MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a739f4ec3d096010d0cd9fc0c0631f0b080cc2aad1f720fd1883737b6a6a952. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a739f4ec3d096010d0cd9fc0c0631f0b080cc2aad1f720fd1883737b6a6a952
SHA3-384 hash: aff31785907fc4c052d1c7bf644616a1a15b58c0314e373b68c4c11648e93594eb0d4fb9557fca9773cd8fc088271951
SHA1 hash: cf02d630465eaf009db8bcc8a0dd4242a1d2dd82
MD5 hash: b7ad5f7ec71dc812b4771950671b192a
humanhash: connecticut-violet-bluebird-potato
File name:0a739f4ec3d096010d0cd9fc0c0631f0b080cc2aad1f720fd1883737b6a6a952
Download: download sample
File size:709'632 bytes
First seen:2020-03-25 16:39:46 UTC
Last seen:2020-11-14 23:54:56 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 505285b5c7f1918326c961aae0b20a69
ssdeep 12288:XEcAC948owAoT9eEoz6bN8Y1pZZ7Ll2oeP2HQ7q/jV4:01Ch+vOZ7h2om57q/p
Threatray 14 similar samples on MalwareBazaar
TLSH CAE49D11788083F6D8EA20B987AC73E30CBDB4B107348DC795D81AFAD5A85D17B36B56
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
6
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Threat name:
Sekhmet
Create hunting rule
Detection:
malicious
Classification:
rans.spyw.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/332910
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2020-03-19 22:19:06 UTC
File Type:
PE (Dll)
AV detection:
22 of 30 (73.33%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
32031ca4487b08af41a597da7d22c05a3d4f676c33119c057f3f4a1431217887
3c6d1adb8c659c6608e4fa44fe880adb352bd9e8491430b4f559604fd412e181
4bf2f4dd9ecaa28ecebae186a118cf66f8fce7ee8790351ca7224516ff47010e
5d65fcb03519e2de623db04685570406c586ee4d121c9381910932cf2e1bd344
7df6cffe72503e47063c3b80da0e2df2d3932fa50cb08daa8f0d0aa8ec7d8184
a5bd1ac8e6458e40e63cf558145dbd06cc2700d97f9ed3ae5a161b165ca6c035
a63dfd81e0eb6283bc0051a3c1f80ba0eb818d132aafe5e6a1cc3cd63a3433ff
ab12a111885480b3518449ff615d118b0ba908e4f3f0179c8da797c7c815cbfe
da19555286a99fed6a4a84c0c4b76e793618299f6d4cc2fe31373ddc033d8dcc
e2136c8268bb5be4fe2a295a9bb9250c00437452cd3d65822290e3a68b1fb94b
+ 4 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
KERNEL32.dll::GetCommandLineW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetConsoleCtrlHandler
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW

Comments