ed08896d4a817db3e5a8762523009f60N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ed08896d4a817db3e5a8762523009f60N.exe
Size

5.7MB
MD5

ed08896d4a817db3e5a8762523009f60
SHA1

8533d8147b9b977f896b6d00cd8d40d3da47286c
SHA256

e26f731e7ed78d2e5895df2165608f4457e2cfe9d81c3a5016d05dfde906cbd5
SHA512

a1622abcbc08193b29400e4ec2540b78fc526862f8cbb14d8367cfa9c410febae9453f1d685d9921b0c79080a4e840297836b5d218d3f7993e41c5cd6735a68f
SSDEEP

6144:24thSUHz9HRg1c5Fm0Dq7VTu0Cdvm2MU3Iv7HCuqBl9scWBJy:1h3Hz9HeWFJDmV61AXuu6D

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

ed08896d4a817db3e5a8762523009f60N.exe
.exe windows:5 windows x86 arch:x86

9a78c76417431884c38d6c29ae212b7b

Code Sign

5f:4d:ba:10:45:94:57:60:b4:ba:a9:f0:b2:de:e7:84
Certificate

Issuer

CN=IACUFWWMAYLTPQZAUK

Not Before

03-09-2020 15:38

Not After

31-12-2039 23:59

Subject

CN=IACUFWWMAYLTPQZAUK

Extended Key Usages

ExtKeyUsageCodeSigning

11:21:ac:cf:d3:43:71:c2:75:0d:99:cb:c4:a7:af:1e:ba:f2:dc:36
Signer

Actual PE Digest

11:21:ac:cf:d3:43:71:c2:75:0d:99:cb:c4:a7:af:1e:ba:f2:dc:36

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
Sleep
GetModuleHandleW
VirtualAllocEx
CloseHandle
TerminateProcess
OpenProcess
GetTempPathA
LoadLibraryW
GetLastError
SetLastError
MapViewOfFile
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
GetCurrentThreadId
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedExchange
GetVersion
AreFileApisANSI
GetSystemTime
LocalFree
GetCurrentProcessId
DeleteFileW
GetVersionExA
OutputDebugStringA
DeleteCriticalSection
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
EnterCriticalSection
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
ReadFile
HeapValidate
HeapCreate
LeaveCriticalSection
HeapDestroy
FormatMessageW
WideCharToMultiByte
InitializeCriticalSection
WriteFile
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
InterlockedCompareExchange
WaitForSingleObject
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
GetModuleFileNameW
SetFilePointer
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
GetTickCount
GetSystemDirectoryA
GetFileAttributesW
GetFileAttributesA
MoveFileExA
DeleteFileA
FreeLibrary
GetCommandLineW

user32

LoadIconA
LoadCursorA

gdi32

GetEnhMetaFileBits
GetStockObject

advapi32

RegOpenKeyA
RegQueryValueExA
GetUserNameA

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a78c76417431884c38d6c29ae212b7b

Code Sign

5f:4d:ba:10:45:94:57:60:b4:ba:a9:f0:b2:de:e7:84Certificate

Extended Key Usages

11:21:ac:cf:d3:43:71:c2:75:0d:99:cb:c4:a7:af:1e:ba:f2:dc:36Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 512B - Virtual size: 306B

.data Size: 5.6MB - Virtual size: 5.6MB

.rsrc Size: 25KB - Virtual size: 24KB

5f:4d:ba:10:45:94:57:60:b4:ba:a9:f0:b2:de:e7:84
Certificate

11:21:ac:cf:d3:43:71:c2:75:0d:99:cb:c4:a7:af:1e:ba:f2:dc:36
Signer

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 512B - Virtual size: 306B

.data
Size: 5.6MB - Virtual size: 5.6MB

.rsrc
Size: 25KB - Virtual size: 24KB