MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 aa8c5d42026ac9a483f1984f762441d7f5805ef914819b473f9e15353995cc99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 4
| SHA256 hash: | aa8c5d42026ac9a483f1984f762441d7f5805ef914819b473f9e15353995cc99 |
|---|---|
| SHA3-384 hash: | a126185f9137515353d269fde8136cf5c59b20af708e31cba91a8876df0fa33dcf19ec139da9eca2b539d9912d02d107 |
| SHA1 hash: | e2aaf9e85bb97ed07bb9c00321f244763037fb2c |
| MD5 hash: | 3880b3ff41deb92ebbdcbff5e5038921 |
| humanhash: | eighteen-idaho-nine-leopard |
| File name: | aa8c5d42026ac9a483f1984f762441d7f5805ef914819b473f9e15353995cc99.exe |
| Download: | download sample |
| File size: | 761'856 bytes |
| First seen: | 2020-03-19 02:13:23 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | d7a2105ad1e8c50373aa800e9834c90d |
| ssdeep | 12288:d5Jmh4RSDskxsr1nKUJZSwEVp7eO1NmymxXyhAUWs4ie:DJmbir1KUJ4wTyBmxXyhz5T |
| Threatray | 37 similar samples on MalwareBazaar |
| TLSH | A3F42324B492D437C6624AB56D7596384EBE74362A68580F37690FFE4E103C39A3B387 |
| Reporter |  fbgwls245 |
| Tags: | Ransomware Stop/Djvu |
Intelligence
File Origin
# of uploads :
1
# of downloads :
184
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Stop
Status:
Malicious
First seen:
2020-03-18 13:36:12 UTC
AV detection:
26 of 30 (86.67%)
Threat level:
2/5
Verdict:
malicious
Similar samples:
+ 27 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe aa8c5d42026ac9a483f1984f762441d7f5805ef914819b473f9e15353995cc99
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
| CHECK_NX | Missing Non-Executable Memory Protection | critical |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| WIN32_PROCESS_API | Can Create Process and Threads | KERNEL32.dll::CloseHandle |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::FindFirstVolumeMountPointW KERNEL32.dll::FindNextVolumeA KERNEL32.dll::LoadLibraryA KERNEL32.dll::GetStartupInfoA KERNEL32.dll::GetCommandLineA |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::WriteConsoleOutputCharacterW KERNEL32.dll::WriteConsoleA KERNEL32.dll::WriteConsoleW KERNEL32.dll::SetConsoleCtrlHandler KERNEL32.dll::SetConsoleCursorPosition KERNEL32.dll::SetStdHandle |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CreateFileA KERNEL32.dll::GetWindowsDirectoryA |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.