MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e34a91674a3a3aed881705d2f7deee4607a96a9abeb1a4a8fcbdbc9a3a560937. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e34a91674a3a3aed881705d2f7deee4607a96a9abeb1a4a8fcbdbc9a3a560937
SHA3-384 hash: cb3f9a144261cbc3365f1f674201e28008649826c2a867443076183eb71de515ef0a8e663536a833ab5a25cd635dce05
SHA1 hash: 81cac91aa746717a7f409998e8e493d11aaa3171
MD5 hash: 75bd073590ec27f24b783ecec41ee72a
humanhash: wisconsin-sixteen-high-double
File name:e34a91674a3a3aed881705d2f7deee4607a96a9abeb1a4a8fcbdbc9a3a560937
Download: download sample
File size:602'840 bytes
First seen:2020-03-23 16:25:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 12288:2lXARcYnn7jIFGMGS9USMUDasjfW+/CkJubsqiF5+8JLhba:2lX/Yn/IF+0U3FsWaDisqWDLhba
Threatray 5'941 similar samples on MalwareBazaar
TLSH B0D4BD367E7770EDE5587C30A2189FE77EB89A8828DCAE7923C558C22864B1137D34D4
Reporter Marco_Ramilli
Tags:exe

Code Signing Certificate

Organisation:Symantec Time Stamping Services CA - G2
Issuer:Thawte Timestamping CA
Algorithm:sha1WithRSAEncryption
Valid from:Dec 21 00:00:00 2012 GMT
Valid to:Dec 30 23:59:59 2020 GMT
Serial number: 7E93EBFB7CC64E59EA4B9A77D406FC3B
Intelligence: 85 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 0625FEE1A80D7B897A9712249C2F55FF391D6661DBD8B87F9BE6F252D88CED95
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.TR.Dropper.MSIL.lrhg.11582.7206.16917.UNOFFICIAL
Create hunting rule

PUA.Win.Trojan.Generic-6629273-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2016-04-07 07:06:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2b595bebceff46c9b833e8780fce9bcbc7aace47dfffbb89fca8e42606b5e281
2e2ac9d4b75c33626c14197dc15c3e92552952cb32c69014bb1b7424e37a758b
56b02707b5f12fd4e8f79fdd9dd9f7eb82394798317a76e499c7d0d659b2d759
5e19889ca24913c6ae660e416467cd2f90f15806d2b1492993874e3d17ebd101
95acc9e5d834d2fbd969547ccac5209bb66cffe2fcf772ba33267423961d3fd9
99098b282b5a2190cdb362bd92f8ce2b42dc70121c91680b318fe5aa2443c815
d12d7f07071e59df09d70cae377fc3e41b35a098d5096f7437ce17b59f74fd64
e140db160590e9d59bcba114a517f2478eac1f730f639487029f2df1bc8d8cc6
e83be3e4db904d9f9896cd039170dc3fba0f316b6be60affea209aae96da71b8
ffb4e1b5e6ac64c969e3f90351eb0d401146f266b6678dfbff611faaf15a311f
+ 5'931 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e34a91674a3a3aed881705d2f7deee4607a96a9abeb1a4a8fcbdbc9a3a560937

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/182375/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments