MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f025ec45dfd058e5cc1fe779756e56ba932db59263e33c8918aa15bf2ecf1f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f025ec45dfd058e5cc1fe779756e56ba932db59263e33c8918aa15bf2ecf1f8
SHA3-384 hash: 9566f9e2c480b192d6852867fc6623eeafd2a974b8f5cf6bbd562b9bdc380e07a1215be0c0f2f6cf5813e3959227553e
SHA1 hash: 9688acecb1710659ddf818200555470383e89434
MD5 hash: ef5a930f1a1d8771b5124c9776b254c4
humanhash: connecticut-hawaii-wyoming-winner
File name:Order Specification.exe
Download: download sample
File size:212'992 bytes
First seen:2020-04-22 13:21:00 UTC
Last seen:2020-04-22 14:19:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a4b5b9f70335d457d693efa6abff5e60
ssdeep 3072:gF/IHTe9egPwBK9YfjT0vraANr7xPz+mpOvsW/GvD:ykcLYcdfPz+mpOvsW/Gv
Threatray 114 similar samples on MalwareBazaar
TLSH D72408517E749963C71506306EE6D3BAC2483DE1C6E2C90F20A0775BAF73AC6646293F
Reporter jarumlus

Intelligence

File Origin
# of uploads :
3
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7687239-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 11:09:17 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t4bf5rc57ucy4xgb7z3zovxfnoutfw2zey7dhserrkqvx4xm6h4a._file
Verdict:
malicious
Similar samples:
1d67c5b17b0115be9c9213910f41e052d520c7f86a5b9373f145f8c5f2ded8e4
1f93e9ec506b2df6670b01905f5c42e05d7c2b4dbf44e37d82ee8050528d961d
350b35550e10e3ed50b1337e8899ab2eb9c9cbae7c077027f52bab3c5266bb84
44cac425f9daa34c012650bb145870ee3df2d1f5a87da9d58d20539ad8f51f10
4b79517cb074bc6373746e02781c160ead8344de3370bc518d63abe7d6a8b579
7e60af333b52731e98a3c49c7e0ecca12d86c8277f4e6f8f118fd021beb5acbe
8f6c9e3fe48707ed0446a2c90af1d3f6b10aab25b7cb60e78dda89f25b689cd3
aa7b5def54c0b6de7931e50356aedec2dcea40167f6e0be83f257be9b35e262b
f6cbd9ef6fbc0c2774a4bf2e43aa01804ee0294a453e8254f5a843a40051da31
fa905ffdb00ec8867a003c49ebfa43f6ff96b890c40b3fe31b0fc40bb344ded0
+ 104 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments