MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 05a8800b05cf0c4293f9dcc297873f36691161746aec7b65e31b0e32c8f0bebb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 05a8800b05cf0c4293f9dcc297873f36691161746aec7b65e31b0e32c8f0bebb |
|---|---|
| SHA3-384 hash: | 910fc76ce7aee96cae15d9d58f2117c6333a27cb85e554e61e554e9a0c964f4d901bbb38d41648af9bf3f9d1abd3e7f0 |
| SHA1 hash: | 627980e5b7dd54b46f760a5ce43db482e9c1ad30 |
| MD5 hash: | 68562728ebf4b7f825f09a57fcc4aebd |
| humanhash: | ohio-july-william-wolfram |
| File name: | 05a8800b05cf0c4293f9dcc297873f36691161746aec7b65e31b0e32c8f0bebb |
| Download: | download sample |
| File size: | 393'728 bytes |
| First seen: | 2020-03-23 18:48:45 UTC |
| Last seen: | 2020-03-23 18:51:58 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 2c5f2513605e48f2d8ea5440a870cb9e (60 x Babadeda, 6 x AveMariaRAT, 5 x CoinMiner) |
| ssdeep | 6144:W5aWbksiNTBo178suNo24KMA2NQlqjgJh5lW0/Ba6ZGuMdS:W5atNTq17codTAwQlqihmca6ZGuMY |
| Threatray | 15 similar samples on MalwareBazaar |
| TLSH | 7B84F115A6E141F7E6E6067001F3115F6739DE259738AAD3C7983C22DA727C0AA3D2EC |
| Reporter |  Marco_Ramilli |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Occamy
Status:
Malicious
First seen:
2018-08-27 11:36:30 UTC
File Type:
PE (Exe)
Extracted files:
20
AV detection:
17 of 31 (54.84%)
Threat level:
2/5
Verdict:
malicious
Similar samples:
+ 5 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 05a8800b05cf0c4293f9dcc297873f36691161746aec7b65e31b0e32c8f0bebb
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_NX | Missing Non-Executable Memory Protection | critical |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
| CHECK_TRUST_INFO | Requires Elevated Execution (level:requireAdministrator) | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| MULTIMEDIA_API | Can Play Multimedia | WINMM.DLL::timeBeginPeriod |
| SHELL_API | Manipulates System Shell | SHELL32.DLL::ShellExecuteExW |
| WIN32_PROCESS_API | Can Create Process and Threads | KERNEL32.dll::CreateProcessW KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryExW KERNEL32.dll::LoadLibraryW KERNEL32.dll::GetCommandLineW |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::SetConsoleCtrlHandler |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CreateDirectoryW KERNEL32.dll::CreateFileW KERNEL32.dll::DeleteFileW KERNEL32.dll::GetWindowsDirectoryW KERNEL32.dll::GetSystemDirectoryW KERNEL32.dll::RemoveDirectoryW |
| WIN_USER_API | Performs GUI Actions | USER32.DLL::CreateWindowExW |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.