MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3
SHA3-384 hash: 1ff111f9f983c81201dba6f66cdbd5adef8ce9bba2a5a78e9161f0a8346018906cd2fa22231a7c7595cec205f237aa8b
SHA1 hash: 9ff48900feed1f2433b3ef1610a5fc2b438152de
MD5 hash: 25c4f6ec3f18c71bf9639746b8fe9567
humanhash: steak-thirteen-charlie-carolina
File name:oUjFYGTrrUoPBIm.dll
Download: download sample
File size:806'912 bytes
First seen:2020-03-29 19:17:23 UTC
Last seen:2020-03-29 19:51:00 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 80ea0151383dbd4d0e5038dee183a8e4
ssdeep 6144:QnuLP2W5pwK9DgomFrmviQwtDkn6xEiMt3BDCmJzwpYPtz7EhUkm:e/R8viT06jqBD9JzwU9SU5
Threatray 54 similar samples on MalwareBazaar
TLSH 2B05F5ADA74348E3E7753934A7C20E42551171C9E8200C8FBBBE2E5C6FA97A27D15EC4
Reporter Racco42
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/317/
Detection(s):
SecuriteInfo.com.Win32.GenKryptik.EHGQ.11564.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-03-29 19:35:36 UTC
File Type:
PE (Dll)
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0a529a4059586c60a025c4f646c6ca443488a39263f5f21b897fe7f9373602e8
1130c38b05892129ef1a97693b0d3797a45ec69fe0d95bc28e4b09e3d4dd0e9c
14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d
2cefb03b68c5489c2abdde9993aa85d8465a26ce9ddb78849ee5e198103fdf6a
4ca3ae0f9b573739e66192f15aade1cf3d409ef133a7b6834ad4e387dea498a5
4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a
8542bf1c3c7532f11fc39b4b6a20a08ef5bd0c8d42e3262028d4ffdbc5aa88f8
987bd37601d6a662a35183c0dd766752e57ed9a1090bb0383b082baf4ea8f6c8
af6af9c2d50e7c692521dac219b7f2f23c6b677216267dcbaf44bd44f7290d70
e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a
+ 44 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Visual Basic Script (vbs) vbs 1d9da08ba8d8e516a9d5ae86dff5957c330c1ec02df8282b633ff5d14bfc0735

DLL dll da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 1d9da08ba8d8e516a9d5ae86dff5957c330c1ec02df8282b633ff5d14bfc0735
Cape
Cape
https://www.capesandbox.com/analysis/317/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIkernel32.dll::LoadLibraryA

Comments