MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c630ef685a02e611037b6ae52a89d10355620ca159dd3fa136ca294ef2e7f7a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c630ef685a02e611037b6ae52a89d10355620ca159dd3fa136ca294ef2e7f7a
SHA3-384 hash: 9e6fedad322406e257f0b43495ebf3db44c7800646998d7a03bd6f50a7a02e6899c5cafe45a9894f78de057ec253972d
SHA1 hash: b56ff711b575d77a19f7b6b2eb132133ca6a1eb4
MD5 hash: 8e437da3d9b48bf6e54b8182b1842a1d
humanhash: sodium-fix-cola-mississippi
File name:SecuriteInfo.com.Generic.mg.8e437da3d9b48bf6.12470
Download: download sample
File size:1'142'784 bytes
First seen:2020-03-26 01:34:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d558e0a3dcb2e1046c35e93be949bf6
ssdeep 24576:uziOpl4G7ZFryG/TCIeKIQPV7aNDUsYEelQ:uGpG7ZFD76DU2elQ
Threatray 3 similar samples on MalwareBazaar
TLSH 9035AE02E742ED6EDCA200F28EBA4F6591257A7003D465DFA7C42E0D6EB86D16E3D713
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.8e437da3d9b48bf6.12470.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 04:33:40 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
4f79aa8d648c5a999fb91196040b6b68db284ba1b892217563df71db9ae477f3
d322d619b77d7e1734dedd8f7f00c815fad6a59621ed9021be4a7866123c33a4
ffe8dbb5865f5493872432f968c9a6183fdf7b79f62b17b5093af5028497cb33
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 3c630ef685a02e611037b6ae52a89d10355620ca159dd3fa136ca294ef2e7f7a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/329945/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::AllocateAndInitializeSid
AUTHZ.dll::AuthzUnregisterSecurityEventSource
COM_BASE_APICan Download & Execute componentsole32.dll::CreateStreamOnHGlobal
MULTIMEDIA_APICan Play MultimediaWINMM.dll::joyGetDevCapsA
WINMM.dll::joyGetPosEx
WINMM.dll::timeBeginPeriod
WINMM.dll::timeEndPeriod
WINMM.dll::timeGetTime
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::DuplicateTokenEx
SHELL_APIManipulates System ShellSHELL32.dll::SHGetFileInfoW
URL_MONIKERS_APICan Download & Execute componentsurlmon.dll::CreateFormatEnumerator
WIN32_PROCESS_APICan Create Process and ThreadsADVAPI32.dll::CreateProcessAsUserA
KERNEL32.dll::CreateProcessA
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::AllocConsole
KERNEL32.dll::WriteConsoleW
KERNEL32.dll::WriteConsoleInputA
KERNEL32.dll::FreeConsole
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetConsoleTitleA
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileA
KERNEL32.dll::FindFirstFileA
WIN_CRED_APICan Manipute Windows Credentialscredui.dll::CredUICmdLinePromptForCredentialsA
credui.dll::CredUIConfirmCredentialsA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegOpenKeyExA
ADVAPI32.dll::RegOpenKeyA
ADVAPI32.dll::RegQueryValueExA
WIN_USER_APIPerforms GUI ActionsUSER32.dll::EmptyClipboard
USER32.dll::OpenClipboard
USER32.dll::PeekMessageA
USER32.dll::CreateWindowExA

Comments