MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 baf5a4d8895b91205e8e83f4899546031020b8be5ef1adb543a5289a8baa6568. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	baf5a4d8895b91205e8e83f4899546031020b8be5ef1adb543a5289a8baa6568
SHA3-384 hash:	50b9412252b23308609830f3924213516af9cb3e1dde05c90f36d641248a44577e74991a11d1025079ff162bfa560df4
SHA1 hash:	e119d237fe730112fef7c8d8ee36d06e083d150c
MD5 hash:	07138aec070b27a80e7ae1fe273c05a2
humanhash:	friend-zebra-maine-leopard
File name:	SecuriteInfo.com.Variant.Ulise.102882.738.461
Download:	download sample
File size:	384'000 bytes
First seen:	2020-03-18 15:08:10 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	506ee0dcf6be078c5b781c66607c291c
ssdeep	6144:sBhX1VLyXidI3XtbNtNjrMUdVMuWVYgneulcVBMYU9ieIRQOHe1itiU4pN1jg:MhXLLyXii3XTTjgSV7W5ny7uieILHe1J
TLSH	E6847A133E59D433E8922AB8CD56CAF59624BC59CF3486C736C4BF2FAD392829471319
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.PrivateExeProte-11

SecuriteInfo.com.Variant.Ulise.102882.738.461.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Cridex

Status:

Malicious

First seen:

2020-03-18 17:45:29 UTC

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/baf5a4d8895b91205e8e83f4899546031020b8be5ef1adb543a5289a8baa6568

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll baf5a4d8895b91205e8e83f4899546031020b8be5ef1adb543a5289a8baa6568

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/326307/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryW KERNEL32.dll::GetStartupInfoW KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_API	Can Execute other programs	KERNEL32.dll::WriteConsoleW KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleCP KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::CreateFileW KERNEL32.dll::GetSystemDirectoryA KERNEL32.dll::GetTempPathA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample