13104dd081b7ae2af298fdbb2bcddb465648c4d152253451f367811f00d10d23

Sharing

Copy URL

Twitter E-mail

General

Target

13104dd081b7ae2af298fdbb2bcddb465648c4d152253451f367811f00d10d23
Size

1.1MB
MD5

6f8ec808b5541f49e80ea9a690349627
SHA1

10df14af53df1080c507133b5c2da9c453a38363
SHA256

13104dd081b7ae2af298fdbb2bcddb465648c4d152253451f367811f00d10d23
SHA512

47d9cdf0978057ed845a5ee6cb3c9491994c1470c1ba8a9570970d2abc636e0c6f2deae650120705d2225dfced75b7cf016a5e531d2ec16c9204d8444cc5e099
SSDEEP

3072:4zW15DVagWq7Y+jbkGenScL1FsrKY/gnl4PNN0Bi3434YFOmOXoHOZNxjRIpRWMM:PVCqel7oe4nmOXouZqaXJa5Ga

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13104dd081b7ae2af298fdbb2bcddb465648c4d152253451f367811f00d10d23

Files

13104dd081b7ae2af298fdbb2bcddb465648c4d152253451f367811f00d10d23
.exe windows:4 windows x86 arch:x86

7a027def4626f85f70397a0c60cb50af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualAllocEx
GetLastError
WTSGetActiveConsoleSessionId
SetEvent
WaitForMultipleObjects
RaiseException
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
GetModuleFileNameW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
LoadLibraryA
RtlUnwind
HeapReAlloc
LocalFree
GetVersionExW
CreateEventW
LocalAlloc
GetModuleHandleW
GetTickCount
OpenMutexW
GetLongPathNameW
OpenProcess
Sleep
CreateWaitableTimerW
CreateMutexW
GetCurrentProcessId
ProcessIdToSessionId
SetWaitableTimer
CreateProcessW
CloseHandle
OpenEventW
GetLocalTime
FileTimeToSystemTime
CompareFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
WriteConsoleA
InitializeCriticalSection
VirtualAlloc
HeapAlloc
GetLocaleInfoA
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapFree
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetEnvironmentVariableA
GetConsoleAliasExesLengthA
SetConsoleCursor
GetVolumePathNameA
IsDBCSLeadByte
Beep
GlobalMemoryStatus
FreeLibrary
ReadFileEx
GetTimeZoneInformation
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapDestroy
ExpandEnvironmentStringsA
GetProcessHeap
MulDiv
CreateDirectoryW
CreateFileW
SetThreadLocale
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrcpynW
lstrlenA
lstrcpynA
lstrcmpW
lstrcpyW
LoadLibraryExW
lstrcmpiW
lstrlenW
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryW

user32

AnyPopup
CharNextA
IsDialogMessageW
PeekMessageW
SetTimer
MessageBoxA
CreateWindowExW
RegisterClassExW
LoadIconW
DefWindowProcW
KillTimer
PostQuitMessage
GetWindowThreadProcessId
GetWindowLongW
GetSystemMetrics
GetWindowRect
GetWindowTextA
GetDesktopWindow
GetTopWindow
GetForegroundWindow
MsgWaitForMultipleObjectsEx
DispatchMessageW
TranslateMessage
wvsprintfA
GetPropA
GetMouseMovePointsEx
LoadMenuIndirectW
SetClassLongA
GetDoubleClickTime
GetScrollInfo
CopyAcceleratorTableW
ScrollDC
GetListBoxInfo
DlgDirListComboBoxA
GetWindowTextLengthW
SetWindowsHookA
EnumWindowStationsW
DdeGetData
CharToOemA
CheckDlgButton
DdeQueryNextServer
CreateWindowExA
TrackPopupMenuEx
MessageBoxIndirectA
DdeClientTransaction
SetCursor
MessageBoxW
GetDC
ClientToScreen
SetWindowTextW
FindWindowW
SetForegroundWindow
AppendMenuW
LoadStringA
SetMenuDefaultItem
RemoveMenu
CreatePopupMenu
GetSubMenu
PtInRect
IsMenu
SetWindowsHookExW
TranslateAcceleratorW
GetMenu
GetClassNameW
OffsetRect
CallNextHookEx
GetKeyState
CharLowerW
UnhookWindowsHookEx
InflateRect
SetMenu
GetWindowPlacement
EnableWindow
SystemParametersInfoW
SetRectEmpty
RegisterWindowMessageW
GetSysColorBrush
GetSysColor
ReleaseDC
GetWindowDC
GetMessagePos
WindowFromPoint
MessageBeep
FrameRect
ModifyMenuW
LoadBitmapW
GetDlgItem
GetWindowTextW
DialogBoxParamW
DrawEdge
MonitorFromPoint
DrawFrameControl
DrawTextW
GetFocus
CallWindowProcW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
FillRect
GetActiveWindow
SetFocus
IsWindowEnabled
IsWindowVisible
InvalidateRect
ScreenToClient
SendMessageW
LoadStringW
LoadMenuW
LoadAcceleratorsW
DestroyMenu
GetClassInfoExW
LoadCursorW
DestroyWindow
CharNextW
GetMessageW
IsWindow
ShowWindow
UpdateWindow
SetWindowPlacement
PostMessageW
SetWindowLongW
wvsprintfW
LoadImageW
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetParent
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
DestroyIcon
SetActiveWindow
UnregisterClassA

gdi32

GetStockObject
RealizePalette
GetDIBColorTable
GetTextExtentPointI
CombineRgn
GetMetaFileA
GdiCreateLocalMetaFilePict
EngDeleteClip
SetColorAdjustment
GetOutlineTextMetricsW
GetRasterizerCaps
EngComputeGlyphSet
LPtoDP
GetFontLanguageInfo
GdiEntry10
AddFontResourceExA
EngTransparentBlt
Arc
BRUSHOBJ_ulGetBrushColor
CreateDIBitmap
CopyEnhMetaFileW
SetWorldTransform
GetKerningPairs
BRUSHOBJ_pvAllocRbrush
CreateCompatibleDC
UpdateICMRegKeyA
GetLayout
PATHOBJ_vEnumStart
GetPath
CreateScalableFontResourceW
ExtFloodFill
StartDocA
GetTextExtentExPointA
SetWindowExtEx
EudcLoadLinkW
SetDIBitsToDevice
GetTextFaceW
GdiSetLastError
PATHOBJ_bEnumClipLines
GetWorldTransform
DescribePixelFormat
GetCurrentObject
GetDeviceCaps
CreateDIBSection
CreatePatternBrush
DeleteDC
CreateBitmap
PatBlt
SetBkColor
SetBrushOrgEx
SetTextColor
SetBkMode
GetObjectW
CreateFontIndirectW
DeleteObject
SelectObject
CreateCompatibleBitmap
BitBlt

comdlg32

FindTextW
ReplaceTextW
GetSaveFileNameW

advapi32

RegOpenKeyW
DeleteService
ControlService
OpenServiceW
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
GetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
CreateProcessAsUserW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
StartServiceW
RegQueryValueExA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExA

shell32

CommandLineToArgvW
SHInvokePrinterCommandW
Shell_NotifyIcon
ShellExecuteEx
SHFileOperationA
SHGetPathFromIDListW
DragQueryFileA
SHInvokePrinterCommandA
SHGetFolderPathW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize

shlwapi

PathFileExistsW
PathRemoveFileSpecW
SHGetValueW
PathAppendW
SHSetValueW

comctl32

ImageList_Destroy
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Draw
ImageList_DrawIndirect
CreateStatusWindowW
ImageList_Create
ImageList_AddMasked
ImageList_LoadImageW

Sections

.text
Size: 594KB - Virtual size: 593KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 293B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t4xt12
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.t4xt11
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a027def4626f85f70397a0c60cb50af

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 594KB - Virtual size: 593KB

.rdata Size: 512B - Virtual size: 293B

.data Size: 11KB - Virtual size: 10KB

.t4xt12 Size: 359KB - Virtual size: 359KB

.t4xt11 Size: 107KB - Virtual size: 107KB

.rsrc Size: 74KB - Virtual size: 74KB

.text
Size: 594KB - Virtual size: 593KB

.rdata
Size: 512B - Virtual size: 293B

.data
Size: 11KB - Virtual size: 10KB

.t4xt12
Size: 359KB - Virtual size: 359KB

.t4xt11
Size: 107KB - Virtual size: 107KB

.rsrc
Size: 74KB - Virtual size: 74KB