MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cacc32ab0a1880afd74a040e8211662789cb70b252c25cb2d5971b707455ff5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	cacc32ab0a1880afd74a040e8211662789cb70b252c25cb2d5971b707455ff5d
SHA3-384 hash:	1a2542c511ce7209e271b1b20b7dc62371aed58e04385975a8cd9e1c5a09caee930f3dc6d7de18fdcf51fccede057422
SHA1 hash:	af85a187ad3fbbe985f77f0a4b492cd78c041d17
MD5 hash:	e0175eecf8d31a6f32da076d22ecbdff
humanhash:	ohio-finch-zebra-oxygen
File name:	iec56w4ibovnb4wc.onion_Library__GreenbugAPT__ISMDoorx64.bin.malw
Download:	download sample
File size:	931'328 bytes
First seen:	2020-03-18 22:14:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4595293a8ae1f65a64130a9605dc76c7
ssdeep	12288:XBJmM8sxaM2add/OP94zHA4ahi4Vr5P4XwJ8+q+qk+wFc65sYo/PkM+5rQRCLjj8:XBJmM8X8iqwD5kmrwCXMOT4dS99
Threatray	5 similar samples on MalwareBazaar
TLSH	41156C197E6850F4D077C23A89D65657F3B2748A1B359BCB02A5036E3F23AE15E3E321
Reporter	ov3rflow1
Tags:	malw

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PWS.Ismdoor.4.29069.31892.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/6924

Behaviour

Behavior Graph:

n/a

Gathering data

Threat name:

Win64.Trojan.Denes

Status:

Malicious

First seen:

2017-10-12 00:45:00 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

41 of 48 (85.42%)

Threat level:

5/5

Verdict:

malicious

51d91b71a89d7c01a19fa0e7f4b28f9badeb2dbec1bc413da11645c575853040

a66d1021e54269963e9a54892869d569ffa1c74d9fb1b67f023ea5fdfd90c1a6

ab4ce25341baa2cc478faf507ff28a8c93b1320f243ced073c10ad2b6c6e1476

f18081303b2e06b3bb5c6503a78350a1298dbc650a6bfa9961e3bf6e522d7a83

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cacc32ab0a1880afd74a040e8211662789cb70b252c25cb2d5971b707455ff5d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (GUARD_CF)	high

Reviews

ID	Capabilities	Evidence
GDI_PLUS_API	Interfaces with Graphics	gdiplus.dll::GdiplusStartup gdiplus.dll::GdiplusShutdown gdiplus.dll::GdipGetImageEncodersSize gdiplus.dll::GdipGetImageEncoders gdiplus.dll::GdipAlloc
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CreateProcessW KERNEL32.dll::OpenProcess KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryW KERNEL32.dll::LoadLibraryExW KERNEL32.dll::GetSystemInfo KERNEL32.dll::GetStartupInfoW KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_API	Can Execute other programs	KERNEL32.dll::WriteConsoleW KERNEL32.dll::ReadConsoleW KERNEL32.dll::SetConsoleCtrlHandler KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleWindow KERNEL32.dll::GetConsoleMode KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::CreateDirectoryW KERNEL32.dll::CreateFileA KERNEL32.dll::CreateFileW KERNEL32.dll::DeleteFileW KERNEL32.dll::MoveFileExW KERNEL32.dll::GetWindowsDirectoryW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample