MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6ecdcbcef032e55ae31566502d143934817fae46c872b446b11756ed5582f27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	e6ecdcbcef032e55ae31566502d143934817fae46c872b446b11756ed5582f27
SHA3-384 hash:	63fdf0f6011794f88b65a30e0c8ae78d85db2174c6adae2b111e4c37a12a54583875335cadd6da5ab810ce0860729bd7
SHA1 hash:	0ff4f2a472ee737adb7dbabd3128ef0ba99852ed
MD5 hash:	7c9f5fcd29448077c403548f35fa818c
humanhash:	yellow-pip-sierra-two
File name:	e6ecdcbcef032e55ae31566502d143934817fae46c872b446b11756ed5582f27
Download:	download sample
File size:	191'805 bytes
First seen:	2020-03-23 16:27:19 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep	384:DTEXJTHQ3YbFfa0kPKfWKtjKi6M3NLy/LrP:nEX9ZbwnKTKhM9LyTD
Threatray	62 similar samples on MalwareBazaar
TLSH	48143A667A46D043C41A3978CC9AE0FDAA327F25EC4056137AE8776F39BB304D81A714
Reporter	Marco_Ramilli
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Trojan.Packed-1536

PUA.Win.Packer.Fsg-46

SecuriteInfo.com.Variant.Symmi.87010.10445.23647.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Pasta

Status:

Malicious

First seen:

2011-07-07 21:23:00 UTC

AV detection:

23 of 29 (79.31%)

Threat level:

2/5

Verdict:

malicious

32432fd3265fd75bcc8b68b1ccc0fb23914ecf6e4e4724ffb76235e5f74dec55

4559945017fcab5a492d4e7e5ea25d80ef8c27af4bcb72cb98b1e5e76077d21a

534d60392e0202b24d3fdaf992f299ef1af1fb5efef0096dd835fe5c4e30b0fa

82686d76af9091e9988d8814900e65641e76d1cbedb261b9496a87708f7dd01f

8b5118ba1223c3aa351e6def9781aa38a8ee565c6103c9e8db9c0db392afc6f5

9a06e82fbe300512f791edae916c94a5d9fe6ba93072545ecd6e12b4e234b240

a7c37af821063d0a3be82a621e332f48c89bd83bec9c3ad092d4e357813c7e66

ab5f254a91426311df7fe85d3442b62c7b69dd1c6e444ef725ddcba5a06ac961

d447a466b5bed2daffcd7a3ea6fea93a8d9fa32d62eadbf834d3a8713da05a4a

+ 52 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe e6ecdcbcef032e55ae31566502d143934817fae46c872b446b11756ed5582f27

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/144512/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample