MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b34f4f5846c7e9eec8e0307a78a942ec9fd6dc761e419fdd9b3a04b944ac85ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b34f4f5846c7e9eec8e0307a78a942ec9fd6dc761e419fdd9b3a04b944ac85ab
SHA3-384 hash: a985d18280897e4f94836557c478d9e3368b62274fb1819b58ab24b49df0cfb5133b6e8d75c1bb3835b2f4d553031590
SHA1 hash: f3d5c16b877969d128a752a7cda2b0386fa3c16c
MD5 hash: bef7462201cbcda1080c491d48e485d5
humanhash: july-butter-zebra-ten
File name:t7p4covj.exe
Download: download sample
File size:710'656 bytes
First seen:2020-04-25 12:29:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5b31087ed73058a6c267a39ffffbf334
ssdeep 12288:EDbhcp/O3W9YS5u1PzSkusOitpZbWSVVI2S0Utk:ytS5QjusdhbWOVDSJ
Threatray 48 similar samples on MalwareBazaar
TLSH E8E4C302F2A0F4A1CC546E7D0D9F82904AFD3EDCB2F062C63604E954A66F570D997E6E
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Inject
Create hunting rule
Status:
Malicious
First seen:
2020-04-24 03:45:00 UTC
File Type:
PE (Exe)
Extracted files:
50
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
suspicious
Similar samples:
2ba260d53db88ea6ae79af42f97eaa2e22c5fcb0f3e788057ef6e5dc40cd3060
39067a6a8ac06d60189b34afbb9acd73e8e33aba91653c39a037c2f78f972f29
3a2ffd78111d04ce8986e867c0ed71f258e814b302868faa887fa6138cfb8827
68657be04f5b550fec4671437e5dc5849408eada96f5ff44cb0972b0e28ca5be
9ed5eeffd9f937a6da2a7e6546bdeb3df216d5857b17d2eb320132db8e298ffc
b6929c10554b2ec977acdf9dbe47dc28fc35fb67c0fbaddca9486dadc72d545f
bcc826091ec71230947aa1916263434935a58ffe5977cf415b1d970633939652
c3820448fb9d548a6e581c0fbf4bb3716d2cb945ba790a8fab3fd02ac3ec844b
ef0e8df5c700e64d5d2e8dde4c9b5c117abfc919c676ff383019c585e8e367b0
f6d53e15abbb9743eabf99eb208843494ba8092d426e253ff96bf00b6271c068
+ 38 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::AllocateAndInitializeSid
ADVAPI32.dll::FreeSid
ADVAPI32.dll::SetEntriesInAclA
ADVAPI32.dll::InitializeSecurityDescriptor
MULTIMEDIA_APICan Play MultimediaAVIFIL32.dll::AVIFileExit
AVIFIL32.dll::AVIFileGetStream
AVIFIL32.dll::AVIFileInfoA
AVIFIL32.dll::AVIFileInit
AVIFIL32.dll::AVIFileOpenA
AVIFIL32.dll::AVIFileRelease
NET_SHARE_APICan access Network ShareNETAPI32.dll::NetShareGetInfo
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::GetPrivateObjectSecurity
ADVAPI32.dll::SetSecurityDescriptorDacl
SS_APIUses SS APISecur32.dll::QueryContextAttributesA
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
IPHLPAPI.DLL::IcmpCloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::FillConsoleOutputAttribute
KERNEL32.dll::FillConsoleOutputCharacterA
KERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetConsoleCursorPosition
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleScreenBufferInfo
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryA
KERNEL32.dll::CreateFileW
IPHLPAPI.DLL::IcmpCreateFile
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameA
WIN_HTTP_APIUses HTTP servicesWINHTTP.dll::WinHttpOpen
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExA
WIN_SOCK_APIUses Network to send and receive dataWS2_32.dll::WSAIoctl
WIN_SVC_APICan Manipulate Windows ServicesADVAPI32.dll::GetServiceDisplayNameA
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuA
USER32.dll::PeekMessageA
USER32.dll::CreateWindowExA

Comments