MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 e2abae4267245cb93260418bba01d4bfb7f084cb552846cfac532b10e636d19d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
AZORult
Vendor detections: 3
| SHA256 hash: | e2abae4267245cb93260418bba01d4bfb7f084cb552846cfac532b10e636d19d |
|---|---|
| SHA3-384 hash: | 1451bdb9b9978aadbac6f455151ea476de9a930996c9cad0875bfde6ca8bb910191c6a25f4591fbd2fbfc16e5abc33ab |
| SHA1 hash: | ed8050b302d4e383e066456fc0cba50fe609a6dc |
| MD5 hash: | 74de49de8b2c98066f302050ee104777 |
| humanhash: | alaska-fix-yankee-hamper |
| File name: | 8393ca2b07add832e4e55364a3fb60e0.exe |
| Download: | download sample |
| Signature | AZORult |
| File size: | 115'200 bytes |
| First seen: | 2020-03-26 20:40:19 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 6d1f2b41411eacafcf447fc002d8cb00 (139 x AZORult) |
| ssdeep | 3072:tuOSXpMx7ZAlHsbfUkolNGti7lfqeSxM3SpyEYnE/Lxg/:Zzx7ZApszolIo7lf/ipT/L |
| Threatray | 341 similar samples on MalwareBazaar |
| TLSH | 35B3197AF6C19272E02809BDCD46D1B6912D76302D3918B6B2DA4F8CD5F95C26E2C3C7 |
| Reporter |  abuse_ch |
| Tags: | AZORult exe GuLoader |
abuse_ch
Payload dropped by GuLoader from the following URL:https://drive.google.com/uc?export=download&id=1sQA_CevfG7Bm-p0MMJTejGShKIwoOTAt
Intelligence
File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Gathering data
Threat name:
Win32.Trojan.Delf
Status:
Malicious
First seen:
2020-03-26 21:35:34 UTC
File Type:
PE (Exe)
AV detection:
31 of 31 (100.00%)
Threat level:
5/5
Verdict:
malicious
Label(s):
azorult
Similar samples:
+ 331 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
4dd60b4b554d1a1a3fd412d2acacd9fc4d9c316d62de4d7d010b407432660f22
Dropped by
MD5 8393ca2b07add832e4e55364a3fb60e0
Dropped by
MD5 28520507ca00d54fdb6904aef604135f
Dropped by
GuLoader
Dropped by
SHA256 4dd60b4b554d1a1a3fd412d2acacd9fc4d9c316d62de4d7d010b407432660f22
Dropped by
SHA256 dfdeeca6e3e918c0075ee56f0699f05708f117d5c3cb05ac1b19798e9a3a39b1
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_NX | Missing Non-Executable Memory Protection | critical |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| AUTH_API | Manipulates User Authorization | advapi32.dll::FreeSid |
| COM_BASE_API | Can Download & Execute components | ole32.dll::CoCreateInstance |
| WIN_BASE_API | Uses Win Base API | kernel32.dll::LoadLibraryExW kernel32.dll::LoadLibraryA kernel32.dll::GetSystemInfo kernel32.dll::GetStartupInfoA kernel32.dll::GetCommandLineA |
| WIN_BASE_IO_API | Can Create Files | kernel32.dll::CopyFileW kernel32.dll::CreateDirectoryW kernel32.dll::DeleteFileW kernel32.dll::GetFileAttributesW kernel32.dll::FindFirstFileW |
| WIN_REG_API | Can Manipulate Windows Registry | advapi32.dll::RegOpenKeyExA advapi32.dll::RegQueryValueExA |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.