MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 03246cda354d8efbc9e22057cc283609825f15cf33ddc5296deac54c2b540218. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 2
| SHA256 hash: | 03246cda354d8efbc9e22057cc283609825f15cf33ddc5296deac54c2b540218 |
|---|---|
| SHA3-384 hash: | fe4ad423ce7cb6947e6b26f7fb81dc0887caa25bd9c160902fc20273066f6ea7b38ab76c6b044a4cd6cf264fe9c0cf65 |
| SHA1 hash: | 1f2b679904a40552d24d430529e70c916504aef4 |
| MD5 hash: | 32126de1466136e0b4f39560f3956fb9 |
| humanhash: | nineteen-may-angel-johnny |
| File name: | 03246cda354d8efbc9e22057cc283609825f15cf33ddc5296deac54c2b540218 |
| Download: | download sample |
| File size: | 1'116'336 bytes |
| First seen: | 2020-03-23 18:57:51 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 6d316a43050170ce1b1c32ae694d931c |
| ssdeep | 24576:o67iOScr1wsPJ0L9V/QvZzvG7L6U0Bshunf:o67iO3isPJ0LSvQ5hunf |
| Threatray | 361 similar samples on MalwareBazaar |
| TLSH | 4F3523D3B9C07D7FE0881677A8A5CFBD91E126450B57049324BC2F18FF122A36B6925E |
| Reporter |  Marco_Ramilli |
| Tags: | exe |
Code Signing Certificate
| Organisation: | HIGXIQOKZYNZPSSLPH |
|---|---|
| Issuer: | HIGXIQOKZYNZPSSLPH |
| Algorithm: | sha1WithRSA |
| Valid from: | May 30 07:37:45 2019 GMT |
| Valid to: | Dec 31 23:59:59 2039 GMT |
| Serial number: | 35E28F98ABF96C90491920F7669F834C |
| Thumbprint Algorithm: | SHA256 |
| Thumbprint: | 91ECA9EE49C170468D9E1E062E6C3C446BC7C59D72D7E4C7A5704F42CAA2662C |
| Source: | This information was brought to you by ReversingLabs A1000 Malware Analysis Platform |
Intelligence
File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Shade
Status:
Malicious
First seen:
2019-07-09 02:46:28 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
29 of 31 (93.55%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 351 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 03246cda354d8efbc9e22057cc283609825f15cf33ddc5296deac54c2b540218
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
| CHECK_NX | Missing Non-Executable Memory Protection | critical |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| SHELL_API | Manipulates System Shell | SHELL32.dll::ShellExecuteExW SHELL32.dll::SHGetFileInfoW |
| WIN32_PROCESS_API | Can Create Process and Threads | ADVAPI32.dll::OpenProcessToken KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::LoadLibraryW KERNEL32.dll::GetVolumeInformationW KERNEL32.dll::GetStartupInfoA KERNEL32.dll::GetCommandLineA KERNEL32.dll::GetCommandLineW |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::WriteConsoleW |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CreateHardLinkA |
| WIN_REG_API | Can Manipulate Windows Registry | ADVAPI32.dll::RegConnectRegistryW ADVAPI32.dll::RegOpenKeyW ADVAPI32.dll::RegOpenKeyExW ADVAPI32.dll::RegOpenKeyExA ADVAPI32.dll::RegQueryInfoKeyW ADVAPI32.dll::RegQueryValueExW |
| WIN_SVC_API | Can Manipulate Windows Services | ADVAPI32.dll::ControlService ADVAPI32.dll::OpenSCManagerW ADVAPI32.dll::OpenServiceW ADVAPI32.dll::RegisterServiceCtrlHandlerExW ADVAPI32.dll::StartServiceCtrlDispatcherW |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.