MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45f2c615dde960357bc53cf73082b5de83cf5c0cd93d7a9b339af308d1229f0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45f2c615dde960357bc53cf73082b5de83cf5c0cd93d7a9b339af308d1229f0f
SHA3-384 hash: dd6994669fa1a8f7531368cb1780cd0287ad85fcaa590b249375567374eabbc87b364692327ea1d066911b8c934bb2c6
SHA1 hash: 5167bd585f25af08b9a6fc85a40ba0946834c6cb
MD5 hash: 537d709eac2faf3a2f2c1db1bfaf7ca1
humanhash: angel-paris-bluebird-delaware
File name:revised proforma invoice.exe
Download: download sample
Signature Loki
Create hunting rule
File size:69'632 bytes
First seen:2020-03-16 06:57:10 UTC
Last seen:2020-03-16 06:58:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0acf6bd173acbe1b1dbb31225921b6cd (1 x Loki)
ssdeep 768:wr/jpJw1mAFms+YY7CoVtpR+aFSg4t/vJM46q5wYG1500Ouwv8yvZs:w7f+cR7XJ4Vw5U0Odp6
Threatray 1'211 similar samples on MalwareBazaar
TLSH D4638E3AF5D8C598D5AB04345DD30AEAA56BFFE0F730770661103EAD0AF37445AB90A8
Reporter cocaman
Tags:exe Loki

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedENT.133.27931.2726.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-16 01:52:56 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ixzmmfo55fqdk66fht3tbavv32b46xam3e6xvgzttlzqrujct4hq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
Loki
47e0a9592dbd0f2aaf56ec183cf5936a24848ed72de02dc30848d033a28d00b4
Loki
53b08ccf3f21eb6c4c2556fd290210d57d8bcdfc92735573ee20839b81a2a98d
Loki
57acb5d89c02230f16fa4223e779f5defcb924a9e42ac05c245f91561c1c7fe0
Loki
5cc55fa0f006fc7c39f68a9aa2d7c2debe52c0e9f8ee955bacced2cf0d2aae8b
Loki
60c2a6a0bc12f4b6fd4ecb473d5de3d9de561ee3125055dbbf2d8ff12bb83f60
Loki
a16deb69d9cd6cf259639a9584dbe98c0bc73395559f9afef7d9dc2784bb803c
Loki
a40a5e625d55583bfeb7d9ef900686a29dc3c6f580ca1615af7a2ad29f02761a
Loki
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
Loki
e45490584a68e394f6714a78c96988adc241fd3acd783337bd66f26117535454
Loki
+ 1'201 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/45f2c615dde960357bc53cf73082b5de83cf5c0cd93d7a9b339af308d1229f0f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

r00 a048010be6875e24d796519fa8035014bdf60e2545cb7342e3375e6270dc571e

Loki

Executable exe 45f2c615dde960357bc53cf73082b5de83cf5c0cd93d7a9b339af308d1229f0f

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 a048010be6875e24d796519fa8035014bdf60e2545cb7342e3375e6270dc571e

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments