MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f54a053d96ba1517334903d7a2bf8ec246c49a31b321251f4bdee4eef8a37d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments

SHA256 hash: 6f54a053d96ba1517334903d7a2bf8ec246c49a31b321251f4bdee4eef8a37d6
SHA3-384 hash: d63a63167a85ac12fc407ea891179a8f1df1a7fe4033ed4b6f19fe3e19096835a7b2fe4dd31d24c465e63e7bda27051c
SHA1 hash: 0ca5b414b43cd0760755c61f7543d7e36d2f41e1
MD5 hash: b7ab5805343621630d8c0681fb56952e
humanhash: mike-pip-six-july
File name:6f54a053d96ba1517334903d7a2bf8ec246c49a31b321251f4bdee4eef8a37d6
Download: download sample
File size:16'896 bytes
First seen:2020-03-23 18:46:53 UTC
Last seen:2020-03-30 07:07:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 053add15c22986c44682599355db666f
ssdeep 384:q2V2wr8TgJ7Mi9OoJmnutuSISynkT7FqhNmb5d3NCnlJlQyeIjIA:q2cwr8TE7Mi9OoJmnutuSISynCpLdCnr
Threatray 25 similar samples on MalwareBazaar
TLSH 8172F826F883C2B2F8D159B756B6EA3A566D18302F3C4CDBC7D095D918349E27938B07
Reporter Marco_Ramilli
Tags:exe

Intelligence


File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6f54a053d96ba1517334903d7a2bf8ec246c49a31b321251f4bdee4eef8a37d6

(this sample)

  
Delivery method
Distributed via web download

BLint


The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::OpenProcess
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::DeleteFileW
KERNEL32.dll::FindFirstFileW
KERNEL32.dll::RemoveDirectoryW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegSetValueExW

Comments