a2b8c412265fd86ad9d10c64dd5e59baa52da0a1144547bbeffcf557dff360a0

Sharing

Copy URL

Twitter E-mail

General

Target

a2b8c412265fd86ad9d10c64dd5e59baa52da0a1144547bbeffcf557dff360a0
Size

565KB
MD5

39f681fc5df4340af3b260acaa1539ff
SHA1

ec0ea822da2bb7d5405472ebd96635554f364b4b
SHA256

a2b8c412265fd86ad9d10c64dd5e59baa52da0a1144547bbeffcf557dff360a0
SHA512

4e15ca257bd409b8f6f6d385748d7450dc191031df1ae5f4c54ef30841c7ad45b8d20a41b4a6bfc74109197c56fc41f7e2333c78eef8282acfcf452944912377
SSDEEP

3072:Z7xg5WWbirNfJgWq7Y+jbkGenScL1FsrKY/gnl4PNN0Bi3434YFOmOXoHOZNxjRg:RrNffqel7oe4nmOXouZq9XJa5Ga

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2b8c412265fd86ad9d10c64dd5e59baa52da0a1144547bbeffcf557dff360a0

Files

a2b8c412265fd86ad9d10c64dd5e59baa52da0a1144547bbeffcf557dff360a0
.exe windows:4 windows x86 arch:x86

f138c414e1c6d92e02373545e4cfd419

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
GetModuleHandleA
GetLastError
DisconnectNamedPipe
CopyFileExW
MoveFileWithProgressW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
DuplicateHandle
GetCurrentProcess
OpenProcess
CreateDirectoryW
DeleteFileW
SetFileAttributesW
ConnectNamedPipe
GetCurrentThreadId
CreateFileA
WaitNamedPipeA
GetVersionExA
CreateThread
RemoveDirectoryW
CreateFileW
DeviceIoControl
CloseHandle
CreateNamedPipeA
LocalFree
GetTickCount
WriteFile
PeekNamedPipe
ReadFile
Sleep
LoadLibraryA
GetProcAddress
SetVolumeLabelW
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FindVolumeMountPointClose
OpenWaitableTimerW
GetProfileIntA
SetThreadPriority
TerminateJobObject
EnumResourceLanguagesW
GetCurrentDirectoryA
FindNextVolumeMountPointW
GetPrivateProfileIntA
GetSystemTimeAdjustment
EnumResourceLanguagesA
TransmitCommChar
GlobalSize
IsBadCodePtr
IsBadWritePtr
GetTempPathW
SetFileTime
GetExitCodeProcess
CompareFileTime
GetFileTime
EnumSystemCodePagesW
GetCommandLineW
lstrcmpA
GetProcessHeap
GetUserDefaultLangID
GetLocaleInfoA
CreateEventA
WaitForSingleObject
FreeLibrary
MulDiv
SetEvent
GlobalLock
GlobalUnlock
GetTimeFormatA
GetTimeFormatW
GetDateFormatA
GetDateFormatW
CreateProcessA
CreateProcessW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
SearchPathA
SearchPathW
GetFullPathNameA
GetFullPathNameW
GetModuleHandleW
LoadLibraryW
SetCurrentDirectoryA
SetCurrentDirectoryW
FindFirstFileA
SetFileAttributesA
DeleteFileA
GetModuleFileNameW
GetCurrentDirectoryW
FindNextFileA
GetWindowsDirectoryW
GetFileAttributesA
GetFileSize
lstrlenA
lstrlenW
GlobalFree
GlobalAlloc

user32

AnyPopup
CharNextA
MessageBoxA
GetClipboardFormatNameA
ShowCaret
GetMouseMovePointsEx
MessageBoxExA
OemToCharBuffA
CharNextW
CharNextExA
DdeFreeDataHandle
ChangeDisplaySettingsExA
SetMenuInfo
IsCharAlphaNumericA
CreateDialogIndirectParamW
DefDlgProcA
GetOpenClipboardWindow
ActivateKeyboardLayout
DialogBoxParamA
WaitForInputIdle
GetClassInfoExW
WinHelpW
EnumDesktopsA
SetWindowLongA
SendNotifyMessageA
SetRect
DdeSetQualityOfService
GetClipboardOwner
LoadIconW
SetActiveWindow
PtInRect
GetClipCursor
CreatePopupMenu
GetKeyState
DefFrameProcW
PostQuitMessage
ModifyMenuW
DestroyIcon
DestroyCursor
SetTimer
GetWindow
DefFrameProcA
CheckMenuItem
GetQueueStatus
GetKeyboardState
CheckMenuRadioItem
GetSystemMetrics
DrawMenuBar
DeleteMenu
GetSubMenu
LoadCursorA
GetKeyboardLayout
IsWindowVisible
GetClassNameW
GetClassNameA
SetWindowPos
SetScrollInfo
GetScrollInfo
ReleaseCapture
CallNextHookEx
MapVirtualKeyW
MapVirtualKeyA
UnhookWindowsHookEx
GetDlgItem
EndDialog
IsChild
RedrawWindow
MoveWindow
SetCapture
SetForegroundWindow
GetForegroundWindow
SystemParametersInfoA
LoadMenuA
LoadMenuW
LoadAcceleratorsA
LoadAcceleratorsW
LoadIconA
LoadImageA
LoadImageW
CreateDialogParamW
CreateDialogParamA
DialogBoxParamW
EnumThreadWindows
BringWindowToTop
EnableWindow
CloseClipboard
GetClipboardData
OpenClipboard
MessageBeep
SetCursorPos
DrawTextW
DrawTextA
GetKeyboardLayoutList
EnumWindows
GetActiveWindow
EndPaint
DrawFrameControl
BeginPaint
GetCapture
FrameRect
SetDlgItemInt
GetDlgItemInt
SetWindowsHookExA
CharUpperA
RegisterClipboardFormatA
HideCaret
SetMenuDefaultItem
IsClipboardFormatAvailable
SetCaretPos
SetClipboardData
EmptyClipboard
UnregisterClassA
UnregisterClassW
CreateCaret
DestroyCaret
ScrollWindow
ShowScrollBar
GetDoubleClickTime
GetMessageTime
GetUpdateRect
IntersectRect
InsertMenuA
InsertMenuW
AppendMenuA
AppendMenuW
SetDlgItemTextA
SetDlgItemTextW
SetWindowTextA
SetWindowTextW
FindWindowExA
FindWindowExW
CreateMDIWindowA
CreateMDIWindowW
CreateWindowExA
CreateWindowExW
RegisterClassA
RegisterClassW
ScreenToClient
TrackPopupMenu
GetSystemMenu
KillTimer
SetCursor
GetMenuStringA
GetMenuStringW
LoadStringA
LoadStringW
SendMessageW
IsDialogMessageA
IsDialogMessageW
TranslateAcceleratorA
TranslateAcceleratorW
DispatchMessageA
DispatchMessageW
PeekMessageA
PeekMessageW
GetMessageA
GetMessageW
GetDlgItemTextA
GetDlgItemTextW
GetWindowTextA
GetWindowTextW
GetWindowTextLengthA
GetWindowTextLengthW
SetWindowLongW
GetWindowLongA
GetWindowLongW
SetClassLongA
SetClassLongW
GetClassLongA
GetClassLongW
GetKeyNameTextA
GetKeyNameTextW
DefWindowProcA
DefWindowProcW
InvalidateRect
UpdateWindow
ValidateRect
GetDC
GetClientRect
GetSysColorBrush
FillRect
DrawEdge
GetFocus
DrawFocusRect
DestroyMenu
DefMDIChildProcA
DefMDIChildProcW
SetFocus
ClientToScreen
EnableMenuItem
ShowWindow
TranslateMessage
ModifyMenuA
IsWindowEnabled
GetSysColor
DrawStateA
ReleaseDC
IsWindowUnicode
CallWindowProcA
CallWindowProcW
GetDlgCtrlID
GetParent
PostMessageA
GetCursorPos
GetWindowRect
DestroyWindow
SendMessageA
MessageBoxW
DestroyAcceleratorTable

gdi32

GetStockObject
RealizePalette
CreateICW
GetFontResourceInfoW
GetTextAlign
EngStrokePath
GetPaletteEntries
GetRandomRgn
SetBrushOrgEx
GetCharacterPlacementA
SetViewportExtEx
CreateBitmapIndirect
GetDCOrgEx
EngAcquireSemaphore
GetBkColor
EngTransparentBlt
EngQueryLocalTime
PaintRgn
GetFontData
BRUSHOBJ_ulGetBrushColor
GdiSetPixelFormat
Pie
GetTextCharacterExtra
EngAssociateSurface
SetBitmapBits
BRUSHOBJ_pvGetRbrush
AddFontResourceTracking
ModifyWorldTransform
PlayEnhMetaFile
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
DeleteEnhMetaFile
CloseEnhMetaFile
CreateEnhMetaFileW
CreateEnhMetaFileA
CreateDIBSection
GetBkMode
BitBlt
TextOutA
TextOutW
SetBkMode
SetBkColor
SetTextColor
GetObjectA
GetTextMetricsA
GetObjectW
GetTextMetricsW
CreateRectRgn
StartPage
EndPage
EndDoc
GetTextExtentPoint32W
SetTextAlign
ExtTextOutW
CreateBitmap
CreatePatternBrush
PatBlt
DeleteDC
CreateDCW
CreateDCA
GetDeviceCaps
StartDocA
StartDocW
CreateFontIndirectA
CreateFontIndirectW
CreatePen
SelectObject
MoveToEx
LineTo
ExtTextOutA
DeleteObject

comdlg32

PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
ChooseColorW
PrintDlgW
PrintDlgA
ChooseFontA
ChooseFontW
GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW
ChooseColorA

advapi32

RegOpenKeyW
SetFileSecurityW
GetSecurityDescriptorControl
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
IsValidSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetUserNameA
LookupAccountNameA
GetFileSecurityW
RegSetValueExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegEnumValueW
RegCreateKeyExW
RegCreateKeyExA
RegEnumKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW

shell32

SHFileOperationW
SHGetMalloc
SHGetFolderPathW
ExtractIconW
SHPathPrepareForWriteA
FindExecutableW
SHAppBarMessage
ExtractIconA
DragAcceptFiles
ExtractIconExW
SHGetSettings
SHInvokePrinterCommandA
ExtractAssociatedIconExW
SHGetDataFromIDListW
SHGetInstanceExplorer
ShellExecuteA
ShellExecuteExA
SHGetDiskFreeSpaceExW
ShellExecuteExW
SHBrowseForFolder
SHQueryRecycleBinA
ShellExecuteEx
ExtractAssociatedIconW
DragQueryFileW
SHChangeNotify
ShellExecuteW
DragQueryFileA
DragFinish

ole32

ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleInitialize
OleUninitialize
DoDragDrop

shlwapi

StrRChrIA
StrChrA

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Create
PropertySheetW
ImageList_Destroy
PropertySheetA

imm32

ImmSetCompositionFontA
ImmSetCompositionFontW
ImmGetCompositionStringW
ImmEscapeW
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 293B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t4xt12
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t4xt11
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f138c414e1c6d92e02373545e4cfd419

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

imm32

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 512B - Virtual size: 293B

.data Size: 14KB - Virtual size: 14KB

.t4xt12 Size: 107KB - Virtual size: 107KB

.t4xt11 Size: 361KB - Virtual size: 361KB

.rsrc Size: 74KB - Virtual size: 74KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 293B

.data
Size: 14KB - Virtual size: 14KB

.t4xt12
Size: 107KB - Virtual size: 107KB

.t4xt11
Size: 361KB - Virtual size: 361KB

.rsrc
Size: 74KB - Virtual size: 74KB