MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce0f73cf6d1f1ed4fd3e15c7fd70a6581215a93e6a45cdf2e64af68c4c1993af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ce0f73cf6d1f1ed4fd3e15c7fd70a6581215a93e6a45cdf2e64af68c4c1993af
SHA3-384 hash:	f8ad985f7065bdec998d3c05c76b88c3d0ab82a4952d04f93bc8ef37eab7d1e374fd0990c20d6ee42296ba4c42dba391
SHA1 hash:	c1067ab819ea676d7ab23a1dedd207833c5e711e
MD5 hash:	47eb5f12fe8c7b58621ec224a316800b
humanhash:	sierra-illinois-magnesium-salami
File name:	bla.exe
Download:	download sample
File size:	521'502 bytes
First seen:	2020-04-30 07:21:43 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	87472663e53e411a0454baf71f58d8b0
ssdeep	6144:nUdk2c60aIWt/Y8p5ruiC18v6Vgp9Uij23mnQ9WlGku5f2S1xQBMUFrCevOhD4xF:1360ogN18v6aljIOFGkmf2S1xiZDv+w
Threatray	41 similar samples on MalwareBazaar
TLSH	D0B4F1A407EB8A19D0F3907A51C807759F22AD563251D903E7AE1FF398A94DCB07B327
Reporter	jarumlus

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Copy_protect-1

Gathering data

Threat name:

Win32.Trojan.Gracewire

Status:

Malicious

First seen:

2020-04-30 18:34:44 UTC

AV detection:

23 of 31 (74.19%)

Threat level:

2/5

Verdict:

malicious

4a48467546d08abe1332b9b4684e07156b25681bf808744ab6500a4ff0d28c7b

508d78074875474e25946867b4ad45d4571018cd8026b73730e3cdc632c6c986

5b0334f87cdd0689007412142c2d22e362f252df22eb5ea5b4898710b59e1bb0

9ad7ce27ce7da3c4b2639771869b20b78fff34f32dab3355c2be2980e708ab07

9dd13e02121ff016438f0540d169df51ac44527eabc4116143d6e0b569dc1f99

acd7214a4c37bbfd55ea244080769e4c0daf59edb47b3abcddcf5874cdb3054f

c6a810bf84ea3fd17a282d2a10bec7811c79ff751d5dbcf9eb84cff95f1fd5ba

c8e25ee1363bbd595f4783537fc1028f427a8ed0d7a1940dab3bd67abfc53f85

e35b9feacfba1df802f9ed242775361f4317c22782f4e9e2dddd095577a72487

+ 31 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample