MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bde46cf05034ef3ef392fd36023dff8f1081cfca6f427f6c4894777c090dad81. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	bde46cf05034ef3ef392fd36023dff8f1081cfca6f427f6c4894777c090dad81
SHA3-384 hash:	58551edb78540e63af288a1e0ebd12ced4fda0146419ea09b9acc59bcab740d1ac0b0b5e6e6a25f1ba7b90e14ac9d8a9
SHA1 hash:	65436afdf7deb547a2fe7610412a10b90d605145
MD5 hash:	34583a6382fc732c97be1688bd457610
humanhash:	kentucky-uncle-oxygen-zulu
File name:	VNCMod.exe
Download:	download sample
File size:	549'888 bytes
First seen:	2020-04-03 14:03:23 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e86d03a5fa56dd4a7ffb51faff70e1a6
ssdeep	6144:vUBU3RPqmoE38tqFkxJ9E204c2uFFTGXWAYQ6XHmhPDEp45pLd6F:JRuE3jFCNpuzTGmHQAHWpLd6F
Threatray	950 similar samples on MalwareBazaar
TLSH	14C4AF11B3D40C72E9BB46788A675B06D7FABC121634DB4F53908E9A1F33352BA29353
Reporter	James_inthe_box
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.NspackDotnetNor-2

PUA.Win.Packer.NspackDotnetNor-1

Win.Dropper.Miner-7086570-0

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Invader

Status:

Malicious

First seen:

2020-02-27 00:16:40 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

29 of 31 (93.55%)

Threat level:

5/5

Verdict:

suspicious

1c08cf3dcf465a4a90850cd256d29d681c7f618ff7ec94d1d43529ee679f62f3

1f6a8fd32a14dd74a23ad8e588d3543120b254290283d6092693d564ea0fc265

25a419f3b2963cf24fda8824b538b67dc73fd2e4d32e73cd5bfdf935c61769dd

26cb425375a7613736c367866d0b79b8b7d8845437ec88e87bc83146445f892e

40ac8e128b78d30d49accda865a6ca90a23cf7b7e5f31042c7df55a9fe1b5af4

b3d36e86a478b5223968e34ca51bff54002eb9b1a01ef26d8b657d49dd4dd831

d6031bb15fd16cac9b514985035e18f08f0beaaa0542a66274467cb66e76a8fd

e2d6b8bc603260f1a7564a044523d230c31c8d873deabb579cae90b88f1b92b9

e99398f753e61710eaea626dc778a19fc47a34f103b5ff1daaa0d7ad7f6432c4

+ 940 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Reviews

ID	Capabilities	Evidence
KERNEL_API	Manipulates Windows Kernel & Drivers	ntdll.dll::ZwClose
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CreateProcessW KERNEL32.dll::OpenProcess KERNEL32.dll::VirtualAllocEx KERNEL32.dll::WriteProcessMemory KERNEL32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::LoadLibraryA
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::CreateFileA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample