MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65c86813da2eb5bfc495e538fa4e77f8c3a3c03418e655ac8262bc0aa42281ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 65c86813da2eb5bfc495e538fa4e77f8c3a3c03418e655ac8262bc0aa42281ba
SHA3-384 hash: 4f695b331a1f7c252f0688065b6e7a9e5b4d909df3f9b4bbb6eedc9ef627d4aa8895652be5bbd2b86a677b71a2f4de46
SHA1 hash: 628996d50fffd042a456d8e39f7639f6fbc6921b
MD5 hash: c46f4ed52ef976c2948e9bf1ad16055d
humanhash: cola-quiet-moon-venus
File name:19397.jpg
Download: download sample
File size:823'808 bytes
First seen:2020-04-27 09:29:35 UTC
Last seen:2020-04-27 09:33:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 46978de0f8944a65af1673d613222a98 (5 x Smoke Loader, 5 x Vjw0rm, 3 x FormBook)
ssdeep 24576:nNR2zaQBt37/CZ0w1PeWnzqhqCC6+PEpQ:+UsrC6aEe
Threatray 176 similar samples on MalwareBazaar
TLSH 97057C12B3D3C1B6EFA225F2C5B553320939BC38173CA6DB7390392EE9A06C16A75355
Reporter JoulK
Tags:powershell

Intelligence

File Origin
# of uploads :
2
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Autohk-6995517-0
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Autohk
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 09:35:23 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
20 of 30 (66.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0c3ffcd5a7623471ea4ebd0df78300568f641bba314b956f5837c2b829c87334
3afe4dd1466eb99bc7ab905a2363173dc043f9060982c49b6f5da73293f7d6ed
50871371de6754f17507213f50bd7748814f8a99899599f835701c5a772c89c7
693626ad4ce750ecb027980dfb505ca69872923702dfe564e0adcb651e8c60d9
849af25a67d831b8e5d90cc6e4b51014a3a4d9f474f7363865cbd98c4dc0ea5a
b254d7faa603b46c4c63f6d1f88d65767fb80638a000967fe527b9572b956e35
cb663a4fa79cb0fcb52c3049b65b1a012c45e72badc13c931fc2c72a8a94dcca
d7a340421f260de130a285233b110130fbccd2f26f1f70fc1600bf2855073017
e7c777cc2838334214d3349178f52cd2fdce9138cbd51de1c62bcc73a3478a4f
e942c853f791a2ebd37ae59344bf8878d9a02cdcb83848a68876c49497c642d2
+ 166 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 65c86813da2eb5bfc495e538fa4e77f8c3a3c03418e655ac8262bc0aa42281ba

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/351859/
  
URLhaus
https://urlhaus.abuse.ch/url/351907/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
ole32.dll::CreateStreamOnHGlobal
MULTIMEDIA_APICan Play MultimediaWINMM.dll::joyGetDevCapsW
WINMM.dll::joyGetPosEx
WINMM.dll::mciSendStringW
WINMM.dll::mixerClose
WINMM.dll::mixerGetControlDetailsW
WINMM.dll::mixerGetDevCapsW
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AdjustTokenPrivileges
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteExW
SHELL32.dll::SHFileOperationW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::OpenProcess
ADVAPI32.dll::OpenProcessToken
KERNEL32.dll::VirtualAllocEx
KERNEL32.dll::WriteProcessMemory
KERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetDriveTypeW
KERNEL32.dll::GetVolumeInformationW
KERNEL32.dll::GetStartupInfoW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::GetWindowsDirectoryW
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameW
ADVAPI32.dll::GetUserNameW
ADVAPI32.dll::LookupPrivilegeValueW
KERNEL32.dll::QueryDosDeviceW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegConnectRegistryW
ADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryInfoKeyW
ADVAPI32.dll::RegQueryValueExW
WIN_SVC_APICan Manipulate Windows ServicesADVAPI32.dll::OpenSCManagerW
ADVAPI32.dll::UnlockServiceDatabase
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuW
USER32.dll::CreateMenu
USER32.dll::EmptyClipboard
USER32.dll::FindWindowW
USER32.dll::OpenClipboard
USER32.dll::PeekMessageW

Comments