MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ddf4d27a2b4cae996cf26fce922c42fec11a94b16200c545ad46a6c6f05807f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ddf4d27a2b4cae996cf26fce922c42fec11a94b16200c545ad46a6c6f05807f7
SHA3-384 hash:	9edf60074cfda59cdda4a2db8395f41adb73afa22aee0489029ac312abbe58e6cfc1263fbe8d309f2b6ff5b95480cbb6
SHA1 hash:	beb4b7868a2dc63a87778d9f577b863ab0922ef5
MD5 hash:	f24f9d861cc8bad5e20d0e383e2dfd67
humanhash:	speaker-eleven-burger-stairway
File name:	Invoice_XDF_-_B85FG6304_-Swift_M103_XDF_-03-06-2019.exe
Download:	download sample
File size:	1'249'008 bytes
First seen:	2020-04-30 07:35:47 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0557e1a8939cf64fb98c6942702502b5 (1 x RemcosRAT)
ssdeep	24576:Cd2tBEmuN9NRDH7jil1ylVD9wrl8wV07NR3B0ioPAk:DEfjznil1ynD0FeB+P5
Threatray	121 similar samples on MalwareBazaar
TLSH	A04558CAB8B45007FA0F48FAAD2176F4B0EE05D41D2296DDD4E16B67FE6C96C2425383
Reporter	jarumlus

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-6

PUA.Win.Packer.Upx-4

Win.Trojan.Remcos-6987786-0

Gathering data

Threat name:

Win32.Trojan.Gorgon

Status:

Malicious

First seen:

2019-06-04 01:26:18 UTC

AV detection:

23 of 31 (74.19%)

Threat level:

5/5

Verdict:

malicious

1277fd7e4728260ccae03685b2f440fdacc2608ff561bce62c15804e7b79042e

4bc2bef4300c94e7fc40ccd7044efd4f907d511d8b4776bd928992125dba5371

62d2e3131e68b84b46765a9faa25e2173fa546fd875b99fac3422e7e02a84738

7acf7bc635e79515685759c8b4673d69245730d1e77dac430e093d7869e06e11

83acd77bd1b76095992046c1cd53fd0fb4f0ae9f22f410facf174f4e1ce2f475

a02b84b2c2fad7ba6ccd785017e5f64fe9bd1251fc3fb3cc04175d5a904568b1

a669b5e58436d707da7a4a3ac92ea7aa9b2fd08692f081158574308106fb2e57

a66d1021e54269963e9a54892869d569ffa1c74d9fb1b67f023ea5fdfd90c1a6

d8dbc896602791f2398a1af843abb3fba4927066b1b0c47228646354c6150fec

+ 111 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
SHELL_API	Manipulates System Shell	shell32.dll::ShellExecuteA
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample