MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38307f4ab511bcd3798c910e74f2480fc837b6804407b5d56bc24c6ef8efef50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38307f4ab511bcd3798c910e74f2480fc837b6804407b5d56bc24c6ef8efef50
SHA3-384 hash: 414bf3fa792327ff584d3e8367b31875b48e0706d0e644ca36af1205748d03474b238e3bca8572f24f80363b885f2ff4
SHA1 hash: 62246680d48da6fd7f0c37a0fc011c4df21d0e86
MD5 hash: a2d78922771b38643e0cf036abdc7ef8
humanhash: winner-papa-vegan-cat
File name:38307f4ab511bcd3798c910e74f2480fc837b6804407b5d56bc24c6ef8efef50
Download: download sample
File size:1'793'134 bytes
First seen:2020-03-30 07:06:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2c2beca6bc18cd83d7ec2aa5b936c1f1
ssdeep 24576:DArHVljSWEnPFYByxQxGBqBRrdkKiegNJIPk0DEF0QLG6z5mSFnur+rUEcFH3kvV:0qYB2QxGBQpkd+U0XSPnuirUDFH3PHWV
Threatray 2 similar samples on MalwareBazaar
TLSH 07851212FF30D5B6E21201704E57EB6EC1F5BAB16AA5C2377B982A08BEF15A13735701
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Agent-1134132
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Swisyn
Create hunting rule
Status:
Malicious
First seen:
2014-06-22 01:21:00 UTC
File Type:
PE (Exe)
Extracted files:
141
AV detection:
23 of 45 (51.11%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
11bb82f7c883a05b89d4fd0e021234961b3572bec6aa86778a7a6226bb29f80e
9ed2069b9a3bddb9c39ab8cf5f0fa3bf79fc9c1f438ae4f7c532132aa214e178
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 38307f4ab511bcd3798c910e74f2480fc837b6804407b5d56bc24c6ef8efef50

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/152820/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteW
SHELL32.dll::ShellExecuteExW
SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::WriteConsoleA
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleOutputCP
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileA
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::GetWindowsDirectoryW

Comments