MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 e313f57f18897c99dd4718ff31449333e79281266f068f88aa2957ccfcaab03c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 2
| SHA256 hash: | e313f57f18897c99dd4718ff31449333e79281266f068f88aa2957ccfcaab03c |
|---|---|
| SHA3-384 hash: | ba2e90e3b4c4135edad1e1c0e0420b8a0ffd74094a2eee2102c167d6c95b1b7472a04bd5077485209d710fa79a47d541 |
| SHA1 hash: | 3762d025e5f8da0c77bc88295792992227f9fcf7 |
| MD5 hash: | 1aaea2811b051fdf83621e7e1a686e85 |
| humanhash: | autumn-oscar-romeo-seven |
| File name: | e313f57f18897c99dd4718ff31449333e79281266f068f88aa2957ccfcaab03c |
| Download: | download sample |
| File size: | 786'432 bytes |
| First seen: | 2020-03-23 16:25:09 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | b28df6b20bf1d2940e8ed810696eb077 |
| ssdeep | 12288:HL4QngNOhbC/1WkPmVRdx10VMo58tMyFs2Y0Y:0k0mdx1F82Y |
| Threatray | 2 similar samples on MalwareBazaar |
| TLSH | 8CF49D12B2D1C07BD1B200740EA97B6AA6F9FDB24B199DC373C03B6D0DB65C15B3691A |
| Reporter |  Marco_Ramilli |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Gathering data
Threat name:
Win32.Virus.Virut
Status:
Malicious
First seen:
2019-07-30 12:08:06 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
5/5
Verdict:
unknown
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe e313f57f18897c99dd4718ff31449333e79281266f068f88aa2957ccfcaab03c
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_NX | Missing Non-Executable Memory Protection | critical |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| AUTH_API | Manipulates User Authorization | ADVAPI32.dll::AllocateAndInitializeSid ADVAPI32.dll::BuildExplicitAccessWithNameA ADVAPI32.dll::FreeSid ADVAPI32.dll::GetLengthSid ADVAPI32.dll::GetNamedSecurityInfoA ADVAPI32.dll::IsValidSid |
| COM_BASE_API | Can Download & Execute components | ole32.dll::CLSIDFromProgID ole32.dll::CoCreateInstance ole32.dll::CoFreeUnusedLibraries ole32.dll::CreateStreamOnHGlobal |
| MULTIMEDIA_API | Can Play Multimedia | MSVFW32.dll::ICClose MSVFW32.dll::ICCompressorFree MSVFW32.dll::ICOpen MSVFW32.dll::ICSendMessage MSVFW32.dll::ICSeqCompressFrame MSVFW32.dll::ICSeqCompressFrameEnd MSVFW32.dll::ICSeqCompressFrameStart |
| SECURITY_BASE_API | Uses Security Base API | ADVAPI32.dll::AddAccessAllowedAce ADVAPI32.dll::AdjustTokenPrivileges ADVAPI32.dll::GetTokenInformation ADVAPI32.dll::SetSecurityDescriptorDacl |
| SHELL_API | Manipulates System Shell | SHELL32.dll::SHGetFileInfoA |
| WIN32_PROCESS_API | Can Create Process and Threads | KERNEL32.dll::CreateProcessA ADVAPI32.dll::OpenProcessToken KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryW KERNEL32.dll::LoadLibraryA KERNEL32.dll::GetVolumeInformationA KERNEL32.dll::GetSystemInfo KERNEL32.dll::GetStartupInfoA |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::SetConsoleCtrlHandler KERNEL32.dll::SetStdHandle |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CopyFileA KERNEL32.dll::CreateDirectoryA KERNEL32.dll::CreateFileA KERNEL32.dll::DeleteFileA KERNEL32.dll::MoveFileA KERNEL32.dll::GetWindowsDirectoryA |
| WIN_BASE_USER_API | Retrieves Account Information | ADVAPI32.dll::LookupAccountNameA ADVAPI32.dll::LookupAccountSidA ADVAPI32.dll::LookupPrivilegeValueA |
| WIN_REG_API | Can Manipulate Windows Registry | ADVAPI32.dll::RegCreateKeyA ADVAPI32.dll::RegCreateKeyExA ADVAPI32.dll::RegDeleteKeyA ADVAPI32.dll::RegOpenKeyExA ADVAPI32.dll::RegOpenKeyA ADVAPI32.dll::RegQueryValueA ADVAPI32.dll::RegQueryValueExA |
| WIN_SOCK_API | Uses Network to send and receive data | WS2_32.dll::WSAIoctl |
| WIN_SVC_API | Can Manipulate Windows Services | ADVAPI32.dll::ControlService ADVAPI32.dll::OpenSCManagerA ADVAPI32.dll::OpenServiceA ADVAPI32.dll::QueryServiceStatus |
| WIN_USER_API | Performs GUI Actions | USER32.dll::AppendMenuA USER32.dll::CloseDesktop USER32.dll::EmptyClipboard USER32.dll::OpenClipboard USER32.dll::OpenInputDesktop USER32.dll::PeekMessageA |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.