MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6929c10554b2ec977acdf9dbe47dc28fc35fb67c0fbaddca9486dadc72d545f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	b6929c10554b2ec977acdf9dbe47dc28fc35fb67c0fbaddca9486dadc72d545f
SHA3-384 hash:	ff47e39f76bd57c986cc3d1f941f6ae20eb729d2d9284876dc9b4ed82478ef2cb3d27fc2023ddfbdade9e70f59d0d80f
SHA1 hash:	82cd4c648589490a955c895e7bf3500d0d6a39d9
MD5 hash:	4ff61b61152349015403583476eb22e1
humanhash:	fruit-mountain-carbon-saturn
File name:	6.exe
Download:	download sample
File size:	1'044'944 bytes
First seen:	2020-04-14 23:18:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	2f486b6fe731f492ce309b7321257269
ssdeep	24576:W5lKQpx/cAoecd5694SNAEcM6aahHzAtZUXDD3C5ZDgAl0B:wvO69zXcFaaEZUX/y5ZUm0B
Threatray	214 similar samples on MalwareBazaar
TLSH	DE25CE12FAE4C075E5B326707E61D77856AAFC60A934410A36C43E3D4E3FA919A36337
Reporter	Jirehlov
Tags:	exe

Code Signing Certificate

Organisation:	VeriSign Class 3 Public Primary Certification Authority - G5
Issuer:	VeriSign Class 3 Public Primary Certification Authority - G5
Algorithm:	sha1WithRSAEncryption
Valid from:	Nov 8 00:00:00 2006 GMT
Valid to:	Jul 16 23:59:59 2036 GMT
Serial number:	18DAD19E267DE8BB4A2158CDCC6B3B4A
Intelligence:	2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	9ACFAB7E43C8D880D06B262A94DEEEE4B4659989C3D0CAF19BAF6405E41AB7DF
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Adware.Browsefox-6628766-0

PUA.Win.Trojan.Generic-6629273-0

PUA.Win.Trojan.Generic-6629274-0

PUA.Win.Downloader.Aiis-6803892-0

PUA.Win.Downloader.Firseria-6804617-0

Gathering data

Threat name:

Win32.Trojan.Sodin

Status:

Malicious

First seen:

2020-04-09 17:25:49 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 31 (77.42%)

Threat level:

2/5

Verdict:

malicious

2d7f9d04c5f1764ae45a4e2ec4100cf20c51099431135745aaa074c7117cc4a5

37b8da186e1d26247f942dab67b5d6d24e0acb0d7fc3c583d4cad99fb36c2bc6

398d4864124ae02d29a19aebd6a44ddc66d50afcf32d5f318f0ece68b5139b51

3ead2416f8ac1dc533b9506caa0e34f4bc16eb36b946f77a845f58d371a68566

4aee79733f02aa31ced0b6a0672d67cc6b0e0f7e0fc8654b8981c529046d9b7c

8ab5753e0dd8b4a54a0cc842bb2b53c97ed33d90bcc445ce4de58d1df9dc9060

ba5ad1edfdfaecc2becdd7f08922be08b37450556a503e3bd06119ba57facef0

cb0373b35abf4b089be60e714ee415d3491ddc2cffcfb45b84a87a3a106c822f

e9e5459e32521a8ca1c075a96d3358337919321f5d149fe3a8cc5f6f57b33923

+ 204 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Reviews

ID	Capabilities	Evidence
COM_BASE_API	Can Download & Execute components	ole32.dll::CoCreateInstance
GDI_PLUS_API	Interfaces with Graphics	gdiplus.dll::GdiplusStartup
MULTIMEDIA_API	Can Play Multimedia	AVIFIL32.dll::AVIStreamLength AVIFIL32.dll::AVIStreamStart GDI32.dll::StretchDIBits
RPC_API	Can Execute Remote Procedures	RPCRT4.dll::RpcStringFreeA
SECURITY_BASE_API	Uses Security Base API	ADVAPI32.dll::ImpersonateLoggedOnUser
SHELL_API	Manipulates System Shell	SHELL32.dll::SHGetFileInfoA
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::GetVolumeInformationA KERNEL32.dll::GetSystemInfo KERNEL32.dll::GetStartupInfoA KERNEL32.dll::GetDiskFreeSpaceA
WIN_BASE_EXEC_API	Can Execute other programs	KERNEL32.dll::WriteConsoleA KERNEL32.dll::WriteConsoleW KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleCP KERNEL32.dll::GetConsoleMode KERNEL32.dll::GetConsoleOutputCP KERNEL32.dll::GetConsoleWindow
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::CreateFileA KERNEL32.dll::DeleteFileA ADVAPI32.dll::GetFileSecurityA KERNEL32.dll::MoveFileA SHLWAPI.dll::PathRemoveFileSpecW ADVAPI32.dll::SetFileSecurityA
WIN_REG_API	Can Manipulate Windows Registry	ADVAPI32.dll::RegCreateKeyA ADVAPI32.dll::RegCreateKeyExA ADVAPI32.dll::RegDeleteKeyA ADVAPI32.dll::RegOpenKeyA ADVAPI32.dll::RegOpenKeyExA ADVAPI32.dll::RegQueryValueA ADVAPI32.dll::RegQueryValueExA
WIN_SOCK_API	Uses Network to send and receive data	WS2_32.dll::freeaddrinfo WS2_32.dll::getaddrinfo
WIN_USER_API	Performs GUI Actions	USER32.dll::AppendMenuA USER32.dll::CreateMenu ole32.dll::OleCreateMenuDescriptor USER32.dll::PeekMessageA USER32.dll::CreateWindowExA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample