MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 b1bfc64b0b5890c39650f9ec6a12bb8b7c4b84654de8898d694f199f359b12a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | b1bfc64b0b5890c39650f9ec6a12bb8b7c4b84654de8898d694f199f359b12a5 |
|---|---|
| SHA3-384 hash: | fc3974c3bf011ea5944fe9607d772a8d5ce06e28065562b8beb2d25cc9669d81f214d851d3607340aca44a600d67e6a9 |
| SHA1 hash: | fe4be72f2db592acc47a2b9809f77af86eb30b09 |
| MD5 hash: | e2ff7edc253e402e457c311df047f211 |
| humanhash: | march-nine-lemon-river |
| File name: | b1bfc64b0b5890c39650f9ec6a12bb8b7c4b84654de8898d694f199f359b12a5 |
| Download: | download sample |
| File size: | 192'000 bytes |
| First seen: | 2020-03-23 18:49:28 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | d84a1f1a5f6dc478461d88b1a559382f |
| ssdeep | 3072:swb0q3HXYqT77W6UkEiR3uKBZpwBzkrD/QZ5HGnPOCCdHapWxoYOglFlJQKEDG:f0hqHRtLEG0HfobcGvD |
| Threatray | 1 similar samples on MalwareBazaar |
| TLSH | 6D14F6213DA3C171C2B224334F7AA696D534B4248B13E1ABF2D8176B1F9D153C92BED6 |
| Reporter |  Marco_Ramilli |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Gathering data
Threat name:
Win32.Trojan.Medfos
Status:
Malicious
First seen:
2013-06-22 07:13:00 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
24 of 31 (77.42%)
Threat level:
2/5
Verdict:
malicious
Similar samples:
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe b1bfc64b0b5890c39650f9ec6a12bb8b7c4b84654de8898d694f199f359b12a5
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_NX | Missing Non-Executable Memory Protection | critical |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::GetCommandLineA |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.