MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e42d5d1c2c28924044e875a9334b05dea4d0e26a1e36c6411c7937c6464c1786. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	e42d5d1c2c28924044e875a9334b05dea4d0e26a1e36c6411c7937c6464c1786
SHA3-384 hash:	d1acbbdf122a855b6f55654880bbb58b88dedd530e1df43663ca01ae2b4b6a7611653517b4b5235b18c92e9d78b04ecc
SHA1 hash:	7a4284f5bdd718911b22974a25af13f69ba75f5d
MD5 hash:	edced05869c0198a7db8fd1782e238ed
humanhash:	hot-stairway-georgia-avocado
File name:	e42d5d1c2c28924044e875a9334b05dea4d0e26a1e36c6411c7937c6464c1786
Download:	download sample
File size:	465'941 bytes
First seen:	2020-03-23 18:49:02 UTC
Last seen:	2020-03-23 18:56:53 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	335172068aa2111ea57057a8ab38eb5e (1 x CoinMiner)
ssdeep	12288:EU44zUymULpA3mxW7tOmg696UXjoA9GMvWToEJeN:K4rmUdymg0gzbgHo5
Threatray	27 similar samples on MalwareBazaar
TLSH	5EA423215B88A784F4B571B4CC67C467781B3D6C986E6C80AC4960AF2E7136BE3C77A1
Reporter	Marco_Ramilli
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-48

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-4

Win.Malware.Ursu-7486622-0

Gathering data

Threat name:

Win32.Trojan.Smg

Status:

Malicious

First seen:

2018-10-12 18:03:48 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Verdict:

malicious

268953af63bad4895dd06c024fd1ec2af2c134623a0e100e26894e4d6bab741e

6269fd417f93e7c0d7cab576b35dc3b6f6a58c0f04e75533bad84987c228f0e6

75fa551eec71d6d8b9817266813715c2bbb7a537005587f9f1e0d058a05febc6

a5995d49de4242755e6baf1c40ad297f96a797e5a8dfd59ab779d088b84fab6a

bb14728459929940d4a7c6fd636177faacc0a23e4f75e526f12259e78a3853e7

c6b664ffd10c03d085b36bd57b72467b6508ba736e9c8d77182e0d1518b91295

e7d2deba4fccbea79ffa209ebe0ce49f98aecfb340c8d6ec3ea1773cb12cb07e

e97c8416fc63162b69167c2b4f51f82ae6aacc8e4276b76ca5b775ba2ec437ea

edde62496431c693fbd64bbccbb5fbb58338bcd9df1a949712955b110ff8e7e4

+ 17 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe e42d5d1c2c28924044e875a9334b05dea4d0e26a1e36c6411c7937c6464c1786

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/67797/

URLhaus

https://urlhaus.abuse.ch/url/155355/

URLhaus

https://urlhaus.abuse.ch/url/155360/

URLhaus

https://urlhaus.abuse.ch/url/181949/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample