MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
SHA3-384 hash: 1638b326d8c51f81e64b398d4f3fefe6724635e8b7f5a783395f3b2d8438d1c81196cd9e3eafd74779d51a673697ab37
SHA1 hash: deab0a1aa0adcdf49b400b1b12f934512821774c
MD5 hash: b41165d66baf01deab51eb898d1670ad
humanhash: ceiling-magazine-table-spaghetti
File name:REQUEST FOR QUOTAION.doc.exe
Download: download sample
File size:856'064 bytes
First seen:2020-04-06 17:27:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7dc2d3386fee88913d9b97194d8a771a (1 x FormBook)
ssdeep 24576:MJXKUe2kmGu3+P7H0oHi1QwUZxvQYvAsJBBN3QHR6TeusWi:EXKv2kmGP4oL
Threatray 5'101 similar samples on MalwareBazaar
TLSH 71056B85D08ECED0D45EA1BFE965D4F1896EAC39D5B22D2350F4BFAAF470581C02BE42
Reporter JoulK
Tags:FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 17:36:02 UTC
File Type:
PE (Exe)
Extracted files:
13
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rbbkynexy53vc6zpdaks5k5kbgkkiygsjf3tuxujutqwxsrl25aq._file
Verdict:
malicious
Similar samples:
00983a8176276beea115d21fef7919c49b29b96d78dbc2151cc04cc7d8c95b35
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
09a67c040e7c62e6dd1c7ef264524d15f8ac6f91cf238e429ef638dfc3225556
12f801c37aa2f91921e145d6860aa5f2bdb0e0ef9fcadd07de9b00fb8ed91338
16de0aa2d02fae6460bb173c9104df4fa758343ab226aea79a3910dce19fa58e
2084e95f6624b243760b5ac8e5f486168a84a08cb0d71b285f01720ebd77ee8f
75952934e5ef6bb74f29c3320ef112e219cc953dc5ed8c351d742448f61161ff
7caa60665e3824a3571669e2f6efe2757e5521af83e28022e5079074e042d52f
ebfc26187e0b0ad6924461b1f2476321c53b5a23fbfe246e3ed5a475a1ea5678
ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733
+ 5'091 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW

Comments