MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70b3e86ab4bda10e5ccb441fb356f193ee69f709b9d827b8f1bfd0077a64316e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70b3e86ab4bda10e5ccb441fb356f193ee69f709b9d827b8f1bfd0077a64316e
SHA3-384 hash: d885c8d653f67be6124984e52f2800a67b7c244853fce4d47ed1e27865966ad5c42dcc8ac5559516671922d78700822d
SHA1 hash: 549e9f33f586c123109fa5c353b392156abf656a
MD5 hash: f20e0254033f8fab1732aab308935145
humanhash: uniform-football-may-table
File name:infodayclubhai.com__okwu.exe
Download: download sample
File size:671'744 bytes
First seen:2020-03-18 18:12:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0f35a3ddbbd55fe95b6ea80734431837
ssdeep 12288:qIXjI3AjFJ/wSRmfqNQDBDd4Fd73qzbgMz3ln3pDulh6MBrnR4xZ0N8/:XTqAjFJ/wSRmfqNQDBDiFd73qzbgMz1X
Threatray 128 similar samples on MalwareBazaar
TLSH 15E44B6016CB5A3FEE5F48B331118579D270FE52A98CB9743EC4B3A613BE3AB5854306
Reporter ov3rflow1
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Gamarue-7088569-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2018-04-10 07:31:54 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
29 of 30 (96.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
240cb0b0443f8e63dc65887da08db0b05a6912be194bd870b07e4cd86865d12a
5e57e98ff9180e08404e1ddaf29e274ab4df1149b2cbfbdf3422ae460afbafac
5ee970db11a1dbfeff58b1f1206045d141022d6d396d50ba571910522a2c106d
78c42daa9bd978e2e2ca039a54f167f5090681124f402fa9c9bd69a2dd23bc26
9026e9b714998846a26087ed7f5a276b1399204a1e34d469571a7301ce720931
964e7b311e933799477fd793aa4e7721af35fe5c494fd9d995a6a620b162e516
977c4348075fea725b12f615548b5c586ad1abbaa00c9c51b972278f46adacc5
a8af98897cc2adfa6868c15ad536d7359f749ff3bb8cf9be11c7e45d437dc37f
b0f0758152599d38ebd0f485f435536f73819ae3fcdddbef8a182b8e06eaa01d
d1c9b6cc284f964d7a65df78137c404f2d24562354681f64433c7e2f25e30588
+ 118 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/70b3e86ab4bda10e5ccb441fb356f193ee69f709b9d827b8f1bfd0077a64316e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/4296/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments