53de1377a8c475cb185ea93113c35ec7c1941fb89d1a2682757dfe25a19bd472

Sharing

Copy URL

Twitter E-mail

General

Target

53de1377a8c475cb185ea93113c35ec7c1941fb89d1a2682757dfe25a19bd472
Size

1.3MB
MD5

1e442a3ef1d37c8adf2f89d2afb5cb75
SHA1

7663bfcf885705b6f4752c92dd312d2504518cef
SHA256

53de1377a8c475cb185ea93113c35ec7c1941fb89d1a2682757dfe25a19bd472
SHA512

61ca51d4f63506b1f3e0987dc504c66a9c1eb49afc918427b8d5eae65e983a6addedceb79c7f001280ac4945e060ae48711ecf4a242ea53933b9e29ce9f2ed3d
SSDEEP

6144:yXOT+RDQ/0jnNESgfcDLd9a5tLQDB6FgD6b/3nE8FfcMkIUv0Go:cOT+RbjmedytLJFA6T3nE8FsIF

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53de1377a8c475cb185ea93113c35ec7c1941fb89d1a2682757dfe25a19bd472

Files

53de1377a8c475cb185ea93113c35ec7c1941fb89d1a2682757dfe25a19bd472
.exe windows:4 windows x86 arch:x86

c2bdd09c9f36b9ab90bf758ca489e971

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetModuleHandleA
VirtualAllocEx
ExitProcess
SetFilePointer
FileTimeToDosDateTime
FileTimeToLocalFileTime
SetErrorMode
SetCurrentDirectoryA
GetModuleFileNameA
CloseHandle
CreateThread
LocalFree
FormatMessageA
LocalAlloc
GetCurrentProcess
GetLastError
CreateMutexA
GetVersionExA
GetVersion
DeleteCriticalSection
WaitForSingleObject
lstrlenA
lstrcmpiA
LeaveCriticalSection
GetFileAttributesA
CreateFileA
GetCurrentDirectoryA
InitializeCriticalSection
lstrcpyA
HeapFree
HeapAlloc
SetLastError
GetDiskFreeSpaceA
CopyFileA
CreateDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetEnvironmentVariableA
lstrcpynA
DeleteFileA
SetFileAttributesA
lstrcatA
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GetDriveTypeA
ExpandEnvironmentStringsA
FreeLibrary
LoadLibraryExA
DeviceIoControl
TerminateProcess
OpenProcess
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
lstrcmpA
SetEvent
CreateEventA
ResetEvent
WriteFile
SetCommState
GetCommState
SetCommTimeouts
ReadFile
ExitThread
WaitForMultipleObjects
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetProcessHeap
DebugBreak
IsDBCSLeadByte
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
GetTempFileNameA
GetTempPathA
EnterCriticalSection
UnlockFileEx
FindVolumeClose
OpenFileMappingW
GetSystemDefaultUILanguage
FreeEnvironmentStringsW
SetWaitableTimer
FindCloseChangeNotification
FileTimeToSystemTime
CreatePipe
GetNamedPipeHandleStateA
EnumUILanguagesW
FindNextVolumeW
DuplicateHandle
GetPrivateProfileIntW
TryEnterCriticalSection
ReadConsoleOutputCharacterW
GlobalWire
SleepEx
IsBadReadPtr
ReadProcessMemory
GetLocalTime
DebugActiveProcess
WaitForDebugEvent
GetThreadContext
ContinueDebugEvent
VirtualAlloc
VirtualProtect
VirtualFree
RaiseException
UnregisterWaitEx
CreateFileMappingW
CreateEventW
UnregisterWait
RegisterWaitForSingleObject
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetVersionExW
GetSystemPowerStatus
GetCommandLineW
LoadLibraryW
GetLogicalDrives
GetDriveTypeW
GetFileAttributesW
FindFirstFileW
FindNextFileW
GetFileType
SetHandleCount
GetEnvironmentStringsW
HeapSize

user32

AnyPopup
LoadIconW
GetInputState
CharLowerA
GetClientRect
CopyRect
IsWindow
InvalidateRect
GetSysColor
SendDlgItemMessageA
SetFocus
LoadIconA
SetWindowLongA
RedrawWindow
LoadImageA
EnumChildWindows
GetWindowLongA
GetWindowRect
ScreenToClient
SetWindowPos
ShowWindow
SystemParametersInfoA
GetDC
ReleaseDC
wsprintfA
GetParent
PostMessageA
DialogBoxParamA
EnableWindow
EndDialog
GetDlgItem
SetTimer
FindWindowA
RegisterClassExA
LoadStringA
MessageBoxA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
SetForegroundWindow
EnumThreadWindows
PostQuitMessage
DefWindowProcA
ExitWindowsEx
DdeReconnect
GetAltTabInfo
DrawMenuBar
WaitMessage
IsWindowVisible
CloseDesktop
MoveWindow
SendMessageTimeoutW
GetClipCursor
SetClipboardData
BroadcastSystemMessage
DdeCreateStringHandleW
CharUpperW
SetWinEventHook
FindWindowExW
ValidateRgn
TrackPopupMenuEx
EnableScrollBar
FindWindowW
ChangeDisplaySettingsW
GetMessageTime
GetKeyboardLayout
RegisterShellHookWindow
CreateIconFromResourceEx
EnumDesktopWindows
DlgDirSelectExW
ToAsciiEx
IsRectEmpty
DdeEnableCallback
PeekMessageA
SetRect
GetMenu
DispatchMessageW
WinHelpW
DrawEdge
GetDialogBaseUnits

gdi32

GetStockObject
GetDeviceCaps
CreateFontIndirectA
AddFontResourceA
EngTextOut
StretchDIBits
SetPixelV
GdiEntry4
GetLogColorSpaceA
FillRgn
GetMetaFileBitsEx
GetCharABCWidthsW
PolyPolyline
GetKerningPairs
EnumMetaFile
EngUnicodeToMultiByteN
GetTextCharset
SetBitmapBits
SetWinMetaFileBits
GdiEntry3
GetHFONT
StrokePath
GetSystemPaletteEntries
GetLayout
PlayMetaFile
SelectObject
CreateDIBSection
SetViewportOrgEx
CreateCompatibleDC
DeleteDC
GetRgnBox

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyA
LookupPrivilegeValueA
OpenProcessToken
LookupAccountSidA
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExA
RegEnumKeyA
RegQueryValueA
RegEnumKeyExA
RegSetValueExA
AdjustTokenPrivileges
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHFileOperationA
ExtractIconEx
FindExecutableA
DragQueryFileAorW
FindExecutableW
SHFreeNameMappings
SHPathPrepareForWriteA
SHGetDataFromIDListA
SHAddToRecentDocs
DragQueryPoint
SHGetFileInfo
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHFileOperation
ExtractIconA
Shell_NotifyIcon
CommandLineToArgvW
ShellExecuteA

ole32

OleUninitialize
OleInitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CoUninitialize

shlwapi

StrChrIA
SHGetValueA
PathIsDirectoryA
StrDupA
PathCombineA
StrCmpNIA
PathIsRootA
PathAppendA
StrRChrA

comctl32

PropertySheetA
InitCommonControlsEx
CreatePropertySheetPageA

Sections

.text
Size: 690KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t4xt14
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.t4xt13
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.t4xt12
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2bdd09c9f36b9ab90bf758ca489e971

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 690KB - Virtual size: 690KB

.data Size: 205KB - Virtual size: 205KB

.t4xt14 Size: 1KB - Virtual size: 1KB

.t4xt13 Size: 1KB - Virtual size: 1KB

.t4xt12 Size: 349KB - Virtual size: 349KB

.rsrc Size: 43KB - Virtual size: 43KB

.text
Size: 690KB - Virtual size: 690KB

.data
Size: 205KB - Virtual size: 205KB

.t4xt14
Size: 1KB - Virtual size: 1KB

.t4xt13
Size: 1KB - Virtual size: 1KB

.t4xt12
Size: 349KB - Virtual size: 349KB

.rsrc
Size: 43KB - Virtual size: 43KB