MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2322a27796d9f34f31d819e417d4eba3d1463ecb81b4b7aa1791812aed28a63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2322a27796d9f34f31d819e417d4eba3d1463ecb81b4b7aa1791812aed28a63
SHA3-384 hash: 69925ad42cf6bd232abb7260a4662e0e01385f76774761861cedd2df3873020a832951206659f246e2560f52717ee141
SHA1 hash: 8ca46c4d7ca4ac892de22a76753c787f8271f85f
MD5 hash: 3eb5f44492ce1147790450d950954a52
humanhash: carpet-echo-don-five
File name:iec56w4ibovnb4wc.onion_Library__Turla__MAPI.bin.malw
Download: download sample
File size:389'936 bytes
First seen:2020-03-18 23:10:08 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash ffdd7d29384f862df16f05b993adefd4
ssdeep 6144:18HYX/jlhFiFPfh1Fky/0RWYxknpg+5uoSchaq9lTf:184X7gtZXkysrxApg+woScDlTf
Threatray 22 similar samples on MalwareBazaar
TLSH 3B84AF02B698C031C54E04306A56ABB765F9A8B4556FC483FBC85A6F5F317C2EA39F07
Reporter ov3rflow1
Tags:malw

Code Signing Certificate

Organisation:www.apple.com
Issuer:DigiCert SHA2 Extended Validation Server CA
Algorithm:sha256WithRSAEncryption
Valid from:May 9 00:00:00 2018 GMT
Valid to:Mar 25 12:00:00 2019 GMT
Serial number: 0543F9BA21ADC46539192014C97724D1
Thumbprint Algorithm:SHA256
Thumbprint: 0CEDD833CA73ED8E289BE0E3FE80F5FB87F79C42671787AF98CABC3CC215D3AD
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::GetTokenInformation
SHELL_APIManipulates System ShellSHELL32.dll::SHFileOperationA
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessA
ADVAPI32.dll::OpenProcessToken
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::WriteConsoleA
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleOutputCP
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateDirectoryA
KERNEL32.dll::CreateFileA
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileA
KERNEL32.dll::DeleteFileW
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExA
ADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExA
ADVAPI32.dll::RegQueryValueExW

Comments