MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 67a0f7b898bf9f2a93780e7b4b5b51fe9a8a1a6e31975d6d29dbb624f1c71fe6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 2
| SHA256 hash: | 67a0f7b898bf9f2a93780e7b4b5b51fe9a8a1a6e31975d6d29dbb624f1c71fe6 |
|---|---|
| SHA3-384 hash: | bc286752d26a8957e8e1e57ff0847f27e7e61da11292f795e706a033e3387b9978d8327a6569021aed587cce6fba556c |
| SHA1 hash: | 1e7a04bdfaff4bdae5d922602f79b86b106f101f |
| MD5 hash: | 2e67a92ff0dbfb632ac59cd2d26e0775 |
| humanhash: | bravo-carolina-west-pip |
| File name: | 67a0f7b898bf9f2a93780e7b4b5b51fe9a8a1a6e31975d6d29dbb624f1c71fe6 |
| Download: | download sample |
| File size: | 958'866 bytes |
| First seen: | 2020-03-30 07:07:58 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | e2f2de0565947a20e5170cfa9541da7a |
| ssdeep | 24576:2u43OS5xn3Sy1X2C9v+mgJXTF2NHkxM/OuBx:2hJFaCEjpTF2tkyfr |
| Threatray | 1 similar samples on MalwareBazaar |
| TLSH | 0C15D003B943E521EE2085BBA0BE63786B7197211D6395135BD8AC13BF25D374B23B4B |
| Reporter |  Marco_Ramilli |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Gathering data
Threat name:
Win32.Trojan.Occamy
Status:
Malicious
First seen:
2013-01-14 23:23:00 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
13 of 31 (41.94%)
Threat level:
5/5
Verdict:
suspicious
Similar samples:
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 67a0f7b898bf9f2a93780e7b4b5b51fe9a8a1a6e31975d6d29dbb624f1c71fe6
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_NX | Missing Non-Executable Memory Protection | critical |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| COM_BASE_API | Can Download & Execute components | ole32.dll::CreateStreamOnHGlobal |
| WIN32_PROCESS_API | Can Create Process and Threads | KERNEL32.dll::CloseHandle |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::GetDriveTypeA KERNEL32.dll::GetStartupInfoA KERNEL32.dll::GetCommandLineA |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::SetStdHandle |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CreateFileA KERNEL32.dll::DeleteFileA KERNEL32.dll::MoveFileA KERNEL32.dll::GetFileAttributesA |
| WIN_REG_API | Can Manipulate Windows Registry | ADVAPI32.dll::RegOpenKeyA ADVAPI32.dll::RegQueryValueExA |
| WIN_USER_API | Performs GUI Actions | USER32.dll::AppendMenuA USER32.dll::CreateMenu USER32.dll::CreateWindowExA |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.