MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 e37d69a8b607ea0e1e114223dfa6a7dbe40de485fa482e0370b886708a2992dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 2
| SHA256 hash: | e37d69a8b607ea0e1e114223dfa6a7dbe40de485fa482e0370b886708a2992dd |
|---|---|
| SHA3-384 hash: | 12ab0dc0c11f68f632c6215adec8cf05aaef0261c2334bab1ba7cc7cd990301d296808bf20b0223321b39fdcfd3a11a0 |
| SHA1 hash: | 466cdaa87668fcd5bf29f4400d590fcf76df1189 |
| MD5 hash: | c857890da5249b2501217d44e4b359c0 |
| humanhash: | artist-johnny-blossom-spring |
| File name: | e37d69a8b607ea0e1e114223dfa6a7dbe40de485fa482e0370b886708a2992dd |
| Download: | download sample |
| File size: | 1'837'750 bytes |
| First seen: | 2020-03-23 16:26:38 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | e92b45c54aa05ec107d5ef90662e6b33 (363 x GCleaner, 38 x Socks5Systemz, 3 x Backdoor.TeamViewer) |
| ssdeep | 49152:KiPpVBB4QoGZQPl9LpCc4C8PLgeNQyi4yoAzbjkWiYeG+13O+mOx:KiPrBB4jky4C8PLge++yZjRiYT+xn |
| Threatray | 72 similar samples on MalwareBazaar |
| TLSH | 27853369BEF6AC74D0D2DC3A1E01E5465D367A310E760005A16C84BF642BFB8B916F73 |
| Reporter |  Marco_Ramilli |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Delfinject
Status:
Malicious
First seen:
2013-02-17 14:43:00 UTC
AV detection:
13 of 30 (43.33%)
Threat level:
2/5
Verdict:
unknown
Similar samples:
+ 62 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe e37d69a8b607ea0e1e114223dfa6a7dbe40de485fa482e0370b886708a2992dd
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_NX | Missing Non-Executable Memory Protection | critical |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| SECURITY_BASE_API | Uses Security Base API | advapi32.dll::AdjustTokenPrivileges |
| WIN32_PROCESS_API | Can Create Process and Threads | kernel32.dll::CreateProcessA advapi32.dll::OpenProcessToken kernel32.dll::CloseHandle |
| WIN_BASE_API | Uses Win Base API | kernel32.dll::LoadLibraryA kernel32.dll::GetSystemInfo kernel32.dll::GetCommandLineA |
| WIN_BASE_IO_API | Can Create Files | kernel32.dll::CreateDirectoryA kernel32.dll::CreateFileA kernel32.dll::DeleteFileA kernel32.dll::GetWindowsDirectoryA kernel32.dll::GetFileAttributesA kernel32.dll::RemoveDirectoryA |
| WIN_BASE_USER_API | Retrieves Account Information | advapi32.dll::LookupPrivilegeValueA |
| WIN_REG_API | Can Manipulate Windows Registry | advapi32.dll::RegOpenKeyExA advapi32.dll::RegQueryValueExA |
| WIN_USER_API | Performs GUI Actions | user32.dll::PeekMessageA user32.dll::CreateWindowExA |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.