MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a71512b2f6878daa9df333705736af7c3a7e0c3a5327f4d245ac2c5eb0c7d5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a71512b2f6878daa9df333705736af7c3a7e0c3a5327f4d245ac2c5eb0c7d5a
SHA3-384 hash: 47cca0c2b3ab40b7b0096695dbc25213b0cc29514c9349ef30afe6943b56150ecf9564a7fbf876fd443ca87f6acdb27f
SHA1 hash: c8e8034e76f5bf28f9fe5a170e100d5f882b6d15
MD5 hash: 2c8c6eec7fc15425f5ade71ac943764c
humanhash: lactose-network-twelve-river
File name:Order4323.img.exe
Download: download sample
Signature Loki
Create hunting rule
File size:45'056 bytes
First seen:2020-03-17 06:49:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash db97ff6b12792525f9f8fdb570966e52 (1 x Loki)
ssdeep 768:61xoizJw9Zvkkmm399qLfobGxBmUW+qqcDnoDGS:COimXx3GPmKuoGS
Threatray 1'160 similar samples on MalwareBazaar
TLSH D0137B373138C078E14CFA74DCDF729D2023FE924961592B22D17F6D2C7EA858BA6499
Reporter cocaman
Tags:exe Loki

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedENT.133.18646.1519.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-17 12:59:26 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tjyvckzpnb4nvko7gm3qk43k67b2pygduuzh6tjellbml2ympvna._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0d812586b239b0ce1c4f3f9347386c75e70ab098659c019e100160078b821aa5
Loki
1f3842bc152088bc10de6e14adabf860902dee318375a6567e0b85a9faaed1f0
Loki
37259fff5937e8c92679a70cff7fc4b81043451ce705c982398865b17c7fd2a5
Loki
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
Loki
5c3bde59fa48471670841beba658fc9cfe707fac64b4b7f8446dd51a7706d133
Loki
7f75534af5e989dd99a02227f555d7fdb4b57396b2eb8fb02eb71623b857395e
Loki
8dfca70c89e2310b9f8af5cff4ace9dc09676db2e19950afb205518c581f9627
Loki
96ffe97ffd555e8f1329ba24b40cba5320d5bc1ef51fb0155b9dea55bf842487
Loki
e9c72773235196502fbbb9eb387351945503ce887cd1d873b70b2a92e3a913a2
Loki
f473972f1bc6adb86928a21d4a7af08550aec0ca5c17056a95e830142a2e8f11
Loki
+ 1'150 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9a71512b2f6878daa9df333705736af7c3a7e0c3a5327f4d245ac2c5eb0c7d5a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 2e8b8a69cbda77f55c8381d1d6ef593c9b69ca2d3ed624718b452d35cf9a698a

Loki

Executable exe 9a71512b2f6878daa9df333705736af7c3a7e0c3a5327f4d245ac2c5eb0c7d5a

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 2e8b8a69cbda77f55c8381d1d6ef593c9b69ca2d3ed624718b452d35cf9a698a

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments