority
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
lstrlenW
CreateMutexW
HeapFree
GetProcessHeap
HeapAlloc
DeviceIoControl
GetDiskFreeSpaceExW
GetVolumeInformationW
GetVersionExW
GetPrivateProfileStringW
RemoveDirectoryW
GetOverlappedResult
GetLastError
CreateEventW
CreateProcessW
GetStartupInfoW
GetSystemDirectoryW
GetCurrentProcess
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
DefineDosDeviceW
GetDriveTypeW
GetTickCount
CopyFileExW
MoveFileWithProgressW
SetVolumeLabelW
CreateDirectoryW
DeleteFileW
GetFileSizeEx
CreateFileW
CreateDirectoryA
GetSystemDirectoryA
WriteFile
CreateFileA
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
WritePrivateProfileStringW
SetFileAttributesW
GetFileAttributesW
TerminateThread
CloseHandle
WaitForSingleObject
CreateProcessA
Sleep
CreateThread
CreatePipe
ReadFile
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar

user32

IsRectEmpty
CopyAcceleratorTableW
CharNextW
ReleaseCapture
SetCapture
UnregisterClassW
DestroyMenu
GetMenuItemInfoW
GetSysColorBrush
SetCursor
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
SetRect
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
MessageBoxW
GetClassInfoExW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
GetScrollInfo
SetScrollInfo
PtInRect
InvalidateRect
InvalidateRgn
GetNextDlgGroupItem
SendMessageW
CallWindowProcW
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
ReleaseDC
GetDC
CopyRect
CharUpperW
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MessageBeep
DestroyIcon
SetRectEmpty
SetWindowsHookExW
CallNextHookEx
RegisterClipboardFormatW
GetSystemMenu
UnionRect
PostThreadMessageW
PostMessageW
IsWindowVisible
FindWindowW
IsWindow
ExitWindowsEx
EnableWindow
GetParent
SetTimer
DrawFrameControl
DrawEdge
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
DrawIconEx
LoadImageW
SetMenuItemInfoW
WindowFromDC
SetClassLongW
MonitorFromWindow
GetMonitorInfoW
GetAsyncKeyState
DrawFocusRect
SetWindowRgn
GetComboBoxInfo
RedrawWindow
IsZoomed
EnumChildWindows
EnableScrollBar
SetForegroundWindow
KillTimer
SystemParametersInfoW
LoadIconW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
DefWindowProcW
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetMenuState
GetMenuStringW
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowTextLengthW
GetWindowTextW
GetFocus
SetFocus
IsWindowEnabled
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
GetWindow
GetClassInfoW
GetWindowRgn
MoveWindow
DestroyWindow
ShowWindow
SetWindowPos
GetWindowRect
SetWindowLongW
LoadCursorW
RegisterClassExW
CreateWindowExW
GetWindowLongW
GrayStringW

gdi32

ExtSelectClipRgn
CreatePatternBrush
GetStockObject
CreatePen
CreateSolidBrush
GetTextMetricsW
CreateFontIndirectW
CombineRgn
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
StretchDIBits
CreateCompatibleBitmap
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
BitBlt
GetTextExtentPoint32W
CreateFontW
GetViewportExtEx
SelectClipRgn
MoveToEx
LineTo
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
PatBlt
CreateRectRgnIndirect
CreateDCW
GetDeviceCaps
PtInRegion
CreateRectRgn
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateDIBSection
OffsetRgn
CreateRoundRectRgn
CreateEllipticRgnIndirect
RectInRegion
RoundRect
ExtCreateRegion
StretchBlt
UnrealizeObject
SetBrushOrgEx
GetWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
PathFindFileNameW
StrCatW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFileExistsA

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
OleFlushClipboard
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateGuid
CoInitialize
CoRegisterMessageFilter
CreateStreamOnHGlobal

oleaut32

OleLoadPicture
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysStringLen

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

wininet

InternetCheckConnectionW

Sections

.text
Size: 898KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.2MB - Virtual size: 11.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd33b79b3a1478403f71fafd666c52d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

iphlpapi

wininet

Sections

.text Size: 898KB - Virtual size: 897KB

.rdata Size: 184KB - Virtual size: 184KB

.data Size: 15KB - Virtual size: 32KB

.rsrc Size: 11.2MB - Virtual size: 11.2MB

.reloc Size: 93KB - Virtual size: 92KB

.text
Size: 898KB - Virtual size: 897KB

.rdata
Size: 184KB - Virtual size: 184KB

.data
Size: 15KB - Virtual size: 32KB

.rsrc
Size: 11.2MB - Virtual size: 11.2MB

.reloc
Size: 93KB - Virtual size: 92KB