27ac4e5e244058ca5743fe7809b6fb9d37cb6557ef0597fcc8f0990a76751967

Sharing

Copy URL

Twitter E-mail

General

Target

27ac4e5e244058ca5743fe7809b6fb9d37cb6557ef0597fcc8f0990a76751967
Size

554KB
MD5

0cb6cd703a4fe22d60e610345929436f
SHA1

a326114041ee99803fef6673621c94bd29676e5e
SHA256

27ac4e5e244058ca5743fe7809b6fb9d37cb6557ef0597fcc8f0990a76751967
SHA512

f836572851c5f0b8872a38bd2948776520b2c7db831117ea72531c62fa491e667d47af32d35cac9ef906cca7ea510d0d7e9f42b8a95e9c95410b9379574152b7
SSDEEP

3072:LaG5WJ0gWq7Y+jbkGenScL1FsrKY/gnl4PNN0Bi3434YFOmOXoHOZNxjRIpop9Wn:coqel7oe4nmOXouZqWpsXJa5Ga

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27ac4e5e244058ca5743fe7809b6fb9d37cb6557ef0597fcc8f0990a76751967

Files

27ac4e5e244058ca5743fe7809b6fb9d37cb6557ef0597fcc8f0990a76751967
.exe windows:4 windows x86 arch:x86

5c2ea26c6c2107c65bad982b221646c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
GetModuleHandleA
GetLastError
DisconnectNamedPipe
CopyFileExW
MoveFileWithProgressW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
DuplicateHandle
GetCurrentProcess
OpenProcess
CreateDirectoryW
DeleteFileW
SetFileAttributesW
ConnectNamedPipe
GetCurrentThreadId
CreateFileA
WaitNamedPipeA
GetVersionExA
CreateThread
RemoveDirectoryW
CreateFileW
DeviceIoControl
CloseHandle
CreateNamedPipeA
LocalFree
GetTickCount
WriteFile
PeekNamedPipe
ReadFile
Sleep
LoadLibraryA
GetProcAddress
SetVolumeLabelW
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FindVolumeMountPointClose
OpenWaitableTimerW
GetProfileIntA
SetThreadPriority
TerminateJobObject
EnumResourceLanguagesW
GetCurrentDirectoryA
FindNextVolumeMountPointW
GetPrivateProfileIntA
GetSystemTimeAdjustment
EnumResourceLanguagesA
TransmitCommChar

user32

AnyPopup
CharNextW
CharNextA
MessageBoxA
GetClipboardFormatNameA
ShowCaret
GetMouseMovePointsEx
MessageBoxExA
OemToCharBuffA
CharNextExA
DdeFreeDataHandle
ChangeDisplaySettingsExA
SetMenuInfo
IsCharAlphaNumericA
CreateDialogIndirectParamW
DefDlgProcA
GetOpenClipboardWindow
ActivateKeyboardLayout
DialogBoxParamA
WaitForInputIdle
GetClassInfoExW
WinHelpW
EnumDesktopsA
SetWindowLongA
SendNotifyMessageA
SetRect
DdeSetQualityOfService
GetClipboardOwner
LoadIconW
SetActiveWindow
PtInRect
GetClipCursor

gdi32

GetStockObject
RealizePalette
CreateICW
GetFontResourceInfoW
GetTextAlign
EngStrokePath
GetPaletteEntries
GetRandomRgn
SetBrushOrgEx
GetCharacterPlacementA
SetViewportExtEx
CreateBitmapIndirect
GetDCOrgEx
EngAcquireSemaphore
GetBkColor
EngTransparentBlt
EngQueryLocalTime
PaintRgn
GetFontData
BRUSHOBJ_ulGetBrushColor
GdiSetPixelFormat
Pie
GetTextCharacterExtra
EngAssociateSurface
SetBitmapBits
BRUSHOBJ_pvGetRbrush
AddFontResourceTracking
ModifyWorldTransform

advapi32

RegOpenKeyW
SetFileSecurityW
GetSecurityDescriptorControl
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
IsValidSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetUserNameA
LookupAccountNameA
GetFileSecurityW

shell32

SHFileOperationW

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 293B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t4xt12
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t4xt11
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c2ea26c6c2107c65bad982b221646c0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 293B

.data Size: 5KB - Virtual size: 5KB

.t4xt12 Size: 107KB - Virtual size: 107KB

.t4xt11 Size: 360KB - Virtual size: 359KB

.rsrc Size: 74KB - Virtual size: 74KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 293B

.data
Size: 5KB - Virtual size: 5KB

.t4xt12
Size: 107KB - Virtual size: 107KB

.t4xt11
Size: 360KB - Virtual size: 359KB

.rsrc
Size: 74KB - Virtual size: 74KB