877276b8876f2386a46dcd6d09c10ab0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

877276b8876f2386a46dcd6d09c10ab0N.exe
Size

521KB
MD5

877276b8876f2386a46dcd6d09c10ab0
SHA1

c40cc713a7445351e820d7f6664b402739e61abe
SHA256

aea9938957ddd82fc07e5b9db96446b76ed7e89f0be75c9f3bc328731bc21e74
SHA512

df00c0ec4da21bf31edc6b0a94659cddc39eaa503b822eb38d05fb7abff6c717e0592524b5397847ab305479058aaccff6b2559fe15eb573f81b57a26e8ecec3
SSDEEP

6144:53iGEtpvg9pe3oUADfamC9EGqswger75gYK9KRCv/qn8Th:53mgLbtvswgK75b0o6Snc

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
877276b8876f2386a46dcd6d09c10ab0N.exe

Files

877276b8876f2386a46dcd6d09c10ab0N.exe
.exe windows:4 windows x86 arch:x86

01682bb6d240194c52f6db15fba30f95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

Sleep
GetLastError
LoadLibraryA
GetProcAddress
GetModuleHandleW
DeleteFileW
DeleteFileA
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
GlobalAlloc
GetVersionExW
GetFullPathNameA
GetFullPathNameW
GetModuleFileNameW
FindResourceW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoW
GetNumberFormatW
SetFileAttributesW
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
WaitForSingleObject
GetTempPathW
MoveFileExW
UnmapViewOfFile
GetCommandLineW
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
SetEnvironmentVariableW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
GetCPInfo
SetCurrentDirectoryW
LoadLibraryW
FreeLibrary
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
GetStdHandle
ReadFile
GetCurrentDirectoryW
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileW
SetFileTime
GetCurrentProcess
CloseHandle
SetLastError
DosDateTimeToFileTime
ConnectNamedPipe
CreateEventA
DuplicateHandle
CopyFileExW
VerSetConditionMask
CompareFileTime
IsValidLanguageGroup
GetSystemTimeAdjustment
GetNamedPipeHandleStateW
EndUpdateResourceA
GetOverlappedResult
GetPrivateProfileSectionA
OpenSemaphoreA
OpenEventA
GetShortPathNameA
OutputDebugStringA
LoadLibraryExW
LocalAlloc
GlobalFree
GetCurrentThreadId
CreateProcessA
GetSystemDirectoryW
GetTimeZoneInformation
GetDiskFreeSpaceExW
GetUserDefaultLCID
IsValidLocale
GetStringTypeExW
IsValidCodePage
GetShortPathNameW
GetLongPathNameW
GetCurrentThread
GlobalMemoryStatus
ReleaseSemaphore
IsProcessorFeaturePresent
EnumUILanguagesW
EnumSystemLocalesW
GetCalendarInfoW
GetUserDefaultUILanguage
VirtualProtect
QueryPerformanceCounter
GetTempFileNameA
GetTempPathA
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
UnhandledExceptionFilter
IsDebuggerPresent
lstrcmpiW
GetThreadContext
GetThreadTimes
GetPriorityClass
HeapDestroy
HeapCreate
TerminateThread
GetThreadSelectorEntry
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
WaitForMultipleObjects
SetProcessWorkingSetSize
TerminateProcess
CreateThread
GetCurrentProcessId
SetUnhandledExceptionFilter
GetModuleHandleA
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
LocalFree
GetSystemWindowsDirectoryW
GetComputerNameA
SetPriorityClass
GetFileSize
CreateFileMappingA
SuspendThread
ExitThread
MulDiv
GetModuleFileNameA
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetUserDefaultLangID
GetACP
GetSystemDefaultLCID
SetEvent
CreateProcessW
GetSystemDirectoryA
SetThreadPriority
CreateRemoteThread
OpenProcess
LoadLibraryExA
SetEnvironmentVariableA
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
HeapSize
HeapValidate
VirtualAlloc
RaiseException
TlsSetValue
CreateSemaphoreA
FlushFileBuffers
ResumeThread
InitializeCriticalSectionAndSpinCount
TlsAlloc
VirtualFree
TlsGetValue
TlsFree
GetVersion
GetProcessTimes
CreateMutexA
OpenMutexA
GetThreadPriority

user32

CreatePopupMenu
CloseClipboard
AnyPopup
CreateMenu
CountClipboardFormats
EndMenu
CharLowerA
GetWindowDC
GetWindowTextLengthW
IsCharLowerW
LoadCursorFromFileA
LoadCursorFromFileW
LoadIconW
wvsprintfW
ReleaseDC
GetDC
SendMessageW
SetDlgItemTextW
SetFocus
EndDialog
DestroyIcon
SendDlgItemMessageW
GetDlgItemTextW
GetClassNameW
DialogBoxParamW
IsWindowVisible
WaitForInputIdle
SetForegroundWindow
GetSysColor
PostMessageW
LoadBitmapW
CharToOemA
OemToCharA
FindWindowExW
wvsprintfA
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
SetWindowTextW
LoadCursorW
RegisterClassExW
SetWindowLongW
GetWindowLongW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
GetClientRect
IsWindow
CharToOemBuffW
MessageBoxW
ShowWindow
GetDlgItem
EnableWindow
OemToCharBuffA
CharUpperA
CharToOemBuffA
LoadStringW
SetWindowPos
GetWindowTextW
GetSystemMetrics
GetWindow
CharUpperW
GetWindowRect
CopyRect
DdeCreateStringHandleA
LoadMenuIndirectW
GetWindowTextA
DrawIconEx
WINNLSGetIMEHotkey
GetMessageA
AdjustWindowRectEx
GetActiveWindow
GetMenuCheckMarkDimensions
wsprintfW
SendNotifyMessageW
GetClassInfoExW
CopyAcceleratorTableA
GetClassLongA
GetMonitorInfoA
DdeSetQualityOfService
EnumDisplaySettingsExW
GetClipboardViewer
InternalGetWindowText
DdeCmpStringHandles
CreateDialogIndirectParamA
CheckMenuRadioItem
SendIMEMessageExW
GetDlgCtrlID
DrawTextA
DrawTextW
MapDialogRect
CallWindowProcA
MoveWindow
GetKeyboardLayout
LoadBitmapA
CallWindowProcW
SetRectEmpty
PostMessageA
SendMessageA
DefWindowProcA
SetTimer
KillTimer
PostQuitMessage
DispatchMessageA
IsDialogMessageA
CreateWindowExA
RegisterClassExA
DialogBoxParamA
SystemParametersInfoA
GetWindowLongA
LoadIconA
SetWindowLongA
FillRect
GetSysColorBrush
SetWindowTextA
CreateDialogParamW
EnumDisplayMonitors
LoadCursorA
SetCursor
DrawFocusRect
InvalidateRect
SendDlgItemMessageA
CheckDlgButton
LoadStringA
IsDlgButtonChecked
SetDlgItemTextA
GetScrollInfo
SetScrollInfo
GetFocus
FlashWindowEx
GetForegroundWindow
GetWindowPlacement
IsIconic
GetWindowThreadProcessId
EnumWindows
SendMessageTimeoutA
IsWindowUnicode
GetClassNameA

gdi32

GetBkColor
DeleteObject
GetTextColor
AbortPath
CreateMetaFileA
GetFontLanguageInfo
GetBkMode
CreateMetaFileW
CancelDC
GetEnhMetaFileA
GetGraphicsMode
GetLayout
RealizePalette
CreateCompatibleDC
GetObjectType
CreateHalftonePalette
CreatePatternBrush
GetStockObject
SaveDC
DeleteDC
GetSystemPaletteUse
GetDCPenColor
GetEnhMetaFileW
BeginPath
WidenPath
GetStretchBltMode
CloseMetaFile
EndPath
FillPath
GdiGetBatchLimit
PathToRegion
SwapBuffers
AddFontResourceW
FlattenPath
AddFontResourceA
GetPixelFormat
GetTextCharset
GdiFlush
AbortDoc
GetTextAlign
GetMapMode
EndPage
DeleteColorSpace
EndDoc
DeleteMetaFile
CreateSolidBrush
UpdateColors
UnrealizeObject
GetPolyFillMode
DeleteEnhMetaFile
GetTextCharacterExtra
CloseEnhMetaFile
CloseFigure
GetDCBrushColor
GetColorSpace
GetROP2
SetMetaRgn
StrokePath
GetDeviceCaps
GetObjectW
CreateCompatibleBitmap
SelectObject
StretchBlt
GetOutlineTextMetricsA
GdiGetSpoolMessage
PATHOBJ_bEnum
CreateFontIndirectW
FONTOBJ_cGetAllGlyphHandles
RemoveFontResourceW
NamedEscape
RemoveFontResourceTracking
SelectClipPath
CreateRectRgn
Ellipse
StretchDIBits
CreateBitmap
GetCharABCWidthsW
CreateFontA
EnumObjects
CreateICA
GdiEntry6
StartDocW
EngMarkBandingSurface
GetTransform
RestoreDC
GetTextFaceA
SetMapMode
GetTextExtentPoint32W
SetTextAlign
GetTextMetricsA
GetObjectA
ExtTextOutW
SetBkMode
SetTextColor
GetTextFaceW
CreateDCA
TranslateCharsetInfo
CreateFontIndirectA
SetBkColor
CreateBrushIndirect

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

advapi32

GetUserNameA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExW
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
SetFileSecurityA
AdjustTokenPrivileges
GetSecurityDescriptorDacl
RegQueryInfoKeyW
ReportEventW
RegisterEventSourceW
ReportEventA
DeregisterEventSource
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
SetNamedSecurityInfoW
ConvertSidToStringSidA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyExA
RegDeleteValueW
RegOpenKeyExA
RegSetValueExA
RegEnumKeyW
RegEnumValueW
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
AllocateAndInitializeSid
CopySid
OpenThreadToken
IsValidSid
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
GetTokenInformation

shell32

SHChangeNotify
ShellExecuteExW
SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
ExtractIconEx
SHLoadNonloadedIconOverlayIdentifiers
DoEnvironmentSubstW
ExtractIconExA
SHGetSpecialFolderPathW
ShellExecuteExA

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString
StringFromIID
CoTaskMemFree
CoUninitialize
CoInitializeEx

shlwapi

SHAutoComplete
StrCmpNIA
AssocQueryStringW
UrlGetPartA
wnsprintfA

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy

Sections

.text
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r2
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

01682bb6d240194c52f6db15fba30f95

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 425KB - Virtual size: 425KB

.data Size: 17KB - Virtual size: 17KB

r2 Size: 2KB - Virtual size: 2KB

.rsrc Size: 37KB - Virtual size: 37KB

.bss Size: 512B - Virtual size: 512B

.text
Size: 425KB - Virtual size: 425KB

.data
Size: 17KB - Virtual size: 17KB

r2
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 37KB - Virtual size: 37KB

.bss
Size: 512B - Virtual size: 512B