MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 102a406e2b148d3dff10dc067b37c4cfbe7594c9e10dc3dc2d3b13b3c908678e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 102a406e2b148d3dff10dc067b37c4cfbe7594c9e10dc3dc2d3b13b3c908678e
SHA3-384 hash: 7baf2b230cd59e4ffe82868098a8fc46890fab78880559dae379bef802735b7ed82b4c73c20b4b160cc5ee25fceb77cf
SHA1 hash: 05f16058798506c25e09910b3352d708626ec9d3
MD5 hash: 861b03b291ad565cd55c9876df372f03
humanhash: nine-king-ink-north
File name:INV 3326GHF- from Outriger General Importers Korea for acknowledgment.exe
Download: download sample
File size:77'824 bytes
First seen:2020-04-29 18:28:47 UTC
Last seen:2020-04-29 20:05:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c3d9bf9cf52fd85b46f12c4cf5580e27
ssdeep 768:pj2iISbRxMjYC4e2KT0IBVtHF7gedzeP2AoNSz/sI:xhISbRxMOe2u0Ibwe0OvYgI
Threatray 1'245 similar samples on MalwareBazaar
TLSH 2A732A51F4E8C6B3F6664AB26B31CBD85135FC701E808A8B39C43F5E263DB4495127AA
Reporter jarumlus

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.LokiBot-7726464-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 02:51:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 30 (73.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cavea3rlcsgt37yq3qdhwn6ez67hlfgj4eg4hxbnhmj3hsiim6ha._file
Verdict:
malicious
Similar samples:
14885a4bfd76cdb49db108d03ce3a8c88c301c786eed577606aaacc49d673bfa
3d4b5ca6cf89ed481dee43c1b33dfd03c0863631efbbce57f1d678341f827872
62009eba5623f35454d0d19824c688a0f1fb45dfa88516a3999680f984bdf1f7
70041cbec1ec2f2daaa69db5b81dbf780fe796192d0e9620ad8bba56b45a6d22
726156ccca0ba0077df20db0e438db482c7197d69453b890332ed69a9e509352
8eb33d0b08f137c3aa3f66d5afe0188b9b60458f95ecf8a2f2ca3815059e2fca
8f33b384251c871f6061fcf7d092dd5708cf9b9e0ff92dc09bf3bd458c6cbdb8
ca73b141e59412b434f105fef26227cea43190fbf99e7be806f00b9b9f7a9428
d4d2c82cdc75f723e08d6139593a5a651e75e74b885acf480fe41c239d99e548
f52e553ac38124b5eb9662305ddf404df6a8c68d9287137c938a920eadeebe0e
+ 1'235 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments