MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bec4fa4086e8913a708a4bacb710b4f88f82082a2d282641b24af1f31e6652b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	bec4fa4086e8913a708a4bacb710b4f88f82082a2d282641b24af1f31e6652b9
SHA3-384 hash:	c9a3a5ada8f8d2cd7d47397da863347381f18cc02a81358b95578a59a00e272fb1dbe85fd4dce95f3fb32f1b05d6bf67
SHA1 hash:	6744d64c4b1f77b375d7e20e7513594b8bd497d4
MD5 hash:	6416ecb792e83ab891566366ff0c8411
humanhash:	angel-winner-fourteen-jersey
File name:	bec4fa4086e8913a708a4bacb710b4f88f82082a2d282641b24af1f31e6652b9
Download:	download sample
File size:	307'712 bytes
First seen:	2020-03-26 16:25:27 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9dd0adf5bf851f3dc20249af2934dfa3
ssdeep	6144:uB/p3McO6eIAPvqcPGBjbqfZ7ELXeHJwETm3h7OF62NN7oS:uB/BkIAHqcPGBPMZHHJwEy3cFr
Threatray	9 similar samples on MalwareBazaar
TLSH	14642377C9EA2671EAB6483CCC571757CB241C6B0AC883E1BBF40E7B1852944929F3B4
Reporter	Marco_Ramilli
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Mpress-7

SecuriteInfo.com.Win32.DH_TA.32718.23490.UNOFFICIAL

PUA.Win.Packer.Exe-6

Gathering data

Threat name:

Win32.Trojan.Filecoder

Status:

Malicious

First seen:

2020-03-26 16:37:03 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

29 of 31 (93.55%)

Threat level:

2/5

Verdict:

suspicious

64dc4778b395fe6ba6b4911bb39d41dc2a1d5cb0655c0f369b25b5e38f0e27ec

9631ffcc8769d5ea6582646908a7a7e795cfee8d4fdaa3f1559deefb45ee6934

9b071bb883d03ad019622019118ed94894f8471ec7bff4982acc87267a552c68

a1b6faa0465ec8bf30e3450f9679f121ff9e724257577c38c813b77e82e1f42f

ac839669e7e0d6b42bf9517cc6f4db88c9eacc678df15c1c45be1771309cb020

e04cdba2c9443b7a859fb328cf19fecd73b6a91d0964b405d56a42ee0721c671

e9a26546e8929b65e7310d08fdbde6c884ee7c1ca6ec738489c287eb4e501635

f923c5ce0a44f73f86dbb04d02905e0e0068d675f6095680b41d904380800e17

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high
CHECK_TRUST_INFO	Requires Elevated Execution (level:requireAdministrator)	high

Reviews

ID	Capabilities	Evidence
SHELL_API	Manipulates System Shell	shell32.dll::ShellExecuteW
WIN_REG_API	Can Manipulate Windows Registry	advapi32.dll::RegLoadKeyW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample