MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f54a053d96ba1517334903d7a2bf8ec246c49a31b321251f4bdee4eef8a37d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	6f54a053d96ba1517334903d7a2bf8ec246c49a31b321251f4bdee4eef8a37d6
SHA3-384 hash:	d63a63167a85ac12fc407ea891179a8f1df1a7fe4033ed4b6f19fe3e19096835a7b2fe4dd31d24c465e63e7bda27051c
SHA1 hash:	0ca5b414b43cd0760755c61f7543d7e36d2f41e1
MD5 hash:	b7ab5805343621630d8c0681fb56952e
humanhash:	mike-pip-six-july
File name:	6f54a053d96ba1517334903d7a2bf8ec246c49a31b321251f4bdee4eef8a37d6
Download:	download sample
File size:	16'896 bytes
First seen:	2020-03-23 18:46:53 UTC
Last seen:	2020-03-30 07:07:15 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	053add15c22986c44682599355db666f
ssdeep	384:q2V2wr8TgJ7Mi9OoJmnutuSISynkT7FqhNmb5d3NCnlJlQyeIjIA:q2cwr8TE7Mi9OoJmnutuSISynCpLdCnr
Threatray	25 similar samples on MalwareBazaar
TLSH	8172F826F883C2B2F8D159B756B6EA3A566D18302F3C4CDBC7D095D918349E27938B07
Reporter	Marco_Ramilli
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win32.DH_Pg.18110.25621.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Coinminer

Status:

Malicious

First seen:

2018-05-15 07:08:00 UTC

File Type:

PE (Exe)

AV detection:

31 of 44 (70.45%)

Threat level:

2/5

Verdict:

unknown

1b437ce4268b47520fd7b235482738075e7f7bf07e18512b4bb0e4703ee9e8b9

68657be04f5b550fec4671437e5dc5849408eada96f5ff44cb0972b0e28ca5be

7e118b534abb919903bc15b33f5fe2db15a54f7f39a7abc87c61e4617f35c0d2

8df08ecd3c08c6e28a5d73869b6c3a980363856cce72dd9a1c2170c75332a451

9bd8f6b14fc155ec3a53abbbba0e0528f5e95e92b712b2e0c89c221c2e420197

d3baf4f620bd6a65ad0bd17009869a496b7e660d97be21db920daedcf8f95868

f4e66813b40d4afceab66f9a176e7098016cd7bf38e49ec886c5c09b7b3716de

f8a3b64aa3c1c639a5ce1b100de860d4f97703879df0d01ce0118ae97c1b7423

fb2d188c2db03bd1a6c48b8379492e9deedc69f32657f2cda5205070595e85a7

+ 15 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 6f54a053d96ba1517334903d7a2bf8ec246c49a31b321251f4bdee4eef8a37d6

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/166111/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CreateProcessW KERNEL32.dll::OpenProcess KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::DeleteFileW KERNEL32.dll::FindFirstFileW KERNEL32.dll::RemoveDirectoryW
WIN_REG_API	Can Manipulate Windows Registry	ADVAPI32.dll::RegOpenKeyExW ADVAPI32.dll::RegSetValueExW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample