MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 bca94673146a9b4a47b85b41808b4068ca5e0b15b42deda0dc31a1db9f6b5e7a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 4
| SHA256 hash: | bca94673146a9b4a47b85b41808b4068ca5e0b15b42deda0dc31a1db9f6b5e7a |
|---|---|
| SHA3-384 hash: | a04bcd964ffbb35ca48fb57a1779ee8c30d97f2cd72640a38078621a6dd9dc292dbf1fefeaa57f3743fac2fb0ed134de |
| SHA1 hash: | 980d32328ef9b5b3e2648c7bf11bc8741fb0cf8a |
| MD5 hash: | c96a9ce47f233b6361d87a87a2aa0be0 |
| humanhash: | mobile-single-hot-five |
| File name: | 82FmYNvG7c-c96a9ce47f233b6361d87a87a2aa0be0.exe |
| Download: | download sample |
| File size: | 1'031'144 bytes |
| First seen: | 2020-03-19 07:35:19 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 00be6e6c4f9e287672c8301b72bdabf3 (116 x RedLineStealer, 70 x AsyncRAT, 55 x AgentTesla) |
| ssdeep | 24576:8NA3R5drXzJ8mG6Xqu4Th2x0PIe47fqXAX4FQYcZRSnqJS1k:9518sMnlQX465RFak |
| Threatray | 233 similar samples on MalwareBazaar |
| TLSH | E2251202BAD044B2E5B31A32093DBB20A97CB5341F34D65EB3D8495ECA724D0A735BE7 |
| Reporter |  seikenDEV |
| Tags: | NanoCore |
Intelligence
File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2020-02-21 14:39:48 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
2/5
Verdict:
malicious
Similar samples:
+ 223 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe bca94673146a9b4a47b85b41808b4068ca5e0b15b42deda0dc31a1db9f6b5e7a
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| GDI_PLUS_API | Interfaces with Graphics | gdiplus.dll::GdiplusStartup gdiplus.dll::GdiplusShutdown gdiplus.dll::GdipAlloc |
| WIN32_PROCESS_API | Can Create Process and Threads | KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryW KERNEL32.dll::LoadLibraryExA KERNEL32.dll::LoadLibraryExW KERNEL32.dll::GetSystemInfo KERNEL32.dll::GetStartupInfoW |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::AllocConsole KERNEL32.dll::AttachConsole KERNEL32.dll::WriteConsoleW KERNEL32.dll::FreeConsole KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleMode KERNEL32.dll::GetConsoleCP |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CreateDirectoryW KERNEL32.dll::CreateHardLinkW KERNEL32.dll::CreateFileW KERNEL32.dll::CreateFileMappingW KERNEL32.dll::DeleteFileW KERNEL32.dll::MoveFileW KERNEL32.dll::MoveFileExW |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.