MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64dc4778b395fe6ba6b4911bb39d41dc2a1d5cb0655c0f369b25b5e38f0e27ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 64dc4778b395fe6ba6b4911bb39d41dc2a1d5cb0655c0f369b25b5e38f0e27ec
SHA3-384 hash: 479bd0113fa401befe86e77d3320f15f6b38b3edc551e78ee63137323c75daa87799eb2a6024cc4b6abb4a8b53af76ea
SHA1 hash: c79c60eff9884622b724217151221546e9d86a92
MD5 hash: e36c988ffcfafc936cde0b451d6902e5
humanhash: don-comet-tennessee-ohio
File name:64dc4778b395fe6ba6b4911bb39d41dc2a1d5cb0655c0f369b25b5e38f0e27ec
Download: download sample
File size:1'077'248 bytes
First seen:2020-03-27 05:46:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9dd0adf5bf851f3dc20249af2934dfa3
ssdeep 24576:dlc6lHbeDOsGShLkp2/ERreKgZWfhIB3:dlc3OuLwKZW
Threatray 7 similar samples on MalwareBazaar
TLSH 023523E687C31302EF8D88397628BBE41A65973AC6549C2858A5FB35D0B9739C5CCF1C
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Mpress-7
Create hunting rule

PUA.Win.Packer.Exe-6
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Genasom
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 06:35:37 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 30 (86.67%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
2c08eadd3382400c96eb0d442d555053aa80eb467f328eb12bc97046ca3a6603
9631ffcc8769d5ea6582646908a7a7e795cfee8d4fdaa3f1559deefb45ee6934
9b071bb883d03ad019622019118ed94894f8471ec7bff4982acc87267a552c68
a1b6faa0465ec8bf30e3450f9679f121ff9e724257577c38c813b77e82e1f42f
bec4fa4086e8913a708a4bacb710b4f88f82082a2d282641b24af1f31e6652b9
e04cdba2c9443b7a859fb328cf19fecd73b6a91d0964b405d56a42ee0721c671
e2136c8268bb5be4fe2a295a9bb9250c00437452cd3d65822290e3a68b1fb94b
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high
Reviews
IDCapabilitiesEvidence
SHELL_APIManipulates System Shellshell32.dll::ShellExecuteW
WIN_REG_APICan Manipulate Windows Registryadvapi32.dll::RegLoadKeyW

Comments