MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 38cab7aaec4c38fcb5a56b1006e584c329513147d22738258f4428c2568d92a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 38cab7aaec4c38fcb5a56b1006e584c329513147d22738258f4428c2568d92a5 |
|---|---|
| SHA3-384 hash: | 869a39664e53b4aa33e3a1a0474b767202f946281721335bfd18add7c0cb8e5034c4c47d0a1ed4fdf4dc36096d8c5ade |
| SHA1 hash: | efeffc427f7a4b6c79cbe3b604931b59eb5aa714 |
| MD5 hash: | add9953e62fcea8f2b72c963ebc3bedf |
| humanhash: | minnesota-south-undress-sodium |
| File name: | 38cab7aaec4c38fcb5a56b1006e584c329513147d22738258f4428c2568d92a5 |
| Download: | download sample |
| File size: | 447'488 bytes |
| First seen: | 2020-03-30 07:06:12 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 9dd8c0ff4fc84287e5b766563240f983 (3 x HawkEye, 2 x Jigsaw, 2 x njrat) |
| ssdeep | 12288:1oL4EnU4T/vjLhAbMLKYShcekLgEfrt1clS3l0o4e:1wnU4TDLhAbM2YSh6Dt2lSKo4e |
| Threatray | 118 similar samples on MalwareBazaar |
| TLSH | EA94F1207191C173C4B7503584EACB359A3A71225B7A97D7B6DC2BBA7F203D092362CE |
| Reporter |  Marco_Ramilli |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Gceyiwe
Status:
Malicious
First seen:
2018-10-22 13:29:07 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
22 of 31 (70.97%)
Threat level:
2/5
Verdict:
malicious
Similar samples:
+ 108 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 38cab7aaec4c38fcb5a56b1006e584c329513147d22738258f4428c2568d92a5
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
| CHECK_NX | Missing Non-Executable Memory Protection | critical |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
| CHECK_TRUST_INFO | Requires Elevated Execution (level:requireAdministrator) | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| WIN32_PROCESS_API | Can Create Process and Threads | KERNEL32.dll::CloseHandle |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::GetStartupInfoA KERNEL32.dll::GetCommandLineA |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::WriteConsoleA KERNEL32.dll::WriteConsoleW KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleCP KERNEL32.dll::GetConsoleMode KERNEL32.dll::GetConsoleOutputCP |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CreateFileA |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.