MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b567aa06d064901f65e5e285d5a98bf636b6804f32946d5e40b9b3e4b8dd224. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b567aa06d064901f65e5e285d5a98bf636b6804f32946d5e40b9b3e4b8dd224
SHA3-384 hash: 26a185662b47f6ed3f9e8684fb6203762c1d0e476c7046fa80cf6823de3bf179e9ff05f9e88f30ad38cc20f1f38ec0dd
SHA1 hash: 4725db1670d1a06695c60a9480954828cc8db383
MD5 hash: 680cd1a2801c0c7fa6e14198caa84df2
humanhash: mars-zebra-crazy-lion
File name:Print Order Offerta 79290.exe
Download: download sample
File size:412'672 bytes
First seen:2020-03-26 11:39:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:QYIJPaiz1izPvjItwk1FRGy7MR+5nTy7Oq7Plt+wY9KAPyBX1x2ci7xO4ynd7uD:ZIJ5svjaNGyPlk73+waKA8f2ci7xO4yi
Threatray 1'551 similar samples on MalwareBazaar
TLSH AC94121C53B86B3EE7ED0FFCA550D2A047B1D24B69A2F3CB8F91A5B218873904356785
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.45691.21347.10311.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 03:10:08 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fnlhvidnazeqd5s6lyuf2wuyx5rww2ae6muunvpebont4s4n2isa._file
Verdict:
suspicious
Similar samples:
3c913eb5c708579a85685ccee10a9ce487c51f9da743f2100c46e3e0e88d2569
3e15618bfc4d25f09945e0d56c58c85403faae1db64b55db6caacbb11e476fa9
4587ca2f64d875b1d6e41906a820696f7d9d813f8f8401b6e0728cfbb348415f
4b8b49bdfa435d0faba2e3964b04e20bbfc86aa4ffc3c3b8e1449894892f125b
7cebebf611d98fbf9a5775158f605007726df01d2d4622431d6137665203c22d
a6cc097da2bee5d66e38a786047089065ad694607297795f7088847cdcb1643e
cb580aefeab71d89497055434d2e09f655bf686c8e19db6cafba62e14b9415f6
cc46386a34dedf7e75ceb2ca1d44cad29dfdd9822d85c2827fbfa114f3328dec
e72dc89990c2d78a89001f901515aa56c0c5da2c3d85fff3ca3ea2c1123b95c1
fb26e373bcdd29a7dee1c963a0109aa8fe257822448828e86655fc2ae7ad54de
+ 1'541 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments