MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e5b0829c6ff31260033e79d4172ef09efa4c6667a99c97b8ec82d614a68a241. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e5b0829c6ff31260033e79d4172ef09efa4c6667a99c97b8ec82d614a68a241
SHA3-384 hash: f0e63f958865ec6d8400527a0afecd127d4e3a25a058e63ac5e7a580a50ab95d7e8ef8ff5fffee6e4c8a7a27e0012ec2
SHA1 hash: bfe0409b2d2167a8c1e08cc8815713b2330a683b
MD5 hash: 653827d4799bc2feefd98261d6988103
humanhash: colorado-nineteen-robert-snake
File name:7e5b0829c6ff31260033e79d4172ef09efa4c6667a99c97b8ec82d614a68a241
Download: download sample
File size:981'712 bytes
First seen:2020-03-23 18:50:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e59c67b4e6e430c1cdb637651b728bb4
ssdeep 12288:aBqhSP9/noAxQEP0IdFct+jgo4Udff0izw/8viNE6F5cG3IuY:aZnxxfPrFct+co4Udff0caNl5cG3y
Threatray 35 similar samples on MalwareBazaar
TLSH 08258D01B182C0F2CE4417704D679776A631BE5B8B368E9F6768FE2CBD73141A53A239
Reporter Marco_Ramilli
Tags:exe

Code Signing Certificate

Organisation:GlobalSign Root CA
Issuer:GlobalSign Root CA
Algorithm:sha1WithRSAEncryption
Valid from:Sep 1 12:00:00 1998 GMT
Valid to:Jan 28 12:00:00 2028 GMT
Serial number: 040000000001154B5AC394
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: EBD41040E4BB3EC742C9E381D31EF2A41A48B6685C96E7CEF3C1DF6CD4331C99
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Zusy-6840460-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2019-02-19 14:18:46 UTC
File Type:
PE (Exe)
Extracted files:
52
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
2e13c882d28c2236893a0a543e67c74a4f2e560d98c98b800f95c07938156a37
4926b96164fb60d873073e001df509423e2935bea931191f26a938ebc1425629
56133c0d017af35f49253926e3583cf72c36146ab7faa65b6058971685166652
6edb794a9f28cbd60dcb9fefc0e145f64c9e623b3df235a4a907ca948fd1edb9
7333ddf4a7e53eeda33a8360b307471358597aeff78f4a5a7f4610640f97bdc7
7722f9fc1c3104b305915e49413e86df71e233fc2ac2914eee60ab7a59fcdf14
799b7395c9f279d8cd1cd24657788ecb37db7ae03c0dddeb3344a95a551d1325
af86c7d38b436ded683e7a304f9200312aaa8e283c31de972bfabcd87a857a1b
b00ffbe33a4398cdfdb136564f24dfd6ff292b11a9adbc4041aa2a532af6edfb
bd668ef292ae01d2ed9a32b1ea054e2acb484f61e86481f306669637ba31ce82
+ 25 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7e5b0829c6ff31260033e79d4172ef09efa4c6667a99c97b8ec82d614a68a241

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/139465/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
MULTIMEDIA_APICan Play MultimediaAVIFIL32.dll::AVIStreamGetFrame
AVIFIL32.dll::AVIStreamInfoA
MSVFW32.dll::DrawDibDraw
WINMM.dll::midiOutPrepareHeader
WINMM.dll::midiOutReset
WINMM.dll::midiOutUnprepareHeader
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteA
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetVolumeInformationA
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WinExec
KERNEL32.dll::SetStdHandle
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryA
KERNEL32.dll::CreateFileA
KERNEL32.dll::GetFileAttributesA
KERNEL32.dll::FindFirstFileA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExA
ADVAPI32.dll::RegOpenKeyExA
ADVAPI32.dll::RegQueryValueA
ADVAPI32.dll::RegSetValueExA
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuA
USER32.dll::CreateMenu
USER32.dll::EmptyClipboard
USER32.dll::OpenClipboard
USER32.dll::PeekMessageA
USER32.dll::CreateWindowExA

Comments