ea190c3dc8ebf2f4f434e5f61f0ff360N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ea190c3dc8ebf2f4f434e5f61f0ff360N.exe
Size

5.7MB
MD5

ea190c3dc8ebf2f4f434e5f61f0ff360
SHA1

4457dc0924ca3a18bc6745b9c88ecb63099b1675
SHA256

289e13556ae6e08276cd2bcff306a0bdb32d46f4d3932bd0d60545d2647bef5c
SHA512

4f70d7f23c30ead8dc30cdacf0d80a7837c91f9510f857cd328c3b08582842e3bbc78d2ee2308140398f6ba70dad809750c57eeba41134191f5135fcc2bbdce3
SSDEEP

6144:j4thSUHz9HRg1c5Fm0Dq7VTu0Cdvm2MU3Iv7HCuqBl9scWBJy:eh3Hz9HeWFJDmV61AXuu6D

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

ea190c3dc8ebf2f4f434e5f61f0ff360N.exe
.exe windows:5 windows x86 arch:x86

9a78c76417431884c38d6c29ae212b7b

Code Sign

5f:4d:ba:10:45:94:57:60:b4:ba:a9:f0:b2:de:e7:84
Certificate

Issuer

CN=IACUFWWMAYLTPQZAUK

Not Before

03-09-2020 15:38

Not After

31-12-2039 23:59

Subject

CN=IACUFWWMAYLTPQZAUK

Extended Key Usages

ExtKeyUsageCodeSigning

85:68:18:b1:13:85:fa:91:0e:57:63:da:28:ef:17:3d:22:63:3b:93
Signer

Actual PE Digest

85:68:18:b1:13:85:fa:91:0e:57:63:da:28:ef:17:3d:22:63:3b:93

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
Sleep
GetModuleHandleW
VirtualAllocEx
CloseHandle
TerminateProcess
OpenProcess
GetTempPathA
LoadLibraryW
GetLastError
SetLastError
MapViewOfFile
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
GetCurrentThreadId
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedExchange
GetVersion
AreFileApisANSI
GetSystemTime
LocalFree
GetCurrentProcessId
DeleteFileW
GetVersionExA
OutputDebugStringA
DeleteCriticalSection
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
EnterCriticalSection
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
ReadFile
HeapValidate
HeapCreate
LeaveCriticalSection
HeapDestroy
FormatMessageW
WideCharToMultiByte
InitializeCriticalSection
WriteFile
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
InterlockedCompareExchange
WaitForSingleObject
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
GetModuleFileNameW
SetFilePointer
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
GetTickCount
GetSystemDirectoryA
GetFileAttributesW
GetFileAttributesA
MoveFileExA
DeleteFileA
FreeLibrary
GetCommandLineW

user32

LoadIconA
LoadCursorA

gdi32

GetEnhMetaFileBits
GetStockObject

advapi32

RegOpenKeyA
RegQueryValueExA
GetUserNameA

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a78c76417431884c38d6c29ae212b7b

Code Sign

5f:4d:ba:10:45:94:57:60:b4:ba:a9:f0:b2:de:e7:84Certificate

Extended Key Usages

85:68:18:b1:13:85:fa:91:0e:57:63:da:28:ef:17:3d:22:63:3b:93Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 512B - Virtual size: 306B

.data Size: 5.6MB - Virtual size: 5.6MB

.rsrc Size: 25KB - Virtual size: 24KB

5f:4d:ba:10:45:94:57:60:b4:ba:a9:f0:b2:de:e7:84
Certificate

85:68:18:b1:13:85:fa:91:0e:57:63:da:28:ef:17:3d:22:63:3b:93
Signer

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 512B - Virtual size: 306B

.data
Size: 5.6MB - Virtual size: 5.6MB

.rsrc
Size: 25KB - Virtual size: 24KB