MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc8487f444ed159dc422bc062c47141357eb64fc49838e5bfd758e05a8317343. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc8487f444ed159dc422bc062c47141357eb64fc49838e5bfd758e05a8317343
SHA3-384 hash: 5acf79cfcee0ab1431fd1625dc3e9be0fa962ece528f341a5e79e82b83dc72e891ce8e09afb50fbae1f58e2b900f4bbd
SHA1 hash: 3ee2224fdd93c5fa316a5e746fbeafaf6edaaf5b
MD5 hash: 2261d32bf910c735462095d114fefbac
humanhash: jig-december-eight-oxygen
File name:CRYPTED.EXE
Download: download sample
File size:1'214'727 bytes
First seen:2020-04-03 13:36:20 UTC
Last seen:2020-04-03 14:34:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fa6dddfb7d5cb1e885311d84acc518e8
ssdeep 12288:iXJq4Kq3RqXszKTAL6FQDxfWv92xmdJekfoCE/f3Bkqj5Vbn48A4P/Zts6PQ0piX:ikXs+m6FQdVmTekflefeK54eHsOj+bp
Threatray 29 similar samples on MalwareBazaar
TLSH 1845AE27FD78255DE50300702A6DAAA919617C3C5182DD4BB794BEED28B21D3E8E432F
Reporter Jirehlov
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Gamarue-7650639-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 23:37:27 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
118dd258630c48b0beacd8b4c04c9c9cd3b9f698b660b6a904b1dfc033e00cd1
23cfbb0bf1e110a79678f45c29897e6090b660d3df420bbb916fc3f1bc12eead
268953af63bad4895dd06c024fd1ec2af2c134623a0e100e26894e4d6bab741e
58290a95e1795ec7312e4ce26bfff7e0fb7a620a3aac2627d3ae6c83f5a4bf60
6269fd417f93e7c0d7cab576b35dc3b6f6a58c0f04e75533bad84987c228f0e6
75fa551eec71d6d8b9817266813715c2bbb7a537005587f9f1e0d058a05febc6
8597f458f1dcc5ecdf209d9c98b1f72c2fce2486236a3ae73adbe26fb6f9c671
8b9bdc5cf5534d377a6201d1803a5aa0915b93c9df524307118fd61f361bdba2
a50c5d39fc21ccc51d78d76bbec723414f505f40a56961ac00b567ba0d5bda36
e7d2deba4fccbea79ffa209ebe0ce49f98aecfb340c8d6ec3ea1773cb12cb07e
+ 19 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaExitProc
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen
MSVBVM60.DLL::__vbaLateMemCallLd

Comments