fbb4f052d74b0bcdb3a4383f0d74a2346e55a66ec63739edd9faaa0b8ea22322

Sharing

Copy URL Twitter E-mail

General

Target

fbb4f052d74b0bcdb3a4383f0d74a2346e55a66ec63739edd9faaa0b8ea22322
Size

8.7MB
MD5

6fa20bad0e81bcc8b74c97b5592d1caf
SHA1

a3a33c10caa4540cd21db1bd8c736dc27ff8e300
SHA256

fbb4f052d74b0bcdb3a4383f0d74a2346e55a66ec63739edd9faaa0b8ea22322
SHA512

97c379be5700ed503dacbeb05a3ed10718f45d6296ed913bd6b51cd6e1479aa7a2c1493bc3270dcc67fab257c0c91ba52023f9e60ef6ec9f24891afc790aa91d
SSDEEP

98304:RJpC/xXyMSa2oqYX/OYZ3pipw/e2FayqypijJbLsnDQa43q/3CvlG4G:RJM/xX4iX/B3p6CPijJbLsnDQy/x

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbb4f052d74b0bcdb3a4383f0d74a2346e55a66ec63739edd9faaa0b8ea22322

Files

fbb4f052d74b0bcdb3a4383f0d74a2346e55a66ec63739edd9faaa0b8ea22322
.exe windows:4 windows x86 arch:x86

1a59b1a0e13f36f85382c54c5c96576d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecA
SHAutoComplete

kernel32

TerminateThread
SetEnvironmentVariableA
CompareStringA
IsBadCodePtr
GetDriveTypeA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
IsBadWritePtr
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
SetStdHandle
CloseHandle
GetACP
TerminateProcess
GetSystemTime
GetTimeZoneInformation
RaiseException
ExitThread
HeapReAlloc
RtlUnwind
SetErrorMode
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GetProfileIntA
GetProfileStringA
GetPrivateProfileSectionNamesA
EnumResourceLanguagesA
EnumResourceTypesA
GetCurrentProcessId
CreateEventA
HeapSize
WaitForSingleObject
TlsAlloc
SetEvent
ResumeThread
CreateThread
GlobalFlags
LocalFileTimeToFileTime
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
GetCurrentThread
Sleep
VirtualFree
VirtualAlloc
GetVolumeInformationA
GetComputerNameA
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
CopyFileA
MultiByteToWideChar
SetFileAttributesA
CreateDirectoryA
DeleteFileA
lstrcatA
GetModuleFileNameA
GetCurrentDirectoryA
LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
FindClose
FindNextFileA
RemoveDirectoryA
GetFileAttributesA
FindFirstFileA
GlobalUnlock
GlobalLock
GetTickCount
CreateProcessA
lstrcpyA
GetLastError
GetTempPathA
GetLocalTime
FreeResource
SetThreadPriority
SetLastError
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
FormatMessageA
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FileTimeToLocalFileTime
lstrlenW
SystemTimeToFileTime
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileInformationByHandle
FileTimeToSystemTime
lstrcmpA
GetExitCodeThread
LocalSize
LocalReAlloc
GlobalSize
CompareStringW
ResetEvent
MulDiv
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceNamesA
GlobalMemoryStatus
HeapFree
IsBadReadPtr
VirtualProtect
GetProcessHeap
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
CancelIo
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
PostQueuedCompletionStatus
InitializeCriticalSection
WritePrivateProfileStringA
GetSystemDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryExA
FreeLibrary
MoveFileA
lstrcpynA
LocalAlloc
WideCharToMultiByte
GetVersion
GetModuleHandleA
lstrlenA
GlobalFree
LocalFree
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
GetCommandLineA
GetStartupInfoA
ExitProcess

user32

MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
ValidateRect
CharUpperA
LoadStringA
wvsprintfA
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
MapWindowPoints
PeekMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
DestroyMenu
GetWindowDC
RegisterWindowMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
SendMessageTimeoutA
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
SetRectEmpty
WinHelpA
GetClassInfoA
RegisterClassA
IsZoomed
IsRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
GetClassNameA
GetDialogBaseUnits
CopyAcceleratorTableA
GetNextDlgGroupItem
GetMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
SendMessageA
EnableWindow
UpdateWindow
InvalidateRect
SetRect
wsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
GetDCEx
RegisterClipboardFormatA
OpenClipboard
IsWindowVisible
RedrawWindow
PostMessageA
MessageBoxA
DestroyIcon
LoadImageA
GetCursorPos
GetMenuItemCount
GetSubMenu
LoadMenuA
LockWindowUpdate
GetDesktopWindow
GetClientRect
SetTimer
GetSysColor
LoadBitmapA
GetDC
ReleaseDC
SetParent
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
SetCursor
ReleaseCapture
InvertRect
PostThreadMessageA
GetCapture
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetWindowTextLengthA
GetWindowTextA
InsertMenuA
GetMenuStringA
CreateMenu
PtInRect
DeleteMenu
SetWindowRgn
GetSysColorBrush
RegisterClassExA
EndPaint
BeginPaint
IntersectRect
GetIconInfo
ShowScrollBar
CheckMenuRadioItem
GetMenuState
AppendMenuA
GetScrollBarInfo
DrawIconEx
GetKeyState
SetWindowPos
GetDlgCtrlID
CharNextA
CheckMenuItem
EnableMenuItem
ClientToScreen
ScreenToClient
SetCapture
GetWindow
GetParent
UnregisterClassA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
ExcludeUpdateRgn
DefDlgProcA
GetTabbedTextExtentA
GetClipboardFormatNameA
GetAsyncKeyState
GetDoubleClickTime
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetCursorPos
UnionRect
GetWindowRgn
IsMenu
GetMenuDefaultItem
GetMenuStringW
LookupIconIdFromDirectoryEx
CopyIcon
CreateIconIndirect
GetCursor
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
SetClassLongA
DestroyCursor
SetWindowLongA
CopyRect
FillRect
SendDlgItemMessageA
KillTimer
GetFocus
SetMenu
WaitForInputIdle
GetWindowLongA
GetWindowThreadProcessId
IsIconic
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
GetMenuItemInfoA
HideCaret
ShowCaret
IsClipboardFormatAvailable
DrawFocusRect
DrawFrameControl
CreatePopupMenu
DrawAnimatedRects
EnumChildWindows
SetMenuDefaultItem
DrawEdge
WaitMessage
MapVirtualKeyA
DrawStateA
WindowFromPoint
GetWindowRect
CreateIconFromResource
CreateIconFromResourceEx
LookupIconIdFromDirectory
GetClipboardData
GetSystemMetrics
MessageBeep
InflateRect
OffsetRect
GetSystemMenu
ShowWindow
FindWindowA
EnumWindows
SystemParametersInfoA
ClipCursor
DrawIcon

gdi32

SetPolyFillMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
SetTextAlign
GetCurrentPositionEx
PolyBezierTo
GetClipRgn
ExtSelectClipRgn
GetViewportExtEx
GetWindowExtEx
GetCharWidthA
GetTextMetricsA
CopyMetaFileA
GetTextColor
RestoreDC
SaveDC
CreateSolidBrush
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateFontA
GetPixel
GetTextExtentPoint32A
SetPixelV
DeleteObject
GdiFlush
DeleteDC
StretchBlt
SetStretchBltMode
SetDIBColorTable
SelectObject
CreateDIBSection
GetStockObject
GetPaletteEntries
CreateHalftonePalette
GetBkColor
GetMapMode
DPtoLP
LPtoDP
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
BeginPath
EndPath
StrokeAndFillPath
GetDeviceCaps
StretchDIBits
SetTextColor
Polygon
GetTextAlign
SetPixel
GetCurrentObject
GetWindowOrgEx
GetBitmapBits
ExtCreateRegion
EnumFontFamiliesExA
GetDIBits
PtInRegion
Polyline
GetViewportOrgEx
ExtFloodFill
Ellipse
SetBrushOrgEx
GetRgnBox
CreatePolygonRgn
RoundRect
StrokePath
FillPath
CloseFigure
GetTextExtentPoint32W
ExtTextOutW
GetTextExtentPointA
CreateDIBitmap
SetBkColor
PatBlt
CreatePatternBrush
GetObjectA
CombineRgn
CreateRectRgn
CreateFontIndirectA
SetBkMode
GetClipBox
CreateBitmap
CreateRectRgnIndirect
SetRectRgn
LineTo

comdlg32

GetFileTitleA
GetSaveFileNameA
ChooseColorA
GetOpenFileNameA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
SetFileSecurityA
GetFileSecurityA
RegSetValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
RegQueryValueA

shell32

Shell_NotifyIconA
SHGetSpecialFolderLocation
DragQueryFileA
DragFinish
SHAppBarMessage
ExtractIconA
SHGetFileInfoA
ShellExecuteA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

comctl32

ImageList_LoadImageA
ImageList_Destroy
ord17
ImageList_SetBkColor
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Create
_TrackMouseEvent
ImageList_GetIcon
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Add
ImageList_GetImageInfo
ImageList_Draw
ImageList_Remove

oledlg

ord1
ord8

ole32

CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleRun
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
ReleaseStgMedium
CoRevokeClassObject
OleFlushClipboard
CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoUninitialize
OleIsCurrentClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard

olepro32

ord253
ord251

oleaut32

SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarDateFromStr
VarBstrFromDate
SafeArrayGetLBound
SysFreeString
SysAllocStringLen
VariantTimeToSystemTime
SysStringLen
LoadTypeLi
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
OleLoadPicturePath
VariantChangeTypeEx

urlmon

URLDownloadToFileA

ws2_32

inet_ntoa
inet_addr
__WSAFDIsSet
recv
send
shutdown
getsockname
ntohs
WSACloseEvent
WSASend
WSARecv
accept
setsockopt
WSAIoctl
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSASocketA
WSAGetLastError
WSACreateEvent
WSAEventSelect
bind
listen
WSAStartup
socket
WSACleanup
ioctlsocket
htons
connect
select
gethostname
gethostbyname
closesocket
getpeername

pdh

PdhGetFormattedCounterValue
PdhCloseQuery
PdhAddCounterA
PdhOpenQueryA
PdhCollectQueryData

avifil32

AVIStreamWrite
AVIFileOpenA
AVIFileCreateStreamA
AVIFileExit
AVIFileInit
AVIStreamRelease
AVIFileRelease
AVIStreamSetFormat

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibClose

winmm

PlaySoundA
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutUnprepareHeader
waveOutClose
waveOutReset

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetReadFile
InternetGetConnectedState
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA

imm32

ImmAssociateContext

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a59b1a0e13f36f85382c54c5c96576d

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

ws2_32

pdh

avifil32

msvfw32

winmm

wininet

imm32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 108KB - Virtual size: 107KB

.rdata Size: 440KB - Virtual size: 439KB

.data Size: 276KB - Virtual size: 731KB

.rsrc Size: 5.4MB - Virtual size: 5.4MB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 108KB - Virtual size: 107KB

.rdata
Size: 440KB - Virtual size: 439KB

.data
Size: 276KB - Virtual size: 731KB

.rsrc
Size: 5.4MB - Virtual size: 5.4MB