MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 46acd0d4a4fe7f2c6b54d380f1c0a5aa371f0afadf2373c5df40ed20d5b3f90c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 46acd0d4a4fe7f2c6b54d380f1c0a5aa371f0afadf2373c5df40ed20d5b3f90c |
|---|---|
| SHA3-384 hash: | 12d14b571c9c4acee95a3d015aa4f1c3dc53860171d965b0e913e38b436ebf4a08935e3265645a28ff17e367dc3c64af |
| SHA1 hash: | 448e2427e8639b7e8dfcdd7b4390831b8b87914d |
| MD5 hash: | 94d08b86d585218a9275a0ccc2c90966 |
| humanhash: | uniform-gee-montana-september |
| File name: | SecuriteInfo.com.Trojan.Siggen9.26290.219.19145 |
| Download: | download sample |
| File size: | 894'720 bytes |
| First seen: | 2020-04-20 17:31:34 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | bf5a4aa99e5b160f8521cadd6bfe73b8 (432 x RedLineStealer, 31 x AgentTesla, 12 x DCRat) |
| ssdeep | 12288:rh1Lk70TnvjcI5Sp3uEOFwoo4nZ8L9V9HD8igru7vrRI68munjZS:Xk70TrcI5Sp+EVd4nIpDRgQMnNS |
| Threatray | 237 similar samples on MalwareBazaar |
| TLSH | C41512617491C1B6C477553100E58B2AAF3A79314FAB91E772EE1AB63F603D1B3322C9 |
| Reporter |  SecuriteInfoCom |
Code Signing Certificate
| Organisation: | Symantec Time Stamping Services CA - G2 |
|---|---|
| Issuer: | Thawte Timestamping CA |
| Algorithm: | sha1WithRSAEncryption |
| Valid from: | Dec 21 00:00:00 2012 GMT |
| Valid to: | Dec 30 23:59:59 2020 GMT |
| Serial number: | 7E93EBFB7CC64E59EA4B9A77D406FC3B |
| Intelligence: | 85 malware samples on MalwareBazaar are signed with this code signing certificate |
| Thumbprint Algorithm: | SHA256 |
| Thumbprint: | 0625FEE1A80D7B897A9712249C2F55FF391D6661DBD8B87F9BE6F252D88CED95 |
| Source: | This information was brought to you by ReversingLabs A1000 Malware Analysis Platform |
Intelligence
File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Coins
Status:
Malicious
First seen:
2020-03-26 02:37:00 UTC
File Type:
PE (Exe)
AV detection:
24 of 31 (77.42%)
Threat level:
2/5
Verdict:
malicious
Similar samples:
+ 227 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 46acd0d4a4fe7f2c6b54d380f1c0a5aa371f0afadf2373c5df40ed20d5b3f90c
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
| CHECK_NX | Missing Non-Executable Memory Protection | critical |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| WIN32_PROCESS_API | Can Create Process and Threads | KERNEL32.dll::CloseHandle |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::GetStartupInfoA KERNEL32.dll::GetCommandLineA |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::WriteConsoleA KERNEL32.dll::WriteConsoleW KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleCP KERNEL32.dll::GetConsoleMode KERNEL32.dll::GetConsoleOutputCP |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CreateFileA |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.