MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39ca86089dcbdbce612bb989dda90c7fd5ab244f7b4b03b28e16124365ba858a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39ca86089dcbdbce612bb989dda90c7fd5ab244f7b4b03b28e16124365ba858a
SHA3-384 hash: f93d4133bffcbb81fd3dc45f65d497aa26a3b1cb4d57367f3c4907138761b994fc36081a19fb89eee15ab2de21844a06
SHA1 hash: b63197b21b8e8f7dbba56baaaaebc057a387a57d
MD5 hash: acae2e2c826dc456c049873e1e13d016
humanhash: emma-louisiana-mountain-bluebird
File name:SecuriteInfo.com.Win32.Heri.13900.20592
Download: download sample
File size:1'166'848 bytes
First seen:2020-04-11 11:56:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6060731f6a553db812b7efb28bd65f75
ssdeep 24576:2eCAEVNGNHepB5sjOz6ccj/rvji3iG5hSU8f9xojooK7QQ/9+wIt:Wqa8SGp/3cXl4/oK7l9+Tt
Threatray 2 similar samples on MalwareBazaar
TLSH 0D459F5177D3C071F6A224B01AB5EB268E7BB8514B3185CF93D80A5F4E321D26E3973A
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Heri.13900.20592.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Kuaizip-6840562-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-04-10 07:19:00 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
2abe71b49e45492b408294a415a308799ed312ff79c013924a42e53ce9c32a82
b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 39ca86089dcbdbce612bb989dda90c7fd5ab244f7b4b03b28e16124365ba858a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/338311/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::ConvertSidToStringSidW
ADVAPI32.dll::ConvertStringSidToSidW
ADVAPI32.dll::CopySid
ADVAPI32.dll::CreateWellKnownSid
ADVAPI32.dll::GetLengthSid
ADVAPI32.dll::GetSidSubAuthority
ADVAPI32.dll::GetSidSubAuthorityCount
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
DP_APIUses DP APICRYPT32.dll::CryptProtectData
CRYPT32.dll::CryptUnprotectData
KERNEL_APIManipulates Windows Kernel & Driversntdll.dll::RtlInitUnicodeString
NCRYPT_APIUses NCrypt APIncrypt.dll::NCryptExportKey
ncrypt.dll::NCryptImportKey
ncrypt.dll::NCryptOpenKey
RPC_APICan Execute Remote ProceduresRPCRT4.dll::MesDecodeIncrementalHandleCreate
RPCRT4.dll::MesEncodeIncrementalHandleCreate
RPCRT4.dll::MesHandleFree
RPCRT4.dll::MesIncrementalHandleReset
RPCRT4.dll::RpcBindingFree
RPCRT4.dll::RpcBindingFromStringBindingW
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::CheckTokenMembership
ADVAPI32.dll::DuplicateTokenEx
ADVAPI32.dll::GetTokenInformation
ADVAPI32.dll::SetTokenInformation
URL_MONIKERS_APICan Download & Execute componentsurlmon.dll::URLDownloadToFileA
WIN32_PROCESS_APICan Create Process and ThreadsADVAPI32.dll::CreateProcessAsUserW
ADVAPI32.dll::CreateProcessWithLogonW
KERNEL32.dll::CreateProcessW
ADVAPI32.dll::OpenProcessToken
KERNEL32.dll::OpenProcess
ADVAPI32.dll::OpenThreadToken
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
ntdll.dll::NtTerminateProcess
ntdll.dll::NtQueryInformationProcess
ntdll.dll::NtQuerySystemInformation
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileA
KERNEL32.dll::CreateDirectoryA
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileMappingW
KERNEL32.dll::CreateFileMappingA
KERNEL32.dll::CreateFileA
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.dll::LookupAccountSidW
ADVAPI32.dll::LookupPrivilegeNameW
WIN_BCRYPT_APICan Encrypt Filesbcrypt.dll::BCryptDecrypt
bcrypt.dll::BCryptDestroyKey
bcrypt.dll::BCryptEncrypt
bcrypt.dll::BCryptEnumRegisteredProviders
bcrypt.dll::BCryptExportKey
bcrypt.dll::BCryptFreeBuffer
WIN_CRED_APICan Manipute Windows CredentialsADVAPI32.dll::CredIsMarshaledCredentialW
ADVAPI32.dll::CredUnmarshalCredentialW
WIN_CRYPT_APIUses Windows Crypt APICRYPT32.dll::CertAddCertificateContextToStore
CRYPT32.dll::CertAddEncodedCertificateToStore
CRYPT32.dll::CertEnumCertificatesInStore
CRYPT32.dll::CertFindCertificateInStore
CRYPT32.dll::CertFreeCertificateContext
CRYPT32.dll::CertGetCertificateContextProperty
WIN_HTTP_APIUses HTTP servicesWINHTTP.dll::WinHttpAddRequestHeaders
WINHTTP.dll::WinHttpConnect
WINHTTP.dll::WinHttpOpen
WINHTTP.dll::WinHttpOpenRequest
WINHTTP.dll::WinHttpQueryDataAvailable
WINHTTP.dll::WinHttpReadData
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyA
ADVAPI32.dll::RegOpenKeyExA
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryInfoKeyW
ADVAPI32.dll::RegQueryValueExA
ADVAPI32.dll::RegQueryValueExW
WIN_SCARD_APISupports Windows Smart CardWinSCard.dll::SCardConnectW
WinSCard.dll::SCardControl
WinSCard.dll::SCardDisconnect
WinSCard.dll::SCardEstablishContext
WinSCard.dll::SCardGetAttrib
WinSCard.dll::SCardGetCardTypeProviderNameW
WIN_SVC_APICan Manipulate Windows ServicesADVAPI32.dll::ChangeServiceConfig2W
ADVAPI32.dll::CreateServiceW
ADVAPI32.dll::OpenSCManagerW
ADVAPI32.dll::OpenServiceW
ADVAPI32.dll::QueryServiceStatusEx
ADVAPI32.dll::RegisterServiceCtrlHandlerW

Comments