e957de538126a39b131d168ae2b081fcd9c859fff85428ddaf0dd30c08dbf4ed

Sharing

Copy URL

Twitter E-mail

General

Target

e957de538126a39b131d168ae2b081fcd9c859fff85428ddaf0dd30c08dbf4ed
Size

1.4MB
MD5

44cb607d4c6ba40c23fb4a812c647799
SHA1

efd9064181ca2c2fdc6ca71305272c2c7cf19526
SHA256

e957de538126a39b131d168ae2b081fcd9c859fff85428ddaf0dd30c08dbf4ed
SHA512

fd48f42c590cfad8c9f3deed33672b0c4948e664069dea8c1b34917b168d0af728bfc7e9dec6105ef20c7cdba7942f8c14f7492a405b94b29d44ba343ab9495c
SSDEEP

3072:PjwDm1gWq7Y+jbkGenScL1FsrKY/gnl4PNN0Bi3434YFOmOXoHOZNxXgXTP+krGV:PjwDmrqel7oe4nmOXouZRgGo

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e957de538126a39b131d168ae2b081fcd9c859fff85428ddaf0dd30c08dbf4ed

Files

e957de538126a39b131d168ae2b081fcd9c859fff85428ddaf0dd30c08dbf4ed
.exe windows:4 windows x86 arch:x86

a7d63d37b474fcb8309b159dd9bd9c18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualAllocEx
CreateTimerQueue
OutputDebugStringA
IsValidCodePage
LocalAlloc
PeekConsoleInputA
FindResourceW
GlobalSize
HeapCreate
SetTimeZoneInformation
GetConsoleAliasExesW
TransmitCommChar
HeapLock
WaitNamedPipeW
CancelTimerQueueTimer
GetPrivateProfileStringW
OpenEventA
SwitchToFiber
SearchPathW
FatalAppExitW
EnumSystemLanguageGroupsA
EnumDateFormatsExA
GetTickCount
WideCharToMultiByte
RtlMoveMemory
SetVolumeMountPointA
GetWindowsDirectoryW
PrepareTape
SetProcessShutdownParameters
QueryDosDeviceA
AddConsoleAliasA
GetNamedPipeHandleStateW
GlobalLock
SetInformationJobObject
GetWriteWatch
GetSystemInfo
_hread
GetConsoleOutputCP
GetUserDefaultLangID
TlsSetValue
TlsGetValue
GetModuleHandleW
lstrlenW
lstrcmpA
WriteProcessMemory
WriteFile
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadContext
SetThreadAffinityMask
SetPriorityClass
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
PulseEvent
OutputDebugStringW
OpenProcess
OpenMutexW
OpenFileMappingA
MultiByteToWideChar
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryExA
LoadLibraryExW
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetVersionExW
GetVersion
GetTimeZoneInformation
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathW
GetSystemTime
GetSystemDirectoryA
GetSystemDirectoryW
GetStartupInfoW
GetProcessVersion
GetProcessAffinityMask
GetProcAddress
GetPriorityClass
GetModuleFileNameA
GetModuleFileNameW
GetLogicalDrives
GetLastError
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDriveTypeW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FormatMessageW
FlushViewOfFile
FlushFileBuffers
FindResourceA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExitProcess
EnumResourceNamesW
EnterCriticalSection
DuplicateHandle
DisconnectNamedPipe
DeleteFileW
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateNamedPipeW
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CopyFileW
ConnectNamedPipe
CompareStringW
CloseHandle
CancelIo

user32

GetInputState
AnyPopup
GetMouseMovePointsEx
WINNLSEnableIME
LoadAcceleratorsW
KillTimer
UpdateWindow
AnimateWindow
ToUnicode
MessageBeep
GetKeyboardLayoutList
DefWindowProcA
GetAncestor
DeferWindowPos
BeginDeferWindowPos
DdeCreateDataHandle
EnumWindows
SendMessageCallbackW
SetMessageExtraInfo
LockSetForegroundWindow
LoadIconA
WaitForInputIdle
TranslateMessage
SystemParametersInfoW
ShowWindow
ShowOwnedPopups
SetWindowRgn
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetPropA
SetParent
SetForegroundWindow
SetCursorPos
SetClassLongW
SendNotifyMessageW
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageCallbackA
SendMessageA
SendMessageW
RemovePropA
ReleaseDC
RegisterWindowMessageW
PostThreadMessageA
PostThreadMessageW
PostMessageA
PostMessageW
OffsetRect
MsgWaitForMultipleObjects
MessageBoxW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
InvalidateRect
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetUserObjectInformationW
GetTopWindow
GetThreadDesktop
GetSystemMetrics
GetSystemMenu
GetPropA
GetParent
GetWindow
GetMessageW
GetMenu
GetForegroundWindow
GetDC
GetClientRect
GetClassNameA
GetClassLongW
GetAsyncKeyState
FrameRect
FindWindowExA
FindWindowExW
FindWindowW
EnumThreadWindows
EnableWindow
EnableMenuItem
DrawTextW
DrawMenuBar
DrawFrameControl
DrawFocusRect
DispatchMessageW
DestroyWindow
DestroyIcon
DefWindowProcW
CreateIconFromResource
ChildWindowFromPointEx
CharUpperW
CharLowerW
BringWindowToTop
AttachThreadInput
AdjustWindowRectEx

gdi32

GetStockObject
GetSystemPaletteUse
TranslateCharsetInfo
StretchDIBits
StretchBlt
SetStretchBltMode
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
GetTextExtentPointW
GetTextExtentPoint32W
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetDeviceCaps
GetDIBits
DeleteObject
DeleteDC
CreateRoundRectRgn
CreateRectRgn
CreatePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyW
SetSecurityDescriptorDacl
ReportEventW
RegisterEventSourceW
RegUnLoadKeyW
RegOpenKeyExA
RegLoadKeyW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
LookupAccountSidA
LookupAccountSidW
InitializeSecurityDescriptor
GetUserNameA
GetTokenInformation
GetLengthSid
AdjustTokenPrivileges
GetUserNameW
GetKernelObjectSecurity
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CryptSetProvParam
CryptGetProvParam
CryptDestroyHash
CryptSignHashA
CryptSetHashParam
CryptCreateHash
CryptImportKey
CryptExportKey
CryptReleaseContext
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextA
CryptDecrypt

shell32

ExtractAssociatedIconExA
DragQueryFileW
SHGetFolderPathA
SHQueryRecycleBinW
SHGetDiskFreeSpaceA
DragQueryPoint
SHGetIconOverlayIndexA
SHGetPathFromIDList
SHFileOperationA
SHGetFileInfoA
ShellExecuteW
Shell_NotifyIconW
DragFinish
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
GetHGlobalFromStream
CoCreateGuid

comctl32

ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 691KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 293B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t4xt12
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.t4xt13
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t4xt11
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7d63d37b474fcb8309b159dd9bd9c18

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

comctl32

Sections

.text Size: 691KB - Virtual size: 690KB

.rdata Size: 512B - Virtual size: 293B

.data Size: 207KB - Virtual size: 207KB

.t4xt12 Size: 370KB - Virtual size: 369KB

.t4xt13 Size: 11KB - Virtual size: 10KB

.t4xt11 Size: 107KB - Virtual size: 107KB

.rsrc Size: 43KB - Virtual size: 43KB

.text
Size: 691KB - Virtual size: 690KB

.rdata
Size: 512B - Virtual size: 293B

.data
Size: 207KB - Virtual size: 207KB

.t4xt12
Size: 370KB - Virtual size: 369KB

.t4xt13
Size: 11KB - Virtual size: 10KB

.t4xt11
Size: 107KB - Virtual size: 107KB

.rsrc
Size: 43KB - Virtual size: 43KB