t6yswb[.]pdf[.]pellet

Sharing

Copy URL

Twitter E-mail

General

Target

t6yswb.pdf.pellet
Size

590KB
MD5

770df303f86ac191c177035c214589ee
SHA1

6cb4229559c3bcc16d33a92f81fef25b1840d750
SHA256

ffcd3f21e103ef18413700ee91a9737900ea88fcae1607cffbf4d7f587039504
SHA512

e23ccdc09dd516cad89f8a2c0f11fa23e64e1b1fcff63f4e56338d24b35ab33a972e99898b80c6ade51382443a3993c9254ebd349167380a0fc2e97687c4bcd9
SSDEEP

6144:lIStqP+19P2yLnafTR93YBgobwN+5AxtyTCjzVm8NsCupaJ0p/:lIS0Gne883YdbY+5QyTE1kpa+V

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
t6yswb.pdf.pellet

Files

t6yswb.pdf.pellet
.dll windows:4 windows x86 arch:x86

50fc1dbe182dc348bd53c6341e25d3c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetModuleHandleW
GetLastError
SetEndOfFile
HeapSize
GetTimeZoneInformation
CreateFileW
GetProcessHeap
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
IsValidCodePage
FindFirstFileExA
SetFilePointerEx
ReadConsoleW
HeapReAlloc
GetConsoleMode
GetConsoleCP
FlushFileBuffers
DecodePointer
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
WaitForSingleObjectEx
OutputDebugStringW
HeapAlloc
HeapFree
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentDirectoryA
SetCurrentDirectoryA
GetACP
GetLocalTime
DeleteFileA
GetEnvironmentVariableA
CreateMutexA
ReleaseMutex
SetCommTimeouts
SetCommState
SetCommBreak
GetCommState
ClearCommBreak
OpenProcess
CreatePipe
SetHandleInformation
LocalAlloc
GetCurrentThreadId
CreateNamedPipeA
ConnectNamedPipe
WaitNamedPipeA
LocalFree
CreateFileA
GlobalMemoryStatus
GetWindowsDirectoryA
RaiseException
GetSystemTimeAdjustment
GetSystemTime
GetThreadTimes
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetProcessTimes
QueryPerformanceCounter
FindNextFileA
FindFirstFileA
FindClose
FormatMessageA
GetSystemDirectoryA
CreateEventA
WaitForSingleObject
SetEvent
GetOverlappedResult
WriteFile
ReadFile
LoadLibraryA
FreeLibrary
IsDBCSLeadByteEx
GetLocaleInfoA
GetCPInfo
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
CreateFileMappingA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleA
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
GetTickCount
GetProcAddress
MulDiv
Beep
CloseHandle
CreateThread
CreateProcessA
GetVersionExA
EscapeCommFunction
GetConsoleFontSize
RemoveDirectoryA
GlobalUnfix
EndUpdateResourceW
VirtualUnlock
GetConsoleAliasesA
Module32NextW
ResetEvent
VirtualProtectEx
AssignProcessToJobObject
IsBadStringPtrW
GetConsoleDisplayMode
GetWriteWatch
EnumDateFormatsExA
SetThreadExecutionState
WriteConsoleA
GetPrivateProfileStringA
AddConsoleAliasW
GetPrivateProfileSectionW
GetCommProperties
ConvertDefaultLocale
GetConsoleAliasExesA
GetNumberFormatA
GetVolumeInformationW
LoadModule
SetCalendarInfoA
LoadLibraryW
Thread32Next
WritePrivateProfileStringA
GetVolumePathNameA
Toolhelp32ReadProcessMemory
Process32NextW
Heap32ListFirst
lstrcatW

user32

GetWindowTextLengthA
GetMenuCheckMarkDimensions
GetForegroundWindow
CreateMenu
IsCharAlphaNumericW
GetLastActivePopup
IsIconic
CloseClipboard
CharLowerW
DestroyCursor
GetKeyboardLayout
IsWindowVisible
VkKeyScanA
CreatePopupMenu
GetSysColor
CharUpperW
GetKeyState
GetFocus
ReleaseCapture
GetDesktopWindow
InSendMessage
IsGUIThread
WindowFromDC
IsCharUpperW
DestroyMenu
GetTopWindow
DestroyIcon
GetMessageTime
LoadCursorFromFileW
LoadCursorA
PeekMessageA
DefWindowProcA
RegisterClassA
CreateWindowExA
DestroyWindow
ShowWindow
SetWindowPos
BeginPaint
EndPaint
MessageBoxIndirectA
FindWindowA
GetQueueStatus
GetClipboardOwner
WinHelpA
GetScrollInfo
SetScrollInfo
SetClassLongA
ScreenToClient
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
GetCursorPos
SetCursor
ShowCursor
SetForegroundWindow
UpdateWindow
TrackPopupMenu
DeleteMenu
AppendMenuA
EnableMenuItem
CheckMenuItem
GetSystemMenu
GetSystemMetrics
KillTimer
SetTimer
MsgWaitForMultipleObjects
ToAsciiEx
SetKeyboardState
GetKeyboardState
EmptyClipboard
RegisterClipboardFormatA
GetClipboardData
SetClipboardData
OpenClipboard
IsZoomed
FlashWindow
IsWindow
CreateWindowExW
RegisterClassW
GetDoubleClickTime
DefWindowProcW
PostMessageA
PeekMessageW
InsertMenuA
DispatchMessageW
TranslateMessage
IsDialogMessageA
LoadIconA
GetParent
GetWindowLongA
SetActiveWindow
EnableWindow
GetCapture
DefDlgProcA
EndDialog
DialogBoxParamA
CreateDialogParamA
SetWindowPlacement
GetWindowPlacement
MoveWindow
PostQuitMessage
DispatchMessageA
GetMessageA
MapDialogRect
SetWindowLongA
MessageBeep
MessageBoxA
ReleaseDC
GetDC
SetCapture
SetFocus
SendDlgItemMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
SendMessageA
DrawEdge
RegisterWindowMessageA
GetCaretBlinkTime
SystemParametersInfoA
GetWindowRect
GetClientRect
GetWindowTextA
SetWindowTextA
InvalidateRect
MapVirtualKeyExW
CallMsgFilterW
LockWindowUpdate
GrayStringW
ExitWindowsEx
SetWindowWord
UnhookWindowsHook
wvsprintfW
LoadKeyboardLayoutW
SwitchToThisWindow
DestroyAcceleratorTable
SetDebugErrorLevel
RealGetWindowClassW

gdi32

CloseMetaFile
EndDoc
AbortDoc
CloseEnhMetaFile
CloseFigure
GetMapMode
CancelDC
AbortPath
GetColorSpace
UpdateColors
CreateSolidBrush
CreateMetaFileA
GetTextCharset
GetEnhMetaFileBits
GetStockObject
CreateFontIndirectA
DeleteDC
DeleteObject
GetTextExtentPoint32A
CreateCompatibleDC
SelectObject
SetBkColor
SetTextColor
TextOutA
CreateFontA
GetDeviceCaps
GetTextExtentExPointA
SetMapMode
GetTextMetricsA
Rectangle
CreateCompatibleBitmap
CreatePalette
CreatePen
ExcludeClipRect
GetBkMode
GetCharWidthA
GetCharWidthW
GetCharWidth32A
GetCharWidth32W
GetCharABCWidthsFloatA
GetPixel
TranslateCharsetInfo
GetCharacterPlacementW
IntersectClipRect
LineTo
RealizePalette
SelectPalette
SetBkMode
SetPaletteEntries
SetPixel
SetTextAlign
GetObjectA
MoveToEx
CreateBitmap
ExtTextOutW
Polyline
UnrealizeObject
ExtTextOutA
PATHOBJ_vGetBounds
GetPaletteEntries
LineDDA
GdiProcessSetup
CreateRectRgn
GdiPlayJournal
DPtoLP
GetPolyFillMode
FillRgn
GdiPlayScript
BRUSHOBJ_pvGetRbrush
GetEnhMetaFileDescriptionW
CreateColorSpaceA
WidenPath
CreateBrushIndirect
GetMetaRgn
EngLineTo
StartDocW
RectVisible
ResetDCA
GdiTransparentBlt
GdiCleanCacheDC
GetObjectW
GdiReleaseLocalDC
GdiResetDCEMF
SetAbortProc
RemoveFontResourceA
GetRasterizerCaps

comdlg32

ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
GetUserNameA
EqualSid
AllocateAndInitializeSid
CopySid
GetLengthSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegSetValueExA
SystemFunction036
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW

shell32

ShellExecuteA
SHGetFileInfoW
DragQueryFileAorW
SHFreeNameMappings
SHGetDataFromIDListA
SHCreateProcessAsUserW
SHGetSpecialFolderPathA
SHGetDiskFreeSpaceExW
DoEnvironmentSubstA
DragAcceptFiles
ExtractAssociatedIconExW
DragQueryFileW
SHGetFileInfoA
SHPathPrepareForWriteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
StringFromGUID2
CLSIDFromString

shlwapi

StrRChrIA
StrStrA
StrCmpNA
StrRChrIW
StrRStrIA

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmGetContext
ImmSetCompositionWindow
ImmSetCompositionFontA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 225B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata8
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50fc1dbe182dc348bd53c6341e25d3c8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

imm32

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 512B - Virtual size: 225B

.data Size: 22KB - Virtual size: 22KB

.rdata8 Size: 495KB - Virtual size: 495KB

.rsrc Size: 43KB - Virtual size: 42KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 512B - Virtual size: 225B

.data
Size: 22KB - Virtual size: 22KB

.rdata8
Size: 495KB - Virtual size: 495KB

.rsrc
Size: 43KB - Virtual size: 42KB

.reloc
Size: 6KB - Virtual size: 6KB