de37a9782ecf22f81f4cb294ebb9308f

Sharing

Copy URL Twitter E-mail

General

Target

de37a9782ecf22f81f4cb294ebb9308f
Size

440KB
MD5

de37a9782ecf22f81f4cb294ebb9308f
SHA1

02f1ad472325a3d11f0cf88316802e5fae7427c1
SHA256

50e3bd479a50205e7ee5b780a57283cb763d75d2ccc0eebcce550152a066ec53
SHA512

151075217cd6bd51ad7fd86c1c4fd5c48afab0a7dbd13cee91851c20a2ca988aa067c527efe4c07234658eeeead1e218eaf7da5008a44ee09e076190c916e987
SSDEEP

6144:xpesgEdsW4K6o6ccT0ta+QNIIXK0b/VffQDatqlMT:/8KB60tabDtGMT

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de37a9782ecf22f81f4cb294ebb9308f

Files

de37a9782ecf22f81f4cb294ebb9308f
.exe windows:4 windows x86 arch:x86

86b5990c727bf3b8d4a000376b041c15

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

SetEndOfFile
GetCPInfo
GetOEMCP
ExitThread
CreateThread
HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteConsoleA
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
OutputDebugStringA
TerminateProcess
CloseHandle
SetErrorMode
WaitForSingleObject
lstrcpyA
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
GetVersion
GetLastError
CompareStringA
InterlockedExchange
Sleep
GetTickCount
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
SetFilePointer
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalFlags
FormatMessageA
MulDiv
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
SetLastError
GlobalAddAtomA
GlobalUnlock
GlobalFree
WritePrivateProfileStringA
FindResourceA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalLock
GlobalAlloc
FreeLibrary
BeginUpdateResourceA
LoadLibraryA
MapViewOfFile
CreateFileMappingA
LoadResource
FlushFileBuffers
ConnectNamedPipe
GetCurrentProcess
GetVersionExA
GetLocalTime
lstrcpyW
LocalFree
lstrcmpA
LocalAlloc
ReadFile
GetFileSize
MoveFileExA
DeleteFileA
VirtualQueryEx
ReadProcessMemory
GetThreadContext
CreateProcessA
ResumeThread
SetThreadContext
VirtualProtectEx
VirtualAlloc
FreeResource
WriteFile
CreateFileA
LockResource
SizeofResource
GetConsoleOutputCP

user32

DestroyMenu
UnregisterClassA
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassNameA
SetPropA
GetPropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetClassLongA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
PostMessageA
GetClientRect
GetSystemMetrics
SendMessageA
IsIconic
LoadIconA
EnableWindow
DrawIcon
MessageBoxA
RemovePropA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueExA
CryptDestroyKey
CryptImportKey
CryptDestroyHash
CryptCreateHash
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptAcquireContextA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
CryptGetHashParam
CryptReleaseContext
RegCloseKey
CryptVerifySignatureA
CryptHashData

shell32

Shell_NotifyIconA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

wintrust

WinVerifyTrust

crypt32

CryptDecodeObject
CertGetNameStringA
CertFindCertificateInStore
CryptQueryObject
CryptMsgGetParam

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86b5990c727bf3b8d4a000376b041c15

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

wintrust

crypt32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 20KB - Virtual size: 37KB

.rsrc Size: 132KB - Virtual size: 128KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 20KB - Virtual size: 37KB

.rsrc
Size: 132KB - Virtual size: 128KB