MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1832d1184a766cc358d582f4823459321fdebb1cd6630d6082c1f60950fa12d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1832d1184a766cc358d582f4823459321fdebb1cd6630d6082c1f60950fa12d6
SHA3-384 hash: 1d720cda02df49dbf7469147aacbc44d576fb68e5d0a3a0dfca354c1b95f2722542ccd9bd1d30b09ea9f0331b96c0ac8
SHA1 hash: 30db9588d7e6f03f5b2dfa1ec6104541c7d97f61
MD5 hash: 5e0e8fb7518376646757cae6923dd684
humanhash: kentucky-chicken-sad-spring
File name:Document.exe
Download: download sample
File size:1'331'200 bytes
First seen:2020-04-30 07:31:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 119daa026300eb0617167ae7e1fc85a8
ssdeep 12288:VPwF5sp0PwBHG+gQti+am8yyNeC5DayyHhrhIX5cGfRDHJ:FwTsp0PwBHG+gmxl8sCxeHlhA5pD
Threatray 135 similar samples on MalwareBazaar
TLSH 1A55181DB395F97DF06205703BF4DA2EB9AD3836B80140EBFB11A61920B5584D9ECB36
Reporter jarumlus

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7105805-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2019-08-07 11:29:10 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
110fa520e5db8df04353392a845e64808d2ce2a95de989bc44e2d66abadc1497
135f30b64eb7d5c4c68f36be07133b9f7134e8f3cef3d91569dd20b38b4d5d79
284f5d7c77eab431e6dd8bdd9e508bbd1e2e3dc467b40f68b834b1a437061061
46c1e795439ea1890c5617fb2234cff51ce6785e5b07b2acfc89ddeb86e34a39
a0a84ef378c8199a1b4511396d185b39d2dca86ffc608144f9d12f61d7d48cfd
e0af0be6801a112bc8cf51fc9d1bbef16a56c4d1d9d6c68f15557a21a3e54351
e6e2a0f4f64aa78699c8e7e56f33c391d085e655a8a0579f5fa43c42cd580ca7
e9325047a3c7f43bc742ffadf96b0bd91268b1e2685b8065ae2a267d39e302ff
e939047540fd58d605f6e259e9be2e2370f51e79246b34c2d01acc94cb19b4dc
fffef10b9e3db99c874f8b9dd3bb8bd7adaf829b75d4e6f28ebacd5755b633d7
+ 125 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd
MSVBVM60.DLL::__vbaErrorOverflow

Comments