MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b1a2896d4203f63a22b95186b139b6fc02af494f60e33d796694f70cdb0f429. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b1a2896d4203f63a22b95186b139b6fc02af494f60e33d796694f70cdb0f429
SHA3-384 hash: 6e0e96b632ba567a2e2c40200d35ea6fa053cdddaa1bd73e31b3ca7cb899c10291d1c9e7242151d8c31293d5abdcd77d
SHA1 hash: 2ff763513dbf1cb1c61a702cfbebea662744f838
MD5 hash: f0a745eb2af8c86a6784e3b60114404f
humanhash: five-mexico-music-hydrogen
File name:4b1a2896d4203f63a22b95186b139b6fc02af494f60e33d796694f70cdb0f429
Download: download sample
File size:7'827'968 bytes
First seen:2020-03-26 20:51:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5427628a22ce37e53e10ea4bea5a7820
ssdeep 196608:e+spVO3eZ/plfytr7KGUbhwezeOALN8IdCJGgWA47:e+spVvHK5YhwBLNn4JGT
Threatray 1 similar samples on MalwareBazaar
TLSH 1176232392DC3CC1C0F98935A737BFC0B3BDCA6A564AE07C99D955C164BD5A2B2123C6
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.42889605.28410.24986.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-03-24 06:50:00 UTC
File Type:
PE (Exe)
Extracted files:
33
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
89d5d6a0436ed5e2e27c0f9cd1f7fa5b05fa342a082fc5d7ad2439ac75c7bf33
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4b1a2896d4203f63a22b95186b139b6fc02af494f60e33d796694f70cdb0f429

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/330749/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryA
WIN_BASE_IO_APICan Create FilesVERSION.dll::GetFileVersionInfoSizeExW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegDeleteKeyExW

Comments