eab7f46556f6e35d0e713ce8d8c3efe101236863848203cd25b0c325a769ac51

Sharing

Copy URL Twitter E-mail

General

Target

eab7f46556f6e35d0e713ce8d8c3efe101236863848203cd25b0c325a769ac51
Size

5.7MB
MD5

622736ca6b378518d436d7e56472fe9f
SHA1

03ebdc54e247b440bb96c35998304e117127b60b
SHA256

eab7f46556f6e35d0e713ce8d8c3efe101236863848203cd25b0c325a769ac51
SHA512

4daeae536588bfee6ff2de4690bbea697541bf913cd6f4ea08481969201e6c7afc0161b87923b1b8c37dfe9c4f297d0711b05a0c6ea19d098232db714706cd98
SSDEEP

6144:Y4thSUHz9HRg1c5Fm0Dq7VTu0Cdvm2MU3Iv7HCuqBl9scWBJy:fh3Hz9HeWFJDmV61AXuu6D

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

eab7f46556f6e35d0e713ce8d8c3efe101236863848203cd25b0c325a769ac51
.exe windows:5 windows x86 arch:x86

9a78c76417431884c38d6c29ae212b7b

Code Sign

5f:4d:ba:10:45:94:57:60:b4:ba:a9:f0:b2:de:e7:84
Certificate

Issuer

CN=IACUFWWMAYLTPQZAUK

Not Before

03/09/2020, 15:38

Not After

31/12/2039, 23:59

Subject

CN=IACUFWWMAYLTPQZAUK

Extended Key Usages

ExtKeyUsageCodeSigning

75:98:a2:9c:fb:77:80:fb:8d:29:44:13:91:0c:39:6a:f7:aa:88:29
Signer

Actual PE Digest

75:98:a2:9c:fb:77:80:fb:8d:29:44:13:91:0c:39:6a:f7:aa:88:29

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
Sleep
GetModuleHandleW
VirtualAllocEx
CloseHandle
TerminateProcess
OpenProcess
GetTempPathA
LoadLibraryW
GetLastError
SetLastError
MapViewOfFile
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
GetCurrentThreadId
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedExchange
GetVersion
AreFileApisANSI
GetSystemTime
LocalFree
GetCurrentProcessId
DeleteFileW
GetVersionExA
OutputDebugStringA
DeleteCriticalSection
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
EnterCriticalSection
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
ReadFile
HeapValidate
HeapCreate
LeaveCriticalSection
HeapDestroy
FormatMessageW
WideCharToMultiByte
InitializeCriticalSection
WriteFile
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
InterlockedCompareExchange
WaitForSingleObject
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
GetModuleFileNameW
SetFilePointer
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
GetTickCount
GetSystemDirectoryA
GetFileAttributesW
GetFileAttributesA
MoveFileExA
DeleteFileA
FreeLibrary
GetCommandLineW

user32

LoadIconA
LoadCursorA

gdi32

GetEnhMetaFileBits
GetStockObject

advapi32

RegOpenKeyA
RegQueryValueExA
GetUserNameA

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a78c76417431884c38d6c29ae212b7b

Code Sign

5f:4d:ba:10:45:94:57:60:b4:ba:a9:f0:b2:de:e7:84Certificate

Extended Key Usages

75:98:a2:9c:fb:77:80:fb:8d:29:44:13:91:0c:39:6a:f7:aa:88:29Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 512B - Virtual size: 306B

.data Size: 5.6MB - Virtual size: 5.6MB

.rsrc Size: 25KB - Virtual size: 24KB

5f:4d:ba:10:45:94:57:60:b4:ba:a9:f0:b2:de:e7:84
Certificate

75:98:a2:9c:fb:77:80:fb:8d:29:44:13:91:0c:39:6a:f7:aa:88:29
Signer

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 512B - Virtual size: 306B

.data
Size: 5.6MB - Virtual size: 5.6MB

.rsrc
Size: 25KB - Virtual size: 24KB