MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 02490797444bd8dfe45e3e604b168241ee099ec5e8906af863e5ed43b054cd9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 5
| SHA256 hash: | 02490797444bd8dfe45e3e604b168241ee099ec5e8906af863e5ed43b054cd9a |
|---|---|
| SHA3-384 hash: | e89bc4352f51e4bfcd80a9e358f9c819b817a61ac205f1ff59675f7b5a9c924932390f1fbd798b6da6460983c244e113 |
| SHA1 hash: | db900e41aed9ff9894df95d60abe0a37c11316e1 |
| MD5 hash: | 6d5d4170c2660a5b8f9ae8c80e391bf4 |
| humanhash: | stairway-lion-green-nine |
| File name: | 02490797444bd8dfe45e3e604b168241ee099ec5e8906af863e5ed43b054cd9a.bin |
| Download: | download sample |
| File size: | 1'164'864 bytes |
| First seen: | 2020-11-03 07:53:10 UTC |
| Last seen: | 2020-11-03 09:59:57 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 46edcd0fcdcc51627e30f38bf385fcd3 |
| ssdeep | 6144:SgWeU9kZn6z2JsXQY/eNz7sv7WR2B85YWwiUiav8+1Ag1vzwxtZJfGh:Sn6nAuuQhGD455Ufv8KN1vzsZJfGh |
| Threatray | 1 similar samples on MalwareBazaar |
| TLSH | 1D4542143DD2BF22F1FABCBA4910D61BFFB384D029B7844A281990F6F397993559424E |
| Reporter |  JAMESWT_WT |
| Tags: | signed |
Code Signing Certificate
| Organisation: | WTCRDHMABUXKLCZLCW |
|---|---|
| Issuer: | WTCRDHMABUXKLCZLCW |
| Algorithm: | sha1WithRSA |
| Valid from: | 2020-10-16T10:25:40Z |
| Valid to: | 2039-12-31T23:59:59Z |
| Serial number: | -15d601f0289fd975b5b87cf892386406 |
| Thumbprint Algorithm: | SHA256 |
| Thumbprint: | fa8ca3c5982345a68979977a892cfc2030e9c161ca0557e685a0d41b36c0d229 |
| Source: | This information was brought to you by ReversingLabs A1000 Malware Analysis Platform |
Intelligence
File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Creating a window
Changing the hosts file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
adwa.evad
Score:
88 / 100
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Modifies the hosts file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Glupteba
Status:
Malicious
First seen:
2020-10-17 09:18:05 UTC
File Type:
PE (Exe)
Extracted files:
26
AV detection:
23 of 29 (79.31%)
Threat level:
5/5
Verdict:
suspicious
Similar samples:
Result
Malware family:
n/a
Score:
8/10
Tags:
n/a
Behaviour
Drops file in Drivers directory
Unpacked files
SH256 hash:
02490797444bd8dfe45e3e604b168241ee099ec5e8906af863e5ed43b054cd9a
MD5 hash:
6d5d4170c2660a5b8f9ae8c80e391bf4
SHA1 hash:
db900e41aed9ff9894df95d60abe0a37c11316e1
SH256 hash:
ef0f80e8433380a861fc1de4d09e185ceb9954232c13d7246691084b2b17a557
MD5 hash:
5e80b03bf5e09b83cef3e4b4de4413c2
SHA1 hash:
3a84762d0d7433d95691874072406be2a782bf6c
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.