MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce5dd2a198662ab42807ac04f6896b2f7848b1cdb5015b8ab4744f0e1dd0f648. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce5dd2a198662ab42807ac04f6896b2f7848b1cdb5015b8ab4744f0e1dd0f648
SHA3-384 hash: f4a24ec6cf2338d73d5a74ca6d47747aaa2400cdbc5a635a284630cab8e615cbea21e88905bcbbac8ec26db58788b0c8
SHA1 hash: e6363f6cd567dcf70c7e3187029683ad53238f0b
MD5 hash: 872201241f76304ee1b91dfd66c6eec8
humanhash: magnesium-romeo-cold-west
File name:SecuriteInfo.com.Trojan.DownLoad4.13721.32486.11943
Download: download sample
File size:933'656 bytes
First seen:2020-04-07 16:39:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8bf75f81dba6a5df5012ea0db322fdb9
ssdeep 24576:jCs2y/xLjSQT+PKiuu6Gx49X3+k6dbIs2:jX+iQxnk6dEs2
TLSH 9C158C17F9F6C432C1624A718E93CEAE36A4BD840D62548333DC7E1D2CF5B19323666A
Reporter SecuriteInfoCom

Code Signing Certificate

Organisation:s-car d.o.o.
Issuer:DigiCert EV Code Signing CA
Algorithm:sha1WithRSAEncryption
Valid from:Mar 12 00:00:00 2020 GMT
Valid to:Mar 8 12:00:00 2021 GMT
Serial number: 0962BDC2F79146C9CBAF03FC33403EC2
Thumbprint Algorithm:SHA256
Thumbprint: 4A2CEB677C34E63E0AADCDF57683A41A1DE7DA6B477F07E4BFE034720DF45587
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoad4.13721.32486.11943.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-03-17 05:53:37 UTC
File Type:
PE (Exe)
Extracted files:
52
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Verdict:
unknown
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ce5dd2a198662ab42807ac04f6896b2f7848b1cdb5015b8ab4744f0e1dd0f648

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/336166/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CLSIDFromProgID
ole32.dll::CoCreateInstance
ole32.dll::CoFreeUnusedLibraries
ole32.dll::CreateStreamOnHGlobal
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteA
SHELL32.dll::SHGetFileInfoA
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetDriveTypeA
KERNEL32.dll::GetVolumeInformationA
KERNEL32.dll::GetStartupInfoA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WinExec
KERNEL32.dll::SetConsoleCtrlHandler
KERNEL32.dll::SetStdHandle
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileA
KERNEL32.dll::CreateDirectoryA
KERNEL32.dll::CreateFileA
KERNEL32.dll::DeleteFileA
KERNEL32.dll::MoveFileA
KERNEL32.dll::GetWindowsDirectoryA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyA
ADVAPI32.dll::RegCreateKeyExA
ADVAPI32.dll::RegDeleteKeyA
ADVAPI32.dll::RegOpenKeyExA
ADVAPI32.dll::RegOpenKeyA
ADVAPI32.dll::RegQueryValueA
ADVAPI32.dll::RegQueryValueExA
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuA
USER32.dll::FindWindowA
USER32.dll::PeekMessageA
USER32.dll::CreateWindowExA

Comments