5d8574097e8b51fc753926a2bc664a80N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5d8574097e8b51fc753926a2bc664a80N.exe
Size

5.7MB
MD5

5d8574097e8b51fc753926a2bc664a80
SHA1

291f81cf6f058202a7d7ef58ca4a2d28b6b9c547
SHA256

6b8c4f94cfb09ebe365c1db4ba45404039d860d0bbe61395eef6dd5929ca4f30
SHA512

a640efb8fd171c769fdd0396dbba307c443550481db8b79076fa5996a8b65ce4cba2441136b3ed3a7be2e000b696fa9e677701f5de674412226f67c1869e1e4b
SSDEEP

6144:K4thSUHz9HRg1c5Fm0Dq7VTu0Cdvm2MU3Iv7HCuqBl9scWBJy:hh3Hz9HeWFJDmV61AXuu6D

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

5d8574097e8b51fc753926a2bc664a80N.exe
.exe windows:5 windows x86 arch:x86

9a78c76417431884c38d6c29ae212b7b

Code Sign

5f:4d:ba:10:45:94:57:60:b4:ba:a9:f0:b2:de:e7:84
Certificate

Issuer

CN=IACUFWWMAYLTPQZAUK

Not Before

03-09-2020 15:38

Not After

31-12-2039 23:59

Subject

CN=IACUFWWMAYLTPQZAUK

Extended Key Usages

ExtKeyUsageCodeSigning

01:b8:60:a0:e3:ce:73:1c:c5:5b:bc:75:af:b7:a0:b6:19:0f:29:fd
Signer

Actual PE Digest

01:b8:60:a0:e3:ce:73:1c:c5:5b:bc:75:af:b7:a0:b6:19:0f:29:fd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
Sleep
GetModuleHandleW
VirtualAllocEx
CloseHandle
TerminateProcess
OpenProcess
GetTempPathA
LoadLibraryW
GetLastError
SetLastError
MapViewOfFile
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
GetCurrentThreadId
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedExchange
GetVersion
AreFileApisANSI
GetSystemTime
LocalFree
GetCurrentProcessId
DeleteFileW
GetVersionExA
OutputDebugStringA
DeleteCriticalSection
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
EnterCriticalSection
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
ReadFile
HeapValidate
HeapCreate
LeaveCriticalSection
HeapDestroy
FormatMessageW
WideCharToMultiByte
InitializeCriticalSection
WriteFile
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
InterlockedCompareExchange
WaitForSingleObject
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
GetModuleFileNameW
SetFilePointer
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
GetTickCount
GetSystemDirectoryA
GetFileAttributesW
GetFileAttributesA
MoveFileExA
DeleteFileA
FreeLibrary
GetCommandLineW

user32

LoadIconA
LoadCursorA

gdi32

GetEnhMetaFileBits
GetStockObject

advapi32

RegOpenKeyA
RegQueryValueExA
GetUserNameA

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a78c76417431884c38d6c29ae212b7b

Code Sign

5f:4d:ba:10:45:94:57:60:b4:ba:a9:f0:b2:de:e7:84Certificate

Extended Key Usages

01:b8:60:a0:e3:ce:73:1c:c5:5b:bc:75:af:b7:a0:b6:19:0f:29:fdSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 512B - Virtual size: 306B

.data Size: 5.6MB - Virtual size: 5.6MB

.rsrc Size: 25KB - Virtual size: 24KB

5f:4d:ba:10:45:94:57:60:b4:ba:a9:f0:b2:de:e7:84
Certificate

01:b8:60:a0:e3:ce:73:1c:c5:5b:bc:75:af:b7:a0:b6:19:0f:29:fd
Signer

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 512B - Virtual size: 306B

.data
Size: 5.6MB - Virtual size: 5.6MB

.rsrc
Size: 25KB - Virtual size: 24KB