MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a37dbecf825521597ec511ae03e854c8000c9b6220db8f10bf18415fa856a90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	5a37dbecf825521597ec511ae03e854c8000c9b6220db8f10bf18415fa856a90
SHA3-384 hash:	4bf1e9b4b6ae5775de9c9bd621d9817cedfd05bb178ad498e0a88ccf4c70f9bb4368fa647e1e9c643affb79c72676a47
SHA1 hash:	da4075ebddcc0c428d9f4dec3e35af2ae2841253
MD5 hash:	ef686a9bbddd741e7d753787f0663487
humanhash:	saturn-coffee-network-video
File name:	5a37dbecf825521597ec511ae03e854c8000c9b6220db8f10bf18415fa856a90
Download:	download sample
File size:	229'376 bytes
First seen:	2020-03-23 18:49:12 UTC
Last seen:	2020-03-30 07:08:29 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	ccf44ff0cd6710e1e35d2c61cd7340a3
ssdeep	3072:EcOeo/4LsqQT6EGS0n2iiEa8uGXXTwoMwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwc:Slas91GhZuGTR
Threatray	685 similar samples on MalwareBazaar
TLSH	B724AF643446F156FC548EF736D6C3A8E4B300B1C8A9FECF8E57C6550E254EB91E2A0A
Reporter	Marco_Ramilli
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.VBEmailGen-6231041-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2017-04-02 07:05:00 UTC

AV detection:

30 of 31 (96.77%)

Threat level:

5/5

Verdict:

malicious

5f9b8ce62abc0d49b1bb253bd51286151a8b3d3f09fdb9e37cd964f80df26669

8533f6030709d8f590c3e50dd87edf7cc841d2b4b455e209a7999c0ef1b1d743

a45d9c8d3f5ceb809b8ee497e806d29d6e379ae0603aea8b733096afcf86bdcc

aa3420190b3e22959cfb4715307027404fe5cb492faf5546189a20b82b9e4e37

ad64a6eaa5d2494a4161158792e7cde3fb7d9a7bd36f06cc0de271192582f439

b1d1654f14052fe13960bbde4280f2f1d34e802293dddb47c971ce833bb5bda5

c0b3f80b09b6851a3dd4ba2a7bd1ef106779f671b324dd4f490c6dbdb8865ec5

c9dae8af9343e2bb59a9c6cbfa04b09bcbffe2a75893d797ec2a9c50c6253afe

d629c357618d0af63380cbd227dcdba8ec9af89e243ae67faaa7343ce9a91f01

+ 675 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 5a37dbecf825521597ec511ae03e854c8000c9b6220db8f10bf18415fa856a90

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/250600/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaSetSystemError MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaErrorOverflow

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample