MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 b1edf0682b7141bf0f7bc1f18a02e74d3b81e2d03aa7427d81761267eabb57d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | b1edf0682b7141bf0f7bc1f18a02e74d3b81e2d03aa7427d81761267eabb57d5 |
|---|---|
| SHA3-384 hash: | c3d7fe0adaafdd5d32e4b7cb8921aa762918cfd3b63b83712894ed71345dc2c292de47ea3565a82711fd79bc5cbb69e7 |
| SHA1 hash: | d12d278a0b2553e9bd7853d3ae36e4ccb35419ef |
| MD5 hash: | d5503ae6cae9c99841855e3b82e7bc56 |
| humanhash: | hydrogen-iowa-colorado-fruit |
| File name: | SecuriteInfo.com.BScope.Trojan.Yakes.7065 |
| Download: | download sample |
| File size: | 2'199'552 bytes |
| First seen: | 2020-03-23 11:39:19 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | c9236d70c76a8822d39e4c3a2753dbde |
| ssdeep | 49152:Rg4XM8FmSsVywIw0VLEtQx3Bz5goVpxx+uibZTg2JnZwo0V6hZ1tE9:Rg4LFZ9NwIpv5gcbxNibZTggalI9E9 |
| Threatray | 35 similar samples on MalwareBazaar |
| TLSH | 08A51210F7948470F9A205B549F886F385377FE02BA0C69B6BD77E4D09B45D0AA723B2 |
| Reporter |  SecuriteInfoCom |
Intelligence
File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Gathering data
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2020-03-23 11:56:09 UTC
AV detection:
22 of 30 (73.33%)
Threat level:
5/5
Verdict:
malicious
Similar samples:
+ 25 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe b1edf0682b7141bf0f7bc1f18a02e74d3b81e2d03aa7427d81761267eabb57d5
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| COM_BASE_API | Can Download & Execute components | ole32.dll::CoCreateInstance |
| MULTIMEDIA_API | Can Play Multimedia | MSACM32.dll::acmDriverOpen AVIFIL32.dll::AVIStreamGetFrameClose AVIFIL32.dll::AVIStreamLength AVIFIL32.dll::AVIStreamStart AVICAP32.dll::capGetDriverDescriptionA WINMM.dll::mixerGetDevCapsW |
| WIN32_PROCESS_API | Can Create Process and Threads | KERNEL32.dll::CloseHandle |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryExW KERNEL32.dll::GetStartupInfoW KERNEL32.dll::GetCommandLineA |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::WriteConsoleW KERNEL32.dll::ReadConsoleW KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleMode KERNEL32.dll::GetConsoleCP |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CreateFileW KERNEL32.dll::GetTempPathA |
| WIN_CRYPT_API | Uses Windows Crypt API | CRYPT32.dll::CryptExportPublicKeyInfoEx |
| WIN_SOCK_API | Uses Network to send and receive data | WS2_32.dll::WSAIoctl WS2_32.dll::WSAStringToAddressA |
| WIN_USER_API | Performs GUI Actions | USER32.dll::FindWindowA USER32.dll::PeekMessageA USER32.dll::CreateWindowExA |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.