MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b1f7f04a34c13aca7100015038fd3948efd1d4eadd5cf42e49882cae4417bf4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b1f7f04a34c13aca7100015038fd3948efd1d4eadd5cf42e49882cae4417bf4
SHA3-384 hash: 41a865a8f28cd8f12b852196d474bbf159eb26194cc1fa7fd43f1fc27cd39ce6dd31d6e8869bc03d86a601bf3593097c
SHA1 hash: a1b1f64bc9c7268e24e1f58d51012c73db332eb4
MD5 hash: a2d1a543f23aedc3d82faf6d6df0a9ab
humanhash: magazine-jersey-stream-california
File name:payment#87387.SCAN.image.jpeg.exe
Download: download sample
Signature NanoCore
Create hunting rule
File size:405'504 bytes
First seen:2020-04-30 09:21:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 12288:I1KRQXHnSQlI+ehlzzz+uj0+gmNDvYXi19zKJ:OHXHSEI+4zzLjbgmNkJ
Threatray 88 similar samples on MalwareBazaar
TLSH CF84F1227689CD07CBE849F45462A14507B5AF1966E3F7CE6C8436FF1AF23C176092A3
Reporter jarumlus
Tags:NanoCore

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments