MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a0ff145da991dbd3443cc260e9e8dcb9bcd61ec6868d80b81c77145eddc44a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a0ff145da991dbd3443cc260e9e8dcb9bcd61ec6868d80b81c77145eddc44a8
SHA3-384 hash: deddf81559984697312d5cbea777a7d577ecff2650264d61a5c02f7a7ea93d1a4ca7178ce05b1fc3c7bd1f0310b7568b
SHA1 hash: ad3681bed42f97ecdcc95cecd69eb1c2b78c2b4c
MD5 hash: 7e5f2859a9e472c49c960b2dc6dc7783
humanhash: king-football-arizona-pip
File name:1.dll
Download: download sample
File size:636'080 bytes
First seen:2020-05-12 04:25:41 UTC
Last seen:2020-05-12 04:44:27 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash e0cc37280f13efdecf0b427fb84e88df
ssdeep 12288:HJuqIIoU5HdeuE8bjP4lF6lw1I65YrOuM:HJLoC6F6lwI3rON
Threatray 34 similar samples on MalwareBazaar
TLSH 14D45811763B58C3EEC442BF3B967D6C9304A4DAF7B2A22376152DD9E81874AC31F249
Reporter JoulK
Tags:dll

Code Signing Certificate

Organisation:IPCZGFEAEBBDESAGKS
Issuer:IPCZGFEAEBBDESAGKS
Algorithm:sha1WithRSA
Valid from:May 10 17:27:21 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: 3C60233F61AB928D473E59DA2664AF4D
Thumbprint Algorithm:SHA256
Thumbprint: 27F457D3A43166328E1B7DA071A934F3D448B20508062036CE378A197D229B3A
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Cerber-AL.23511.10680.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Hvnc
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 20:02:59 UTC
File Type:
PE (Dll)
Extracted files:
19
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
02ed63cbeaf40a7221a007c8fd3641de0406943ac82f49cc5b3e85cfa0e17ec3
07fd393e36e2519dda8edff80b6c629347586a628d70103d0cb425ba5c6cd0b9
26cb425375a7613736c367866d0b79b8b7d8845437ec88e87bc83146445f892e
40ac8e128b78d30d49accda865a6ca90a23cf7b7e5f31042c7df55a9fe1b5af4
50ca73e510646ea1534f248099ce844f7f6178adb93055f8459ec07645f48e79
7eaf1d4d20b405c4cc1209b5c2c3a63f2db9201b09e33979b9677738150a94bd
94746ac2df9974eeb567f552a74aa0c2329e60416f3232b85f11ca1a0e0b696b
b1edf0682b7141bf0f7bc1f18a02e74d3b81e2d03aa7427d81761267eabb57d5
b3d36e86a478b5223968e34ca51bff54002eb9b1a01ef26d8b657d49dd4dd831
e2d6b8bc603260f1a7564a044523d230c31c8d873deabb579cae90b88f1b92b9
+ 24 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-8jgx2d6crj/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments