MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 479f664c5738beb4f29c1bf6c7346d5f36efa7b528c3f3fa4791455542bdca2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	479f664c5738beb4f29c1bf6c7346d5f36efa7b528c3f3fa4791455542bdca2e
SHA3-384 hash:	dbb80f472936ad46da8a070960239b37db5654e3fe985c0fa16decc8ae11c0143d0647f13ffdcb3e19207278e8af41e9
SHA1 hash:	46db702ac78000beef28cd66a566458ffe9638c4
MD5 hash:	0050ae986380a240171e7a315d5e9b6c
humanhash:	nebraska-fanta-cold-texas
File name:	Adjunto mora mes abril 04 55Q2015 PDF 591614443490721954665390684759929290657106498586964723781278191212507219.exe
Download:	download sample
File size:	1'205'248 bytes
First seen:	2020-04-14 23:15:35 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	179f7dbb794e8dc6e9e79b08307f1985
ssdeep	24576:UJSUnjtkIo3CRP9L5AA7gbO1rPjG3GHBHp+g5/od9ErT7A:GSUnOY9L5rRPIGHBHpVobYc
Threatray	11 similar samples on MalwareBazaar
TLSH	2845AE91A3C2C0FEFA8114BAD1E757725D35DE22831296C3F688FD715F211E0297E29A
Reporter	Jirehlov
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Generickdz-6907156-0

PUA.Win.Adware.Kuaizip-6840562-0

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-04-14 06:51:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 30 (73.33%)

Threat level:

2/5

Verdict:

unknown

2edf599121414035034dc26dfa30205d6fdea40a9e9683ef24433b3c819a0145

466de5558ccea92e0395a1e775b8625f7818d3f70b8f09143935e0dc9e15a0e9

9384296bb6fa6159840f84440da915fc9e93a94d476a28a33265318c0b4d03a2

b00ffbe33a4398cdfdb136564f24dfd6ff292b11a9adbc4041aa2a532af6edfb

d00ee0e6eab686424f8d383e151d22005f19adbda5b380a75669629e32fe12a6

e0cea593cef95fc3438ec707ef6d293c3189c3a3144a389f790cccfaec770759

e6ff6d164a876c50bfc4a6f7b6397914f9656d0e4aef1ceba65f1e92ed1b6c69

f8879d92bc99f6203ffa3afdc3b27f01e90a637fcf389487ec6e672929a61a3a

f937bbe27c6d52452a121bc9aa320c26ae7eada7cadc9dda0fafc2c6b1bd5818

+ 1 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
COM_BASE_API	Can Download & Execute components	ole32.dll::CoCreateInstance ole32.dll::CreateStreamOnHGlobal
GDI_PLUS_API	Interfaces with Graphics	gdiplus.dll::GdipAlloc
MULTIMEDIA_API	Can Play Multimedia	AVIFIL32.dll::AVIStreamStart AVICAP32.dll::capGetDriverDescriptionA
RAS_API	Uses Remote Access	RASDLG.dll::RasPhonebookDlgA
SHELL_API	Manipulates System Shell	SHELL32.dll::ShellExecuteA
URL_MONIKERS_API	Can Download & Execute components	urlmon.dll::IsAsyncMoniker
WIN32_PROCESS_API	Can Create Process and Threads	ADVAPI32.dll::OpenProcessToken KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::LoadLibraryW KERNEL32.dll::LoadLibraryExW KERNEL32.dll::GetDriveTypeA KERNEL32.dll::GetDriveTypeW
WIN_BASE_EXEC_API	Can Execute other programs	KERNEL32.dll::WriteConsoleW KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleCP KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::CreateFileMappingA KERNEL32.dll::CreateFileMappingW KERNEL32.dll::CreateFileA KERNEL32.dll::CreateFileW KERNEL32.dll::DeleteFileW KERNEL32.dll::DeleteFileA
WIN_REG_API	Can Manipulate Windows Registry	ADVAPI32.dll::RegCreateKeyExW ADVAPI32.dll::RegDeleteKeyW ADVAPI32.dll::RegOpenKeyExW ADVAPI32.dll::RegQueryInfoKeyW ADVAPI32.dll::RegSetValueExW
WIN_USER_API	Performs GUI Actions	USER32.dll::AppendMenuW USER32.dll::EmptyClipboard USER32.dll::OpenClipboard USER32.dll::PeekMessageW USER32.dll::CreateWindowExW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample