MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6576da1f0d0e8c2d7457c2898d0b8d2d7ad40527c60473910f86da6cf39c0951. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6576da1f0d0e8c2d7457c2898d0b8d2d7ad40527c60473910f86da6cf39c0951
SHA3-384 hash: a9a68ffdf02c96a8546189abae0a8aad76f09efa992551e1ad71aa1efc5b5be2b3628f34646ddb7dd33c521f2a68dc09
SHA1 hash: 65764ac0f8cd50d3c0e2d74f789e702a6353c26c
MD5 hash: 9d32cc86f7791185dec921fbc7b3be78
humanhash: lactose-foxtrot-paris-arizona
File name:pink.dll
Download: download sample
File size:845'824 bytes
First seen:2020-04-29 07:50:35 UTC
Last seen:2020-05-05 06:38:54 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash c44f1a7ddfafcb51bcb16c2efcae0549
ssdeep 6144:DcK67aRy6UdMWb3CTX/u+YyxEN5XCy8GEj9N2ldrNdeE0+qpO3B3B:xc6NWjCT/u+Yyxs8mDR0+CA
Threatray 84 similar samples on MalwareBazaar
TLSH 39050629A64394DBE3703534E7E20E47A95179E6E4300D8F7ABEAE4C2F706917C19DC2
Reporter Racco42
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 19:07:27 UTC
File Type:
PE (Dll)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0b8585bcbc29e0a8f25118bc695cade9fed7a4676f3ea471bf08c869d8c85b63
1130c38b05892129ef1a97693b0d3797a45ec69fe0d95bc28e4b09e3d4dd0e9c
30e772385fc3887fdd1ef1e358dc05cc83da655ecf53257800daf5d68ae430fd
4553d627f2509e19e9b84491c08ec9854d785df4f74e900b969c57ccd244c086
bc0b57f04efe4239fcc02f049c97016c653c963de8cbe45bcf9449cd16919f08
cc87e6581ca91f941f65332b2de0e681d58491b54aff9d0b30afae828a5f5790
dd11381223ab1902db2963df4cbe3299e42064a5857545560f913647c1f70c5a
e4d0a79d2463c5d3a71874e3389fa753f480b96639ad32baf1997baf8e5f714a
edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55
fffd7bc61eb5b9759a97699efdf9455b76d9e198b87d75ebdb8a2fa2a4a08306
+ 74 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Visual Basic Script (vbs) vbs 78dbc02966ef38d387bbab8157a0a22595080f8f25f8efeef768bb82bf37f32e

DLL dll 6576da1f0d0e8c2d7457c2898d0b8d2d7ad40527c60473910f86da6cf39c0951

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 78dbc02966ef38d387bbab8157a0a22595080f8f25f8efeef768bb82bf37f32e

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIkernel32.dll::LoadLibraryA
WIN_BASE_EXEC_APICan Execute other programskernel32.dll::GetConsoleCP

Comments