MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3d729dfd6184a700020ead229682256402641c540f57550c55f973a42e10e91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3d729dfd6184a700020ead229682256402641c540f57550c55f973a42e10e91
SHA3-384 hash: c59b2f8e45900afa92da299f403c61dd5ef8801b16cc8d7ce77bb256a6e4986f11702a439cabacd04ac858c4c95f49ea
SHA1 hash: e392c0eced520c7450381c370a4ebdff138ba6c0
MD5 hash: c82b3b6ecff120c37786d90f43507760
humanhash: early-crazy-king-asparagus
File name:e3d729dfd6184a700020ead229682256402641c540f57550c55f973a42e10e91
Download: download sample
File size:1'219'584 bytes
First seen:2020-03-23 16:27:12 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 6e6ca2b2f24dc16eb1a6f23bb2da3fa9
ssdeep 24576:QmB+5GSOQgpPsFAorCOQahQkISKyzrRCy++CLXObmTtIqZEK:Qx5GLpPiAkCOnuTSKa41XObmT/ZEK
Threatray 3 similar samples on MalwareBazaar
TLSH D4454A20B711C27ACA9E02F16D7CAE1E606D6AA50B6448C3E7CCAEDD2C754C35733A57
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.PUA.Wajam
Create hunting rule
Status:
Malicious
First seen:
2015-07-18 05:11:16 UTC
AV detection:
16 of 25 (64.00%)
Threat level:
  1/5
Verdict:
unknown
Similar samples:
e33dc5d4a3a46732206a4c01614a366e7bbf226942805cfefa1df3cf91326f13
e3e4453ce1861a8993409843b293ca2256227ae92d09d21e75448fd6cf1c7d2e
e92abbc6be63f3e1144c883a40f758f701c6c856eac30c9565c88a0d0f6881c0
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegOpenKeyExW
WIN_SOCK_APIUses Network to send and receive dataWS2_32.dll::freeaddrinfo
WS2_32.dll::getaddrinfo
WS2_32.dll::WSARecv
WS2_32.dll::WSASend
WS2_32.dll::WSASocketW

Comments