MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d9e4abeeecf4ac855880206049246abe0f49a14bfc693349a81605478dde63b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d9e4abeeecf4ac855880206049246abe0f49a14bfc693349a81605478dde63b
SHA3-384 hash: 6d63a92a53cd0fc38dad32bdc7492f7597d0b2329e19af51b2f2a1c77a7358f9d247dba07e3db8aecb3ee63b36b6c771
SHA1 hash: 6ea98c88ad2e80a800d6538f7008b35e0c139842
MD5 hash: 2237037d4fe50964e32bd5392883738f
humanhash: mountain-ohio-fillet-grey
File name:Ea2.exe
Download: download sample
File size:144'896 bytes
First seen:2020-04-03 13:36:46 UTC
Last seen:2020-04-03 14:34:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 3072:fodBIM+lmsolAIrRuw+mqv9j1MWLQpg9FlCl:Q7+lDAAbc
Threatray 714 similar samples on MalwareBazaar
TLSH 2CE398E1A740C465D8A79679C43BDAF3A423AE0DDC68490E2DD2FF0B7D72346402799B
Reporter Jirehlov
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Ransomware.Hiddentears-7648972-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Filecoder
Create hunting rule
Status:
Malicious
First seen:
2020-04-03 02:10:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
12
AV detection:
27 of 30 (90.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
7ed29b5971fdfce885116395debc7289bf0e27966e6c72e41f0e6902b30c6575
9b5b44ded4ede28d92834c4db286780a5628d02597a739ff3633f808d47f0939
a46eb9ad512b0b9355c24ab2320a1cd25758bc5e90485a476596982d41f9fe56
af076d38fb1a0fe805a6a835aefa72a1eaa827bb0421dcc91bd2e6153469d60d
b1bfc64b0b5890c39650f9ec6a12bb8b7c4b84654de8898d694f199f359b12a5
b65aa99b0824e448e16e18d72469f80fdf29d0febdb289d7723f0f96b31c4ad4
b97bfa891b722322095fcbd10be1c232066827749e4f5dc945beacf1a84d1658
c63e2af7f161a564776dd540773f8e7c8581e93318bf6e2d0e065f7df45de3fb
dd6ab0ee0989e19bb410f9829d8c325d88a4c339c2d088635804423df20567d9
e9f48ee07c060bd829f28387a16c8eba4ef1d2fb475fc03a09d944cc858b77fb
+ 704 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments