MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d452b5f3e5d2b6623d0ca35793dfc051e1bf8b237e360906ed055e819235604. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	1d452b5f3e5d2b6623d0ca35793dfc051e1bf8b237e360906ed055e819235604
SHA3-384 hash:	b8b30fd354ce3ab986038751bc3ef4db14cde2fb9b85ede76e66caf6c62188aa64d68971c543ae0da5dcf02cb3740635
SHA1 hash:	9da48864411b8f9c625db2e7debc82c8874341fa
MD5 hash:	90f75c6fa4a613f9ab2c27e4d4bc4871
humanhash:	alanine-pluto-johnny-johnny
File name:	SecuriteInfo.com.Trojan.Siggen9.36524.1699.18810
Download:	download sample
File size:	319'488 bytes
First seen:	2020-04-25 19:38:24 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	49519598a9a712336b298ddda6aca13c
ssdeep	6144:/ERo66B2c9YpXPWnNuUxdPBRujokKpTFVxqwVY5Molr3OG7u3:sRo66Ec9YsIUxNBRujovfVxYKolrti
Threatray	10 similar samples on MalwareBazaar
TLSH	69647B62FA40D432E8C21671A7BA4BFB5C3D9229231960D3E3D45DB52B642E3B57834F
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Siggen9.36524.1699.18810.UNOFFICIAL

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/8aa3c9fe-17d8-4a56-81b8-8d82913f5896

Gathering data

Threat name:

Win32.Trojan.Chindo

Status:

Malicious

First seen:

2020-04-16 04:23:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 31 (67.74%)

Threat level:

5/5

Verdict:

malicious

211abb81c05810e3f08608a7035e8c4c3337de419e63257b4c3e4a1d2669aec5

2abe71b49e45492b408294a415a308799ed312ff79c013924a42e53ce9c32a82

563ee97396c60bb7d587d98e95d68109cfe9b0a924860bee678e1e4da196bb64

5978884a07ea7559941ec2a1ce86e08e4be36a9aae9d535f58021602b24cdaba

8b9b9e661bf4fc6618db328021ed256745fd148aae1a44b097cc106660fa45f7

a46358caac50799c82a9cdc45a3718bf519ffe5d32527fdc94843cf7bee487d8

bcedd36c318c6bde7515a91d98e5f171b371e6a17ac0b45e717c5f1bde22d55f

d8dbe0a74ff4d70f5633f8177f37c14cd1586d7a658ecf72d05f59261e8ad016

e0a34b9c420ddd930b3f89c13c3f564907dd948e88f668a0fe55ce506220bd73

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 1d452b5f3e5d2b6623d0ca35793dfc051e1bf8b237e360906ed055e819235604

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/351173/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_TRUST_INFO	Requires Elevated Execution (level:requireAdministrator)	high

Reviews

ID	Capabilities	Evidence
URL_MONIKERS_API	Can Download & Execute components	urlmon.dll::URLDownloadToFileW
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::GetStartupInfoW
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::DeleteFileW
WIN_CRYPT_API	Uses Windows Crypt API	ADVAPI32.dll::CryptAcquireContextA ADVAPI32.dll::CryptCreateHash ADVAPI32.dll::CryptEncrypt ADVAPI32.dll::CryptGetHashParam ADVAPI32.dll::CryptHashData ADVAPI32.dll::CryptImportKey
WIN_SOCK_API	Uses Network to send and receive data	WS2_32.dll::freeaddrinfo WS2_32.dll::getaddrinfo WS2_32.dll::WSAIoctl

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample