MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01e140fe679c25634196075a34eb5c8594ec3631571023282955962b3dc1f609. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 13


Intelligence 13 IOCs YARA 17 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01e140fe679c25634196075a34eb5c8594ec3631571023282955962b3dc1f609
SHA3-384 hash: 13013753897ae33abd4042d7e8e4475d7c5d10290488bfbaa71216c6ea528e9b9d6f179bcf96121912261489b0f01722
SHA1 hash: 1be519a62f1eb9ea652912febe224281920826fc
MD5 hash: 95a038e808df8f49a7bbfb0838c714f9
humanhash: twenty-mirror-diet-seven
File name:LATEST PROMINENT INSURANCE BROKER PROFILE 200125.scr
Download: download sample
Signature MassLogger
Create hunting rule
File size:639'488 bytes
First seen:2025-01-28 11:33:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'647 x AgentTesla, 19'451 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 12288:cKOlbxr+0IO8DfwKAsf2R9RA6puoNpReuG5wAfApA4tNt1tZKOE7wTscv:7/fSs29RAIu8gr5FfL4tL1tZ5Jv
TLSH T1F6D49EC43B397302DEACB930853AEDB8A2652E64B110B9E27EED3B4775D9113991CF41
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
File icon (PE):PE icon
dhash icon 0800cccccccc0008 (8 x Formbook, 2 x SnakeKeylogger, 2 x MassLogger)
Reporter adrian__luca
Tags:exe MassLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
HU HU
Vendor Threat Intelligence
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6798c3e429ae628cf42a4d96
Tags:
remcos snake
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Adding an access-denied ACE
Сreating synchronization primitives
Creating a process with a hidden window
Creating a file in the %temp% directory
Launching a process
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
DNS request
Connection attempt
Sending an HTTP GET request
Sending a custom TCP request
Reading critical registry keys
Adding an exclusion to Microsoft Defender
Enabling autorun by creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
masquerade obfuscated obfuscated packed packed packer_detected vbnet
Link:
https://www.filescan.io/uploads/6798c0b485aac483f389de3e/reports/7cc8ac6f-6358-44c5-9cf7-e3c20f946a0e/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/01e140fe679c25634196075a34eb5c8594ec3631571023282955962b3dc1f609
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2f817e07-c30c-4653-8a18-ececbb9dde95
Result
Threat name:
MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1601212
Signature
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Adds a directory exclusion to Windows Defender
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Contains functionality to log keystrokes (.Net Source)
Found malware configuration
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Scheduled temp file as task from temp location
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AntiVM3
Yara detected MassLogger RAT
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1601212 Sample: LATEST PROMINENT INSURANCE ... Startdate: 28/01/2025 Architecture: WINDOWS Score: 100 48 reallyfreegeoip.org 2->48 50 checkip.dyndns.org 2->50 52 checkip.dyndns.com 2->52 54 Found malware configuration 2->54 56 Malicious sample detected (through community Yara rule) 2->56 58 Antivirus / Scanner detection for submitted sample 2->58 62 13 other signatures 2->62 8 LATEST PROMINENT INSURANCE BROKER PROFILE  200125.scr.exe 7 2->8         started        12 hqIPpqvAGwBKXm.exe 5 2->12         started        signatures3 60 Tries to detect the country of the analysis system (by using the IP) 48->60 process4 file5 36 C:\Users\user\AppData\...\hqIPpqvAGwBKXm.exe, PE32 8->36 dropped 38 C:\...\hqIPpqvAGwBKXm.exe:Zone.Identifier, ASCII 8->38 dropped 40 C:\Users\user\AppData\Local\...\tmp53AF.tmp, XML 8->40 dropped 42 LATEST PROMINENT I... 200125.scr.exe.log, ASCII 8->42 dropped 64 Adds a directory exclusion to Windows Defender 8->64 66 Injects a PE file into a foreign processes 8->66 14 powershell.exe 23 8->14         started        17 LATEST PROMINENT INSURANCE BROKER PROFILE  200125.scr.exe 15 2 8->17         started        20 schtasks.exe 1 8->20         started        22 LATEST PROMINENT INSURANCE BROKER PROFILE  200125.scr.exe 8->22         started        68 Antivirus detection for dropped file 12->68 70 Multi AV Scanner detection for dropped file 12->70 72 Machine Learning detection for dropped file 12->72 24 hqIPpqvAGwBKXm.exe 14 2 12->24         started        26 schtasks.exe 1 12->26         started        signatures6 process7 dnsIp8 74 Loading BitLocker PowerShell Module 14->74 28 conhost.exe 14->28         started        30 WmiPrvSE.exe 14->30         started        44 checkip.dyndns.com 132.226.247.73, 49708, 49712, 80 UTMEMUS United States 17->44 46 reallyfreegeoip.org 104.21.16.1, 443, 49710, 49714 CLOUDFLARENETUS United States 17->46 32 conhost.exe 20->32         started        76 Tries to steal Mail credentials (via file / registry access) 24->76 78 Tries to harvest and steal browser information (history, passwords, etc) 24->78 34 conhost.exe 26->34         started        signatures9 process10
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/01e140fe679c25634196075a34eb5c8594ec3631571023282955962b3dc1f609
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01e140fe679c25634196075a34eb5c8594ec3631571023282955962b3dc1f609/
Threat name:
ByteCode-MSIL.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2025-01-21 09:33:07 UTC
File Type:
PE (.Net Exe)
Extracted files:
8
AV detection:
27 of 38 (71.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ahqub7thtqswgqmwa5ndj224qwkoynrrk4icgkbjkwlcwpob6yeq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
collection discovery execution spyware stealer
Link:
https://tria.ge/reports/250128-npep7sxldy/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Checks computer location settings
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
Verdict:
Malicious
Tags:
404keylogger
YARA:
n/a
Link:
https://app.threat.zone/submission/ffa4b4ad-8b27-40d1-a704-6c2c016806eb
Unpacked files
SH256 hash:
baeb0c28f054433986f63d2a9db722b5c0bee8a44fb4d03d2ebbea9827221efe
MD5 hash:
d0ce726175f3292183d0bb0f329b7265
SHA1 hash:
603bf3b2988a998ddcb6d94ef4225609ece0f8e8
Detections:
win_masslogger_w0
Create hunting rule
win_404keylogger_g1
Create hunting rule
MAL_Envrial_Jan18_1
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Link:
https://www.unpac.me/results/1a552704-97c1-4c55-82cb-a9d8991514ae/
Parent samples :
ff686f645ff7a1b0672895a7a72a5ee528cd112b2469182c79c98f7621af607e
4d7ae4a600ffeadb38636c294d14612029a0b76313fefb6f27b606b2018b3400
efd86329975988f4c9e3178d139e82558d9ab07bb53dea0c5b6d0b234bb5cd35
c470eab16e537bf777506e63bbedd58114c0403965e9a01965507ffd731dde4d
784f9e5d1eedc785401f6397aab1d9fbfff7593262f8db591e50ae06d37cba02
01e140fe679c25634196075a34eb5c8594ec3631571023282955962b3dc1f609
02430eed2a0da0347c2b28a864ca61a55a79a925f4fbcdccb2806f2030c2ec4e
7e33af8622230cc26f8600ea1ff34bb8f38ed9c5124909961357b3a81ed03ce8
54a8b4c753e22ebf0f248088c4424393f31417b9d79e0dafe7bf573e6263240a
f10dcedfa178a0bce77e909b072ff0deb66ab588db90b7f5eb3d0bbe8c75215b
9d67042ccd43e9389b4b6c717f7407dd26fa5edd3689896d3fe6a52d8534a780
SH256 hash:
93f092e8ee40e881bb710c17ab32483efe1b3d2096a718b6c13088b19a06b1cb
MD5 hash:
3b05d88d83067e3d34f25a3dd2b07133
SHA1 hash:
477714f331629b95b62d4d7220f8f994087e326e
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/1a552704-97c1-4c55-82cb-a9d8991514ae/
SH256 hash:
52623f7f653468852363e6eecd312eacb8c07d24f3e4d06a736ee88d5945d6b6
MD5 hash:
bc67ec4fbc8d26fa2992db28c17d1bd1
SHA1 hash:
09de04d8f8eaa2f5509b632e26e0d66053e6a3d3
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/1a552704-97c1-4c55-82cb-a9d8991514ae/
Parent samples :
701cc76315954f7e5e8b0fb36db44cdb6e6e40384be529670490523be1429d8f
84e892d4627a3a3aa053b30200788bd6942c046d2dadcf5121017a32e10142f2
6f094aa75a8322555241fae3063c17075a6ed5166bfb41c9055c390278178d6b
339c521fe6235de8b0b912c9fffcad6cc2eab721902ac095bafa510d68868c97
06c6a4f57f8b8d5b12406b5b2c8960362c0c2ef3cf74c4dcb49481ebb942230e
c470eab16e537bf777506e63bbedd58114c0403965e9a01965507ffd731dde4d
845304505e2c101665da5f7c34cff35f470b7a02d7c0218d7bd0d25664cc9cfc
e69d37275cc3b52a9d3a26f76073191ab8f59901781b5ef2859f33dee2252ddc
00580380c811027c799634812e6f785df11f2f2eb3fa1718ac8c4ff47fd6ef2d
3cad0fb9280972f24f68c74e7b9c93dbd446c22f704f3b66cc7f1effc54d7a09
8bd60c5add862eb634b15fad4020a9afcf8ed6f523485665c80044f90bc8b305
5d4dc700ab772bfb4ac1fa290c0dfeae62058d31c42b48b5072a2c13b4c419bb
1de6c06cde011693219b05444f8e18cf1fe97373d0557a083a6e6e7d836e3153
db86c56e2f1c33504e4bd47d1490709bc5afe4ec1d95a0fbf22510bc3c542a8b
202efe071db5f07fc1570f9f296799dafd1bdcd29085e0b9c8c5c9e2ce1199d5
07abbe06a2d17f142846d33bda215df5b05355148c781cb9ff1c8f233f534cbc
f89d5db1d93b61d6e6346fa86e914a5b02e927c8eee905e658b0818f76a545ca
784f9e5d1eedc785401f6397aab1d9fbfff7593262f8db591e50ae06d37cba02
1c80bf8e780ae58203e7f816c8fe04f66df434a3fbd981ba7c6e52e588622c03
efd65e32b20afe5bd0541a097bb5f4e7f741875b2c65cab7f08c04a645ccdf6f
eda2bf8423a8046d884b20532a74bed0ce7219a2ee5f9fe829a72624d081e3df
8fe18e6c77d0b63ad58b669472c8247a8771c82ce4edc65814bb4c53fe5ab51c
cb45d6a207ad4218619ad1b7e1001b55201894ef21f717588e5f3df5122c0583
7abd614a718eae6e0544e6828c834f275248093b5d807b7cc5c4de975dc7abc9
91a04734fb1bfa93391d961ff94dfdfffc3021d6cf56cb31f9d696aa3251c6e2
51d5fbecdf7459fc37ab296b97245a020f31cfd4ac1073f3fb2947a3710a8523
0198cc6636a1c05da00eb7457f498c6e1743fe0a9e3d50fc106621f862bf04dd
0ec77a2b6843ab87887929ed395775aa2280cb4d8d16454827bde96fcb3a100a
4fc7cb2b1080330179c0164b3cbd8b5906375fcadaad566896a5b6468917a21a
7a4b80b6d3ea4ca73224197f7d85d763dd953826978cdc30c6e75fb298cfb5ab
1b758fdf653d34cd62c7fecd1e3023ca5d3537360097676b5cc83b7915c2ac90
489d60af14c516d7b4f712272b1a2803988385e197a5883431d58f7694f22f20
f9075b95c77272f8c8f1b8fa996374c9c8e6bc0e2a6f1cbb6cc2fab34b9b589c
d122657bf2b391fb9fe392a711526b7ea4163bc606d629144c0e7b72700872d5
60541941074f0d0772bfd1b307f3ac777ed84f776bdd89aef505960bc97c1404
5e0237bb820fdcd2bafcaee8be22bb60004ef0f644c9eabaebcad2c423f4d4d4
1f468ba035928b41550cd68056a3e2ba8b4ef5e98b61b45c4562f110ddaba29a
24ce2be70ffbceba0067972a154cba571866cbeca67e2132bc01352f46acd9b6
8078b743d8a317718f8fa77d12caa85019cce7dfeab9da4e268fb4836a7f9e74
d4f10c758df8ca5f3bd16209cf5b82a27b218719453ad29e7f5073d08c376676
13aef47049b6f723e3b24e8f794b9c09e18ed477f62436d1a8250951b4fe253e
42c52ed2af4708289cb182a0fd83026691eabc7c4916a3ef0cf8a01b5f890856
9bf5d73a9924bd9e616336e200767e575569869d7d0ab959de9c7ebb37914dfc
7f10867f8a37f96369cf305b122fa7f5fb3f61e0a98dc35d66a7206530557c1d
422bb7209a36ebb05303bbf0e6de6e1fcaef855b360f658eeee67ff9dd49d5bf
2e7fac97bc9785e461473c2776be1da2d9dfe7916753d4a3148c5055edeb9bd6
e16ed69e1d337d88539ff98cda8d36aabc495db375d68e4f9b86a1843ad8c679
799332983f0739446bd4e37db4163529d016947426bdc4ee519dc2e5976445f7
fea0db3026f3e075b240d97b0ff93ac157c8dc69a7d56a32e3595ed261a9ea55
2bc219aa0c642b6064f467a9abe85ccf81dfd0191377fa4453863384f22b5fa5
5d4360996a1f89361dda1818a51dcdd2a551698c6c4d887b5ba67fd86b946e3b
79a83acd6e34d187228950510e8bdcb36f0d3cc6dd9d6d35d40d37651454c1a3
2040a0fdd0eddf11176cddce8489b0906e9bb6ed39b2c825f883e26a3309db57
da8f006e36cc66990a1a1f43539bebc73fc9531413ba2960180db55927552014
52588fe73383ccdb5d715ecff941d1ae169a57d49deddcc8e3c06536f2c56795
7300535ef26158bdb916366b717390fc36eb570473ed7805c18b101367c68af5
23b7eb252bc2a67247c1a93f3f810acb46664d21fbb029051297c016e2991bcc
fd3164057ef5cfebb668b25b93a0638edf8d032f7a1e0c13249334bd913a1ad3
d07f3d05d91790637901f276b2b2a13ae4006768c22d9e6576a283a916530e38
eeae24981abf36649d9eeeedaee30acb50374d5567c8543e66b9c337688a7794
887f393b62c6c4b69e81cfc772397619082d936dd38cbcbc0f54b623ef871af6
12156a70576773f3aea3bb59bcb042ddc4033a7e0c1ec5dadaa8df2470a53664
a932a1ece48c319e2ea472193afc00132644c7540b4d0156b1c9b518c54869dd
a91e52d4bedcc2c8114e3f2ddb80908c4abb92b0838689a14818494009088b95
7ea98bae6d7f0176c1ae6cecc9bfbc8611304fe007899d8d989425c7b13f3339
238525043acd0e92e92f6317fdadcb469dd26ef5cd7460e0188a673165ebef84
9410ad58ad07e9b3ed28bc9be7a567ed733e14ca0de9faa470cc7c200ddd917a
2ded7ae6526b0a58dbeb50d575c13c84f76751f15a81ffb81d4a4d7f9d8539ce
232a7e46e445365072b4a136330efec9284ce63b7b1525442a10f68a8ef02ee4
1fa03ffa990685dcc676b8706fd5ef7246de2c18b97c14d882ee25b0d130955e
9529683e6579dc09cc61d5f2e5909d922f2bb589586d9c2350642d525924c1c4
8bcb1766e1f236382b36fab2fc6a8ee385275c0acbf3067471cd9b35703f2875
9fd0ede72e03f6a4897daaa809a4dafa9b9e0eeac52c5244b11df40e9a4af2f2
ece49e828c96a3cbc96535f04ef66109c997cb13a87850c4b66b3de0fd2818f7
320daf03f7f2b9e697955ebc5c479c51fa3fb32caf789187c54b52749550305a
01e140fe679c25634196075a34eb5c8594ec3631571023282955962b3dc1f609
0d222d3b5efc99f87cab1fd26440f65f531c1058dad5d9153e45331bbcf5e856
f7fbfc0649a348b742faf012fd443a55ee310f475a9b58d7b07ede4e0428f494
b5bc975891963c29a16fe8ac7dd612f15afe937fd14ba95707a6ab30224bfc7a
f6093a0d468e3cd2df9b2563336ccbd3b5783e8c06c52e296770fc31fe5257f4
99430e62ab4f67847bae708e0414b25e6df4a3631c7477231ef4bb3c214d37c3
25f9a9731702553929452710d25a8587ca7e7e7ef9494b7f82c6682a2cecf024
9d206d3991c8549fb048a2aac2bf5aa7d25c0958713fc8f3aa2bfec18d47dbe7
e07298c237f7f69d83c9760409b8c38dc311581008c751c3f6ddd37bb408cc87
e3ce6cb3e592837181c06c157cd1afd190afbedca9c66da7f4dbaf58c51afcd8
143a58287706e26be705b3756cf1810922cb28e92954ec6e669131178bf196fa
089e95b16d5f1acc07ddaf59d1edf60fd52ce6cd29f4bfa17377f4a68c383d12
662c96f27f4533d72e97b4cffe31be71d810dae4e6c1ac981060c38d3f627142
a5d951ea30a7079b09113a1f7d98abfe809f8030be45de8f8f9e96a51778867c
24d731e94d2250181a75707739b145da491194c5a6bfd29fd93ab276bb106601
SH256 hash:
01e140fe679c25634196075a34eb5c8594ec3631571023282955962b3dc1f609
MD5 hash:
95a038e808df8f49a7bbfb0838c714f9
SHA1 hash:
1be519a62f1eb9ea652912febe224281920826fc
Link:
https://www.unpac.me/results/1a552704-97c1-4c55-82cb-a9d8991514ae/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:crime_snake_keylogger
Create hunting rule
Author:Rony (r0ny_123)
Description:Detects Snake keylogger payload
Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Author:ditekSHen
Description:Detects executables using Telegram Chat Bot
Rule name:MAL_Envrial_Jan18_1
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:MAL_Envrial_Jan18_1_RID2D8C
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:masslogger_gcch
Create hunting rule
Author:govcert_ch
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:telegram_bot_api
Create hunting rule
Author:rectifyq
Description:Detects file containing Telegram Bot API
Rule name:Windows_Trojan_SnakeKeylogger_af3faa65
Create hunting rule
Author:Elastic Security
Rule name:win_masslogger_w0
Create hunting rule
Author:govcert_ch

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe 01e140fe679c25634196075a34eb5c8594ec3631571023282955962b3dc1f609

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments