MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 547c80b6ac037b0496c7b47ec8e002fb08eaa303de5e14e8f46fa1ee7bb43116. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	547c80b6ac037b0496c7b47ec8e002fb08eaa303de5e14e8f46fa1ee7bb43116
SHA3-384 hash:	03aeaf22acaf058aabba985b34f4029a42510fb8d02732fa04f8a01769845451bc6f821f95eca22af905a8bd1611e4a6
SHA1 hash:	951a0016c2610e2ea65a438da971adb3f0090541
MD5 hash:	5c2a12874a98304130be82af881e74e3
humanhash:	solar-florida-emma-eighteen
File name:	C0A0031394AEAF0EE98DA273A790BB94BE746274_CM034575_msimg32_dll_decoded.bin.exe
Download:	download sample
File size:	141'312 bytes
First seen:	2020-04-30 07:26:31 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1549188a4b3f7039e832bc9688f40016
ssdeep	3072:gEdIPPMhbVaKgvMdK7Feu1CqXZfamSYsf42cW:zun81EMoRpJfkD
Threatray	10 similar samples on MalwareBazaar
TLSH	A1D3F1A2E3D948B5D0D54734DC227E2DFB20B852713DEF02730095ED7EA27E66998721
Reporter	jarumlus

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

Win32.Trojan.Tiggre

Status:

Malicious

First seen:

2018-10-12 11:00:17 UTC

File Type:

PE (Dll)

Extracted files:

AV detection:

22 of 29 (75.86%)

Threat level:

2/5

Verdict:

unknown

2d065db29c3cccec041bbb769dd065dd7d406bf8a4234da2774427da4ffa9785

33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a

349a52b2d011c6f570d87ca4706a644c0f4ab8a6b96decd522c2fd789ecf50ac

5978884a07ea7559941ec2a1ce86e08e4be36a9aae9d535f58021602b24cdaba

615b9395be665d265953e69924b4df1808eda0fd40381d6d469bf4c362590125

83db97610db35554df4061ac1370a10dcda2006d212f4d17e741cfdfdf6264cb

846481e2b8fa290c2cb12b0c8803305435c9833c4c791f3d4d989db6f51838c5

a6f6ee6214681cc7c2fcd82af2b0d8362600624e35a6d027b70787561b1f67d9

de034510400de08c5508ad8d236bc533990778cd9867c0a6190a5459cbca6422

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample