MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af6af9c2d50e7c692521dac219b7f2f23c6b677216267dcbaf44bd44f7290d70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	af6af9c2d50e7c692521dac219b7f2f23c6b677216267dcbaf44bd44f7290d70
SHA3-384 hash:	8c437899a42f75e452aca6ed993b23d61447b1b63d70162f3a82ca02ea036380476cfdedcee13564b0f2b026051da6ae
SHA1 hash:	e5e16ba4f24fd939e6ece581704ac6ca9df4b0d6
MD5 hash:	05df30ff372ff1d27ab4874b50565c8f
humanhash:	december-potato-shade-pluto
File name:	KpAdXhHpGjNrCmg.dll
Download:	download sample
File size:	849'920 bytes
First seen:	2020-03-24 15:35:43 UTC
Last seen:	2020-03-24 17:55:38 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	b345fbea21400eca1030f3cca441e8d5
ssdeep	6144:RmFrmviQwtDkn6xEiMt3BDCmJzwpYPtz7EMUkLP2W5pwK9DgoU:BviT06jqBD9JzwU9HUzR
Threatray	56 similar samples on MalwareBazaar
TLSH	4B05F5ADA74348E3E7753A34E3C20E42552171D5E4200D8FBBBE2E5C6EA97A27C15EC4
Reporter	Racco42
Tags:	dll ZLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Gen.NN.ZedlaF.34100.Zq4@aGQaZ5f.11809.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-03-24 15:44:23 UTC

File Type:

PE (Dll)

AV detection:

22 of 31 (70.97%)

Threat level:

2/5

Verdict:

malicious

14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d

2cefb03b68c5489c2abdde9993aa85d8465a26ce9ddb78849ee5e198103fdf6a

30e772385fc3887fdd1ef1e358dc05cc83da655ecf53257800daf5d68ae430fd

4ca3ae0f9b573739e66192f15aade1cf3d409ef133a7b6834ad4e387dea498a5

4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a

8542bf1c3c7532f11fc39b4b6a20a08ef5bd0c8d42e3262028d4ffdbc5aa88f8

987bd37601d6a662a35183c0dd766752e57ed9a1090bb0383b082baf4ea8f6c8

da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3

e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a

+ 46 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
COM_BASE_API	Can Download & Execute components	oleacc.dll::DllRegisterServer
MULTIMEDIA_API	Can Play Multimedia	winmm.dll::midiInGetErrorTextW
WIN_BASE_API	Uses Win Base API	kernel32.dll::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample