MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e75096b3364e2e9fef81fac5626e1fb15d9e5f76afe308cf7d4053040f65685. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e75096b3364e2e9fef81fac5626e1fb15d9e5f76afe308cf7d4053040f65685
SHA3-384 hash: 37451d04346b7a25bbe18e1a67401aced0f174ee352d1236a1c3806324bd8fec7af6da20887e1d2c577eedf7ce77e867
SHA1 hash: e14898868e870e8c2559931b345d7605b1d4530d
MD5 hash: c8344f94f045530670c317ff1f9c23bd
humanhash: ink-three-winner-kitten
File name:2e75096b3364e2e9fef81fac5626e1fb15d9e5f76afe308cf7d4053040f65685
Download: download sample
File size:403'968 bytes
First seen:2020-03-18 02:02:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1c4eec8418b821e5c2976cc81ea9cde3
ssdeep 12288:5Qe5XSrbMFMNd9P+AT66IIt0jBkGj4RgZB:5d43MKNd9PBW65t0p4
Threatray 3 similar samples on MalwareBazaar
TLSH AA84239E5A88776BE7BC0DFE292E0355561C5813C2DEA1BE145DE21A8F237001BA0F97
Reporter fbgwls245
Tags:#Ransomware #DMR

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Encoder
Create hunting rule
Status:
Malicious
First seen:
2020-03-16 17:55:41 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2abe71b49e45492b408294a415a308799ed312ff79c013924a42e53ce9c32a82
581122114ad28f404b2cc4f8df5d77b6ed447f8f26f862960bb0181776bfacd9
6aa3550235c53d85de1d98b27997d00862e0587d28b5d4aec61e7344b3367f68
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2e75096b3364e2e9fef81fac5626e1fb15d9e5f76afe308cf7d4053040f65685

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA
WIN_CRYPT_APIUses Windows Crypt APICRYPT32.dll::CertOpenStore
ADVAPI32.dll::CryptEncrypt

Comments