MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 4e3cdd9c36bcc0dc08cd14fb0ceff7ab58f99eef274b205b5b973ad9ef038e25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 2
| SHA256 hash: | 4e3cdd9c36bcc0dc08cd14fb0ceff7ab58f99eef274b205b5b973ad9ef038e25 |
|---|---|
| SHA3-384 hash: | d1154ada0fc3a63d7afc53a5e1e5b92a85c04a6e41ad69dfac948f15d1b7a5a8bdd3aaf0615c30eb252da7e5fab96ab4 |
| SHA1 hash: | afa23032754c30ba77fb15a0ebbcfaa18898da61 |
| MD5 hash: | 7d85df9a5d8af2e47ce12e5ac18dc429 |
| humanhash: | orange-muppet-sink-item |
| File name: | 4e3cdd9c36bcc0dc08cd14fb0ceff7ab58f99eef274b205b5b973ad9ef038e25 |
| Download: | download sample |
| File size: | 730'762 bytes |
| First seen: | 2020-03-23 18:58:11 UTC |
| Last seen: | 2020-03-24 07:38:46 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 12082e77cfc7e34f96f21f95764c8ac3 |
| ssdeep | 12288:R4bD1e56tDmHA48UocUl7wAYj5uJMzoew/0cvaDikSIuvs1gTTYvGsCrqkgu:R4dx4A4Pock7wPo1aszk14UvGgZu |
| Threatray | 314 similar samples on MalwareBazaar |
| TLSH | 99F423E03094E052E66A49FB3A72CBBAF3B5EC9D0AD2676747EE590B3D310516C6D840 |
| Reporter |  Marco_Ramilli |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Mbt
Status:
Malicious
First seen:
2017-05-25 10:34:36 UTC
File Type:
PE (Exe)
Extracted files:
502
AV detection:
17 of 31 (54.84%)
Threat level:
2/5
Verdict:
suspicious
Similar samples:
+ 304 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 4e3cdd9c36bcc0dc08cd14fb0ceff7ab58f99eef274b205b5b973ad9ef038e25
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
| CHECK_NX | Missing Non-Executable Memory Protection | critical |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
| CHECK_TRUST_INFO | Requires Elevated Execution (level:requireAdministrator) | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| COM_BASE_API | Can Download & Execute components | ole32.dll::CoCreateInstance |
| SHELL_API | Manipulates System Shell | SHELL32.dll::ShellExecuteA SHELL32.dll::SHFileOperationA SHELL32.dll::SHGetFileInfoA |
| WIN32_PROCESS_API | Can Create Process and Threads | KERNEL32.dll::CreateProcessA KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::LoadLibraryExA KERNEL32.dll::GetDiskFreeSpaceA KERNEL32.dll::GetCommandLineA |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CopyFileA KERNEL32.dll::CreateDirectoryA KERNEL32.dll::CreateFileA KERNEL32.dll::DeleteFileA KERNEL32.dll::MoveFileA ADVAPI32.dll::SetFileSecurityA |
| WIN_REG_API | Can Manipulate Windows Registry | ADVAPI32.dll::RegCreateKeyExA ADVAPI32.dll::RegDeleteKeyA ADVAPI32.dll::RegOpenKeyExA ADVAPI32.dll::RegQueryValueExA ADVAPI32.dll::RegSetValueExA |
| WIN_USER_API | Performs GUI Actions | USER32.dll::AppendMenuA USER32.dll::EmptyClipboard USER32.dll::FindWindowExA USER32.dll::OpenClipboard USER32.dll::PeekMessageA USER32.dll::CreateWindowExA |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.