MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 969ca1f1cd74be7951552e6d03ee91abda18255b1761dfd46e049737ab0db12d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 969ca1f1cd74be7951552e6d03ee91abda18255b1761dfd46e049737ab0db12d
SHA3-384 hash: e5d2603fc614f5f36b49cbbff3f0255149c4a0293fa7a95db917ca4a570239441d812b8fe2cf27e27669ce55427067d7
SHA1 hash: c9fd00baaa1b5608f745bb7baa9ab1ba55828e80
MD5 hash: 4afdf51839ea6939d4977a576db881f2
humanhash: ceiling-mockingbird-september-virginia
File name:4afdf51839ea6939d4977a576db881f2.exe
Download: download sample
File size:327'680 bytes
First seen:2020-04-03 13:36:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dcd962aa8363601c6fe81195a7a7b590
ssdeep 6144:Csu5Ls84UUF+tR7t4AMkw5KRlX5LQ2i7/aGR+0b1QtqfefZdDWYOtTcpeaKJW5M:Csu5QktpMkwNQZdDrNfN5M
Threatray 12 similar samples on MalwareBazaar
TLSH EC649F01B2C0D231E4E20675537E9B6B847EAE352775E6C767C42D4A9C324E2AB38B53
Reporter Jirehlov
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Filecoder
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 00:28:13 UTC
File Type:
PE (Exe)
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
389f012cb41a7504746d8e5f2dd76ba69b69e7d0e395f34ab629be72e09c1187
3f5e9228e55bcc3b1275b7781683f6465921db947bfa6897a62bd5b7a1d15474
5c70c7edfb7fa1c96b1c5bd66023768c67d2162754e7cf0d01295092ff66afc9
62b12b5aa0a143e4e524a373433964af7789445282fbf8247be68e57c8befaa9
6575a80b5fa70f2b72b0c5270e4bf316efbdda166b73267a783ebe8a56f3cd1e
903e3182b86482ee5d72a3d067be340cd1098d486a795adbc47545ddd7b72526
ade6319a39a00bf3db7e3668d57dbec2144ba7488afa91d0aaf40ee49cf83340
d73498e0aabb97375783af491aded66aa6710ba848247de3337f404fa02a35c0
e90113ece868954185441f939e93cab4f887465291e620753b411d043131b793
fdafb44be84ea918c76a99f4c24c08fbe8de6648a4ad73614f77450aa2b43484
+ 2 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::InitializeSecurityDescriptor
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::SetSecurityDescriptorDacl
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessA
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetDiskFreeSpaceExA
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryA
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileA
KERNEL32.dll::DeleteFileA
KERNEL32.dll::MoveFileA
KERNEL32.dll::FindFirstFileA
WIN_CRYPT_APIUses Windows Crypt APIADVAPI32.dll::CryptAcquireContextW
ADVAPI32.dll::CryptGenRandom
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExA
ADVAPI32.dll::RegOpenKeyExA
ADVAPI32.dll::RegQueryValueExA
ADVAPI32.dll::RegSetValueExA

Comments