MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50ca73e510646ea1534f248099ce844f7f6178adb93055f8459ec07645f48e79. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	50ca73e510646ea1534f248099ce844f7f6178adb93055f8459ec07645f48e79
SHA3-384 hash:	a2b7f14ca4be3d48d6becf875b961024b851f13a147ba656b9f1b72ab48b11b0f512af8b91f893379415e5f22c02e12c
SHA1 hash:	257e0b9f7cbd173cc8ee3d24a327c926416beab3
MD5 hash:	59242767d0cf0ed2e47ba35003350c8d
humanhash:	quiet-ceiling-violet-comet
File name:	SecuriteInfo.com.Trojan.Inject3.31705.9143.30921
Download:	download sample
File size:	480'256 bytes
First seen:	2020-04-18 14:43:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	894b2b3a3517bb7e05c66c34b28bc517
ssdeep	6144:i0hpdz3H18FJLvm/ml9kVUCY9x1cxTO+LLGLCLQaib8BVmTBq:i0hzH6FJzumHk4olLwsmTs
Threatray	55 similar samples on MalwareBazaar
TLSH	3CA4BE21D848C170C48A453C00E49E7A2765867EF3BAA7D3DE819DF9D7AE2D635381BC
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Purebasic-2

SecuriteInfo.com.Trojan.Inject3.31705.9143.30921.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2019-12-10 07:23:34 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

29 of 31 (93.55%)

Threat level:

5/5

Verdict:

suspicious

0fadb9fa2742735b1d7001fd5511627318e45fc51d8798f5b9f4bb20cfbd70e8

1f6a8fd32a14dd74a23ad8e588d3543120b254290283d6092693d564ea0fc265

25a419f3b2963cf24fda8824b538b67dc73fd2e4d32e73cd5bfdf935c61769dd

26cb425375a7613736c367866d0b79b8b7d8845437ec88e87bc83146445f892e

40ac8e128b78d30d49accda865a6ca90a23cf7b7e5f31042c7df55a9fe1b5af4

b3d36e86a478b5223968e34ca51bff54002eb9b1a01ef26d8b657d49dd4dd831

bde46cf05034ef3ef392fd36023dff8f1081cfca6f427f6c4894777c090dad81

e2d6b8bc603260f1a7564a044523d230c31c8d873deabb579cae90b88f1b92b9

e99398f753e61710eaea626dc778a19fc47a34f103b5ff1daaa0d7ad7f6432c4

+ 45 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 50ca73e510646ea1534f248099ce844f7f6178adb93055f8459ec07645f48e79

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/342990/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
MULTIMEDIA_API	Can Play Multimedia	WINMM.dll::timeEndPeriod
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::LoadLibraryA
WIN_USER_API	Performs GUI Actions	USER32.dll::CreateWindowExA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample