MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a06e82fbe300512f791edae916c94a5d9fe6ba93072545ecd6e12b4e234b240. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	9a06e82fbe300512f791edae916c94a5d9fe6ba93072545ecd6e12b4e234b240
SHA3-384 hash:	9025c9e3404a6b7ba9b5ff38037d645c1c46128cffc8b2b9ff73659b4dc14922b5a7f221bdbaa585b29d7dc66b47364f
SHA1 hash:	502b05a6843af2f72d4cb22dfcf653c6378d3c1c
MD5 hash:	7cf439a90c9bda04350536d7deac816c
humanhash:	seven-utah-pasta-carolina
File name:	9a06e82fbe300512f791edae916c94a5d9fe6ba93072545ecd6e12b4e234b240
Download:	download sample
File size:	83'980 bytes
First seen:	2020-03-29 16:04:54 UTC
Last seen:	2020-03-30 07:05:20 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	19d34cfefc7753f447b11814af3adaac
ssdeep	1536:eNVoCGPBI2qFeIykRtqL8Csw7hLYEcDj8epKzIzBK/anhF:eEtI2vIRALGfj8eEzABhhF
Threatray	50 similar samples on MalwareBazaar
TLSH	8D83E005BB28EE87C6E2097D28638D536929FD51AB7ACB8B16453F0F1C731D09D93326
Reporter	Marco_Ramilli
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.PrivateExeProte-16

PUA.Win.Packer.AcprotectUltraprotect-1

PUA.Win.Packer.Anti-28

PUA.Win.Packer.Anti-29

PUA.Win.Packer.Nspack-25

PUA.Win.Packer.Nspack-19

PUA.Win.Packer.Nspack-8

PUA.Win.Packer.Nspack-7

Win.Worm.Mytob-270

Gathering data

Threat name:

Win32.Trojan.Mytob

Status:

Malicious

First seen:

2011-07-11 23:34:00 UTC

AV detection:

27 of 45 (60.00%)

Threat level:

5/5

Verdict:

malicious

401fee4ea16b56dc139714826f90e8ca5e716d9e3d24f05b06750e1a831db297

496b39b696da8c81b7f0d57b3b591a9c948bf88d8ba375618703edcb18f4c27d

4ebab6676f91935e7d16e72b19543b818a6abfbf2b1e38e03afd7452644acd2e

5942b57d50e389ec7be01bd5b4007249e3755064fe156941dfbe310f7fa53a73

5951c20ac13703be6a8866f1cda93fa40e40e420cc0cec289344aa0a7c29e760

b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7

d9b7293da93fe26342d47b1f00180746b3ee0ca251965e199996ad38c82fa422

e6fd67f6f97b12e9c521c165db7d021c9c86ac1f45582692a8972090f20a9a6d

f56671421295bb65ac0572a24d6638c072465d4061eb7f1e8ad9fdc3c2967913

+ 40 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 9a06e82fbe300512f791edae916c94a5d9fe6ba93072545ecd6e12b4e234b240

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/106094/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
SHELL_API	Manipulates System Shell	SHELL32.dll::ShellExecuteA
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA
WIN_SVC_API	Can Manipulate Windows Services	ADVAPI32.dll::QueryServiceConfigA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample