8639825230d5504fd8126ed55b2d7aeb72944ffe17e762801aab8d4f8f880160

Sharing

Copy URL

Twitter E-mail

General

Target

8639825230d5504fd8126ed55b2d7aeb72944ffe17e762801aab8d4f8f880160
Size

296KB
MD5

258ed03a6e4d9012f8102c635a5e3dcd
SHA1

a3bc2a30318f9bd2b51cb57e2022996e7f15c69e
SHA256

8639825230d5504fd8126ed55b2d7aeb72944ffe17e762801aab8d4f8f880160
SHA512

967414274cb8d8fdf0e4dd446332b37060d54a726ab77f4ec704a5afe12162e098183add4342d1710db1e1c3b74035a001cf4c2d7790a27bf6d8381c34a96889
SSDEEP

3072:Kv4ZAWXDSxcoWn+v75ssiEcx7fWr5JNfb23y2O1Nm5dc:B1X7vwVspdOJND01

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
sample	cryptone

Files

8639825230d5504fd8126ed55b2d7aeb72944ffe17e762801aab8d4f8f880160
.exe windows:1 windows x86 arch:x86

bd929e3c80fcb583a4f0c6130deb2c49

Code Sign

17:16:bb:93:fb:a9:a2:41:ba:a8:2e:c7:5e:ff:0c
Certificate

Issuer

CN=EWBTCAXQKUMDTHCXCZ

Not Before

07-03-2020 07:19

Not After

31-12-2039 23:59

Subject

CN=EWBTCAXQKUMDTHCXCZ

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e8:5c:d2:a6:c2:c7:26:15:c4:86:90:7f:ac:d9:2d:79:4c:63:6d:10
Signer

Actual PE Digest

e8:5c:d2:a6:c2:c7:26:15:c4:86:90:7f:ac:d9:2d:79:4c:63:6d:10

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
CreateThread
LocalFree
CloseHandle
CreateEventW
SetEvent
CreateProcessW
GetVersionExA
GetVersionExW
GetLastError
SetLastError
GetModuleFileNameW
lstrcmpiW
FormatMessageW
GetCommandLineW
CreateFileW
FlushFileBuffers
GetStringTypeW
GetSystemTimeAsFileTime
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
IsProcessorFeaturePresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RtlUnwind
Sleep
HeapSize
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
HeapReAlloc
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
SetErrorMode
VirtualAlloc

user32

MessageBoxA
SetClassLongW
EnumDisplayMonitors
GetClipCursor
GetProcessWindowStation
GetWindowInfo
LoadMenuA
ShowScrollBar
InvalidateRect
MonitorFromPoint
AdjustWindowRectEx
InflateRect
GetUserObjectSecurity
PostThreadMessageW
GetMenuContextHelpId
CreateIconFromResourceEx
GetTopWindow
SetWindowRgn
CreateIcon
UnpackDDElParam
EnumWindowStationsA
SendInput
TrackPopupMenu
MsgWaitForMultipleObjects
LoadIconA
GetOpenClipboardWindow
IsMenu
GetMessagePos
CharNextA

gdi32

UnrealizeObject
TranslateCharsetInfo
SetTextAlign
GetCharWidthInfo
RoundRect
CopyEnhMetaFileA
EngGetCurrentCodePage
SetDIBitsToDevice
EngReleaseSemaphore
GetDIBits
GetBrushOrgEx
ExtCreateRegion
GetPixelFormat
XLATEOBJ_hGetColorTransform
GetEnhMetaFileA
CreateDiscardableBitmap
CreateBitmap
TextOutW
GetViewportOrgEx
SetColorSpace
GetHFONT
CreateRoundRectRgn
PolyPatBlt
FONTOBJ_pQueryGlyphAttrs
EngBitBlt
EnumICMProfilesW
CreateRectRgnIndirect
OffsetRgn
StrokeAndFillPath
SetBitmapBits
GetRandomRgn
CreateColorSpaceW
GetStockObject
AddFontResourceW
GetLayout
RealizePalette

comdlg32

PrintDlgW

advapi32

RegQueryValueExW
SetSecurityDescriptorDacl
StartServiceW
ControlService
RegOpenKeyExW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
DeleteService
CreateServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCloseKey
RegOpenKeyA
RegQueryValueExA

shell32

ShellExecuteExW
SHGetSpecialFolderLocation
DuplicateIcon
ExtractIconExW
DragFinish
SHGetSettings
Shell_NotifyIconW
ShellExecuteEx
SHGetDesktopFolder
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHGetInstanceExplorer
ShellExecuteW
ExtractIconW
SHGetDataFromIDListA

ole32

OleUninitialize
CoCreateInstance
CoUninitialize
CoInitialize

shlwapi

StrCmpNIA
StrCmpNA

comctl32

ImageList_Destroy
InitializeFlatSB

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd929e3c80fcb583a4f0c6130deb2c49

Code Sign

17:16:bb:93:fb:a9:a2:41:ba:a8:2e:c7:5e:ff:0cCertificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

e8:5c:d2:a6:c2:c7:26:15:c4:86:90:7f:ac:d9:2d:79:4c:63:6d:10Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 78KB - Virtual size: 78KB

.data Size: 209KB - Virtual size: 209KB

.rsrc Size: 2KB - Virtual size: 2KB

17:16:bb:93:fb:a9:a2:41:ba:a8:2e:c7:5e:ff:0c
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

e8:5c:d2:a6:c2:c7:26:15:c4:86:90:7f:ac:d9:2d:79:4c:63:6d:10
Signer

.text
Size: 78KB - Virtual size: 78KB

.data
Size: 209KB - Virtual size: 209KB

.rsrc
Size: 2KB - Virtual size: 2KB