60748859ab0d2a1efadd9d63a631956287ad719e8fe3442f749d416f3b7ed54a

Sharing

Copy URL

Twitter E-mail

General

Target

60748859ab0d2a1efadd9d63a631956287ad719e8fe3442f749d416f3b7ed54a
Size

1.4MB
MD5

96aa3da27979e306beb1ec5cb1c74532
SHA1

35179d373827f0adfe22cd4e08871ddaa7e2078c
SHA256

60748859ab0d2a1efadd9d63a631956287ad719e8fe3442f749d416f3b7ed54a
SHA512

8c5e3585a2032491eb1eb3c3173de6aa3d881a0de742f39727a0036120e51d954c971bde86ef19c0e13bff37b13bea4872402ea9f6d7b792f818b76fa1d34c59
SSDEEP

3072:5xSm9vz5ZNgWq7Y+jbkGenScL1FsrKY/gnl4PNN0Bi3434YFOmOXoHOZNxjRIpHK:nZvfjqel7oe4nmOXouZqZGa

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60748859ab0d2a1efadd9d63a631956287ad719e8fe3442f749d416f3b7ed54a

Files

60748859ab0d2a1efadd9d63a631956287ad719e8fe3442f749d416f3b7ed54a
.exe windows:4 windows x86 arch:x86

eafbc27c9f568e93fa9e9edb0fcf5ed2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualAllocEx
RemoveDirectoryA
FindClose
DeleteFileA
FindNextFileA
FindFirstFileA
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateDirectoryA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
RtlUnwind
GetModuleHandleW
GetProcAddress
ExitProcess
GetCommandLineA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileW
CreateFileA
SetEndOfFile
GetProcessHeap
CreateTimerQueue
OutputDebugStringA
LocalAlloc
PeekConsoleInputA
FindResourceW
GlobalSize
SetTimeZoneInformation
GetConsoleAliasExesW
TransmitCommChar
HeapLock
WaitNamedPipeW
CancelTimerQueueTimer
GetPrivateProfileStringW
OpenEventA
SwitchToFiber
SearchPathW
FatalAppExitW
EnumSystemLanguageGroupsA
EnumDateFormatsExA
RtlMoveMemory
SetVolumeMountPointA
GetWindowsDirectoryW
PrepareTape
SetProcessShutdownParameters
QueryDosDeviceA
AddConsoleAliasA
GetNamedPipeHandleStateW
GlobalLock
SetInformationJobObject
GetWriteWatch
GetSystemInfo
_hread
GetUserDefaultLangID
lstrlenW
lstrcmpA
WriteProcessMemory
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
UnmapViewOfFile
TerminateThread
SystemTimeToFileTime
SuspendThread
SizeofResource
SetThreadPriority
SetThreadContext
SetThreadAffinityMask
SetPriorityClass
SetEvent
SetErrorMode
ResumeThread
ResetEvent
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
QueryPerformanceFrequency
PulseEvent
OutputDebugStringW
OpenProcess
OpenMutexW
OpenFileMappingA
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetVersionExW
GetVersion
GetTimeZoneInformation
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathW
GetSystemTime
GetSystemDirectoryA
GetSystemDirectoryW
GetStartupInfoW
GetProcessVersion
GetProcessAffinityMask
GetPriorityClass
GetModuleFileNameW
GetLogicalDrives
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDriveTypeW
GetCurrentThread
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FormatMessageW
FlushViewOfFile
FindResourceA
FindNextFileW
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumResourceNamesW
DuplicateHandle
DisconnectNamedPipe
DeleteFileW
CreateThread
CreateSemaphoreW
CreateNamedPipeW
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateEventA
CreateEventW
CopyFileW
ConnectNamedPipe
CompareStringW
CancelIo

user32

AnyPopup
GetInputState
GetMouseMovePointsEx
WINNLSEnableIME
LoadAcceleratorsW
KillTimer
UpdateWindow
AnimateWindow
ToUnicode
MessageBeep
GetKeyboardLayoutList
DefWindowProcA
GetAncestor
DeferWindowPos
BeginDeferWindowPos
DdeCreateDataHandle
EnumWindows
SendMessageCallbackW
SetMessageExtraInfo
LockSetForegroundWindow
LoadIconA
WaitForInputIdle
TranslateMessage
SystemParametersInfoW
ShowWindow
ShowOwnedPopups
SetWindowRgn
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetPropA
SetParent
SetForegroundWindow
SetCursorPos
SetClassLongW
SendNotifyMessageW
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageCallbackA
SendMessageA
SendMessageW
RemovePropA
ReleaseDC
RegisterWindowMessageW
PostThreadMessageA
PostThreadMessageW
PostMessageA
PostMessageW
OffsetRect
MsgWaitForMultipleObjects
MessageBoxW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
InvalidateRect
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetUserObjectInformationW
GetTopWindow
GetThreadDesktop
GetSystemMetrics
GetSystemMenu
GetPropA
GetParent
GetWindow
GetMessageW
GetMenu
GetForegroundWindow
GetDC
GetClientRect
GetClassNameA
GetClassLongW
GetAsyncKeyState
FrameRect
FindWindowExA
FindWindowExW
FindWindowW
EnumThreadWindows
EnableWindow
EnableMenuItem
DrawTextW
DrawMenuBar
DrawFrameControl
DrawFocusRect
DispatchMessageW
DestroyWindow
DestroyIcon
DefWindowProcW
CreateIconFromResource
ChildWindowFromPointEx
CharUpperW
CharLowerW
BringWindowToTop
AttachThreadInput
AdjustWindowRectEx

gdi32

GetStockObject
GetSystemPaletteUse
TranslateCharsetInfo
StretchDIBits
StretchBlt
SetStretchBltMode
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
GetTextExtentPointW
GetTextExtentPoint32W
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetDeviceCaps
GetDIBits
DeleteObject
DeleteDC
CreateRoundRectRgn
CreateRectRgn
CreatePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyW
SetSecurityDescriptorDacl
ReportEventW
RegisterEventSourceW
RegUnLoadKeyW
RegOpenKeyExA
RegLoadKeyW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
LookupAccountSidA
LookupAccountSidW
InitializeSecurityDescriptor
GetUserNameA
GetTokenInformation
GetLengthSid
AdjustTokenPrivileges
GetUserNameW
GetKernelObjectSecurity
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CryptSetProvParam
CryptGetProvParam
CryptDestroyHash
CryptSignHashA
CryptSetHashParam
CryptCreateHash
CryptImportKey
CryptExportKey
CryptReleaseContext
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextA
CryptDecrypt

shell32

ExtractAssociatedIconExA
DragQueryFileW
SHGetFolderPathA
SHQueryRecycleBinW
SHGetDiskFreeSpaceA
DragQueryPoint
SHGetIconOverlayIndexA
SHGetPathFromIDList
SHFileOperationA
SHGetFileInfoA
ShellExecuteW
Shell_NotifyIconW
DragFinish
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
GetHGlobalFromStream
CoCreateGuid

comctl32

ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 691KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 293B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t4xt12
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.t4xt13
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t4xt11
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eafbc27c9f568e93fa9e9edb0fcf5ed2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

comctl32

Sections

.text Size: 691KB - Virtual size: 690KB

.rdata Size: 512B - Virtual size: 293B

.data Size: 208KB - Virtual size: 208KB

.t4xt12 Size: 370KB - Virtual size: 369KB

.t4xt13 Size: 11KB - Virtual size: 10KB

.t4xt11 Size: 107KB - Virtual size: 107KB

.rsrc Size: 44KB - Virtual size: 44KB

.text
Size: 691KB - Virtual size: 690KB

.rdata
Size: 512B - Virtual size: 293B

.data
Size: 208KB - Virtual size: 208KB

.t4xt12
Size: 370KB - Virtual size: 369KB

.t4xt13
Size: 11KB - Virtual size: 10KB

.t4xt11
Size: 107KB - Virtual size: 107KB

.rsrc
Size: 44KB - Virtual size: 44KB