MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c08cf3dcf465a4a90850cd256d29d681c7f618ff7ec94d1d43529ee679f62f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c08cf3dcf465a4a90850cd256d29d681c7f618ff7ec94d1d43529ee679f62f3
SHA3-384 hash: 079371de217a66e43a4365a9024388daa5271d557ed53544dbe6e25e1d754fbcc17c4143d515a75a6b39f1224605dca6
SHA1 hash: 23000bf14481571c9cf78c2fe9c6af6aaab893dc
MD5 hash: d2966ca1150c155e1059137b879fbff1
humanhash: magazine-robert-stairway-freddie
File name:vncdll64.dll
Download: download sample
File size:289'281 bytes
First seen:2020-04-03 14:02:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e1f1a3b0f7efc55ff62c128755f5ac98
ssdeep 6144:TxJ9E204c2uFFTGXWAYQ6XHmhPDEp45pLd6F:PNpuzTGmHQAHWpLd6F
Threatray 19 similar samples on MalwareBazaar
TLSH DE546D55B3E40DA6FDB7957CCAA3460AD3F3B8161260D70F43E0966A1F23752B92D322
Reporter James_inthe_box
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::ConvertStringSecurityDescriptorToSecurityDescriptorA
KERNEL_APIManipulates Windows Kernel & Driversntdll.dll::RtlInitUnicodeString
ntdll.dll::ZwQueryKey
ntdll.dll::ZwClose
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteA
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::OpenProcess
ADVAPI32.dll::OpenProcessToken
ADVAPI32.dll::OpenThreadToken
KERNEL32.dll::VirtualAllocEx
KERNEL32.dll::WriteProcessMemory
KERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
ntdll.dll::NtQuerySystemInformation
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileA
KERNEL32.dll::CreateFileMappingA
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::FindFirstFileW
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameW
WIN_CRYPT_APIUses Windows Crypt APICRYPT32.dll::CertFindCertificateInStore
CRYPT32.dll::CertFreeCertificateContext
CRYPT32.dll::CryptDecodeObject
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
WIN_SOCK_APIUses Network to send and receive dataWS2_32.dll::WSAStringToAddressW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::ActivateKeyboardLayout
USER32.dll::AppendMenuA
USER32.dll::CloseDesktop
USER32.dll::EmptyClipboard
USER32.dll::FindWindowExA
USER32.dll::FindWindowA

Comments