MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 57e3744a334a41c72da8b33a11d134bf5004cbb75409e6e4e43ffa9cdd5ec52d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 2
| SHA256 hash: | 57e3744a334a41c72da8b33a11d134bf5004cbb75409e6e4e43ffa9cdd5ec52d |
|---|---|
| SHA3-384 hash: | 2ea09e966ff895e58e822b788ba5620db8d141011bae395a530848c65201b9a445bcbe02671c9ee21393ba2491cff27a |
| SHA1 hash: | 378e399cd1b0e8f15f8e891387be782e6cf01c67 |
| MD5 hash: | 16dddc13f387b63530555665021be31e |
| humanhash: | lake-five-lemon-summer |
| File name: | SecuriteInfo.com.Generic_r.FPU.5703.16603 |
| Download: | download sample |
| File size: | 148'992 bytes |
| First seen: | 2020-04-09 10:37:47 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 3eef63a9074cade023a62e2ebdf31860 |
| ssdeep | 1536:ia0dkJcE9FWrsyZK4aUkJ+sMpQCrIULTRN9EQQ5gci1fnGaBsWjcdpvJ+qHf7Uib:x0+HAaUO1C9dNaph+EUidlq3WWDSh |
| Threatray | 10 similar samples on MalwareBazaar |
| TLSH | DCE39D1276D1C0B0D5A6027158F9AF22567EFC360F748ECBB7C45A8E5D302C16A36B9B |
| Reporter |  SecuriteInfoCom |
Intelligence
File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Gathering data
Threat name:
Win32.Trojan.Fushield
Status:
Malicious
First seen:
2020-04-06 12:16:27 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
28 of 31 (90.32%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 57e3744a334a41c72da8b33a11d134bf5004cbb75409e6e4e43ffa9cdd5ec52d
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
| CHECK_TRUST_INFO | Requires Elevated Execution (level:requireAdministrator) | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| AUTH_API | Manipulates User Authorization | ADVAPI32.dll::AllocateAndInitializeSid ADVAPI32.dll::FreeSid |
| DNS_API | Performs DNS calls | DNSAPI.dll::DnsQuery_A |
| SECURITY_BASE_API | Uses Security Base API | ADVAPI32.dll::AdjustTokenPrivileges ADVAPI32.dll::CheckTokenMembership |
| SHELL_API | Manipulates System Shell | SHELL32.dll::ShellExecuteExA |
| WIN32_PROCESS_API | Can Create Process and Threads | ADVAPI32.dll::OpenProcessToken KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::LoadLibraryExW KERNEL32.dll::GetSystemInfo KERNEL32.dll::GetStartupInfoW KERNEL32.dll::GetCommandLineA |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::WinExec KERNEL32.dll::WriteConsoleW KERNEL32.dll::ReadConsoleW KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleCP KERNEL32.dll::GetConsoleMode |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CopyFileA KERNEL32.dll::CreateDirectoryW KERNEL32.dll::CreateFileW KERNEL32.dll::CreateFileA KERNEL32.dll::DeleteFileA SHLWAPI.dll::PathRemoveFileSpecA |
| WIN_BASE_USER_API | Retrieves Account Information | ADVAPI32.dll::LookupPrivilegeValueA |
| WIN_REG_API | Can Manipulate Windows Registry | ADVAPI32.dll::RegOpenKeyA ADVAPI32.dll::RegQueryValueExA ADVAPI32.dll::RegSetValueExA |
| WIN_SOCK_API | Uses Network to send and receive data | WS2_32.dll::WSAIoctl WS2_32.dll::WSASocketA |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.