MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 8189bd53be9671b5323cb80f5594fe36ef1f91d6cd6f3e241baeb7f74b6c6eb7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 8189bd53be9671b5323cb80f5594fe36ef1f91d6cd6f3e241baeb7f74b6c6eb7 |
|---|---|
| SHA3-384 hash: | 033219b543633f778e4a14c07337b76f1c733ce3e9e2940655c8ad70ba825c7a9e1d6347b33c204db87b7cb552a4fe9e |
| SHA1 hash: | 6d576de44b7aa16a35b3a9c8448905ca4214ca69 |
| MD5 hash: | 13be235f367130d8175b23fce6774df2 |
| humanhash: | artist-pizza-avocado-asparagus |
| File name: | SecuriteInfo.com.Trojan.Siggen9.33305.23336.13590 |
| Download: | download sample |
| File size: | 1'134'592 bytes |
| First seen: | 2020-04-06 23:40:31 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 3a10e9ee7a15aa816cd28e2267dc5f16 (1 x Loki) |
| ssdeep | 12288:8cgK8bhu71Cs31h2SDiLzNu1CVmp240X+Q+7owAMck8YkM83JlssS5O58YBCX:8RBbsRB2zgz0X7dMG55lssYOPBA |
| Threatray | 307 similar samples on MalwareBazaar |
| TLSH | 9C3517A296524036D9211E3968325D69483F3F017CACBD4D3EE0F7188F3BEE665257A3 |
| Reporter |  SecuriteInfoCom |
Intelligence
File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-04-04 01:00:45 UTC
File Type:
PE (Exe)
Extracted files:
54
AV detection:
27 of 31 (87.10%)
Threat level:
5/5
Verdict:
malicious
Similar samples:
+ 297 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 8189bd53be9671b5323cb80f5594fe36ef1f91d6cd6f3e241baeb7f74b6c6eb7
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_NX | Missing Non-Executable Memory Protection | critical |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| COM_BASE_API | Can Download & Execute components | ole32.dll::CoCreateInstance |
| WIN32_PROCESS_API | Can Create Process and Threads | kernel32.dll::VirtualAllocEx kernel32.dll::CloseHandle kernel32.dll::CreateThread |
| WIN_BASE_API | Uses Win Base API | kernel32.dll::LoadLibraryExA kernel32.dll::LoadLibraryA kernel32.dll::GetSystemInfo kernel32.dll::GetStartupInfoA kernel32.dll::GetDiskFreeSpaceA kernel32.dll::GetCommandLineA |
| WIN_BASE_IO_API | Can Create Files | kernel32.dll::CreateFileA kernel32.dll::FindFirstFileA kernel32.dll::GetTempPathA version.dll::GetFileVersionInfoSizeA version.dll::GetFileVersionInfoA |
| WIN_REG_API | Can Manipulate Windows Registry | advapi32.dll::RegOpenKeyExA advapi32.dll::RegQueryValueExA |
| WIN_USER_API | Performs GUI Actions | user32.dll::ActivateKeyboardLayout user32.dll::CreateMenu user32.dll::FindWindowA user32.dll::PeekMessageA user32.dll::CreateWindowExA |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.