MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d3de10c3e41aca232053188beff1240977c886aaeeb83a34b5f56c7281411b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	4d3de10c3e41aca232053188beff1240977c886aaeeb83a34b5f56c7281411b2
SHA3-384 hash:	0b7eaba73113b71d887ad10dfa2ce54abbb7a82fde6dda70d08937ac278d042f4457316840b84a7f65b83eee604a77f4
SHA1 hash:	574c1edcd70e98de50dfca0edefd843a33154b42
MD5 hash:	1bb8dc4d4edced7749c837f61140ea9c
humanhash:	vermont-nitrogen-juliet-bravo
File name:	01_extracted.bin
Download:	download sample
File size:	243'712 bytes
First seen:	2020-04-01 07:49:28 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	216126ecc1b6d1bfb909bf4a8dc6bff1
ssdeep	3072:rSTQumlhWds8L4bF2R7pKEsrKbR+S6oXD/cofGK855SomMAd7ETO0dTiKsN+o1y/:rSbmlsl4X4z1fGd5SiTqNjYq1M
Threatray	327 similar samples on MalwareBazaar
TLSH	AF34E026E5C184B3D2625BF88D169295F97EFE222F54102BB6DE2E0E4FEE1C0245C4D7
Reporter	Racco42
Tags:	bin

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Mal.Emogen-Y.4370.16439.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Occamy

Status:

Malicious

First seen:

2020-04-01 08:35:22 UTC

File Type:

PE (Dll)

AV detection:

22 of 29 (75.86%)

Threat level:

2/5

Verdict:

malicious

49c1e306362700be6143f3dc9592a72ca5d9dc3d7237d9f8e4f14b5c14ea2155

7e5aa1450932913aa95ea15b34365328d5e93f6fb0c11c2fb30fcfe9452378ab

8599ded7ef4b89944c5a5330e8608d9e1ab28acd67706284b617ddca1a7d74ab

a358d3d4418e1c83e8ee6abf052f91b8935363876612e319150bd725906f8906

c409017de52a4a6ad3a0cd3ab97ad17f9be172136155bf548bef49d7777cec1a

ce06efe2c18c75da9d9535b4328677f4136a3f04ea666d037bf55dce7c9b7c57

d53823a77a528f3e34ddde64b0a9f6ca5f806fdc4e08ed0f38c384629bf16e9b

e3b9a35e9155fd3c927956f03d54da02f28cc27437537d67ba302ddb4a40e57b

fbde44031b8acd00f624403184405b3fcf572c220c321ec82c29e7f9c3cbc233

+ 317 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	kernel32.dll::CreateRemoteThread kernel32.dll::CreateProcessA kernel32.dll::VirtualAllocEx kernel32.dll::WriteProcessMemory kernel32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	kernel32.dll::LoadLibraryExA kernel32.dll::LoadLibraryA kernel32.dll::GetStartupInfoA kernel32.dll::GetDiskFreeSpaceA kernel32.dll::GetCommandLineA
WIN_BASE_IO_API	Can Create Files	kernel32.dll::CreateFileA kernel32.dll::DeleteFileA kernel32.dll::GetFileAttributesA kernel32.dll::FindFirstFileA
WIN_REG_API	Can Manipulate Windows Registry	advapi32.dll::RegCreateKeyExA advapi32.dll::RegOpenKeyExA advapi32.dll::RegQueryValueExA advapi32.dll::RegSetValueExA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample