MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6fd67f6f97b12e9c521c165db7d021c9c86ac1f45582692a8972090f20a9a6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6fd67f6f97b12e9c521c165db7d021c9c86ac1f45582692a8972090f20a9a6d
SHA3-384 hash: ac75a80519defb7db508a4ac2e955b96f0a88b37decd5769fec324408417aa126e8b99090761e2e6dc0e0a9f95a64f88
SHA1 hash: a96ec53ab0512413a3b30b05a2ce64eae1f2d794
MD5 hash: 4563650ab15d157e0985c970cfa22841
humanhash: whiskey-wisconsin-ack-magnesium
File name:e6fd67f6f97b12e9c521c165db7d021c9c86ac1f45582692a8972090f20a9a6d
Download: download sample
File size:73'564 bytes
First seen:2020-03-30 07:07:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 577281582380412c8d578a7a73a31315
ssdeep 1536:dLCktAPFHrn2F08M4eBIOpnzRIA2InmbeHUyDIQtC7irYI8vGCU0P3tXJYYDvkBY:tCktAZF8M4aJdIAZmiVDz+4r8+CU0f7d
Threatray 46 similar samples on MalwareBazaar
TLSH 0B73F103F7CC9C1AD2B3057121F3BA06B494EE852713DB5B9648393EEA796B26889705
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.PrivateExeProte-16
Create hunting rule

PUA.Win.Packer.AcprotectUltraprotect-1
Create hunting rule

PUA.Win.Packer.Anti-28
Create hunting rule

PUA.Win.Packer.Anti-29
Create hunting rule

PUA.Win.Packer.Nspack-26
Create hunting rule

PUA.Win.Packer.NPack-3
Create hunting rule

PUA.Win.Packer.Nspack-1
Create hunting rule

PUA.Win.Packer.Nspack-25
Create hunting rule

PUA.Win.Packer.Nspack-22
Create hunting rule

SecuriteInfo.com.TR.Obfuscated.EH.277.18813.30058.11923.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2011-06-05 01:20:00 UTC
File Type:
PE (Exe)
Extracted files:
21
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
42cca3ae2e4d971b4bd7acc8b205c22ba675aa08b760aac654514c5578d74dc2
6574682ea4a359ed97cfe9b00a4a76c8c1fa9833a5c9525ea3bc8409bac93f3c
7ea1a202effd978ba1f87e351f8d181d503e839d3cc2ef36c08961738a38bdb5
8168819cb693a3a04f771ee119ca00e631a74f09419ad295c5088f1e7a430e98
84581968dd8c3480b3f0dcc2cd0cffa26542bb8cb79c8150f2be5ea5afd1b6b1
971fd2053d4a62223302474c983169287b78918339c7779fc9eadaafde0c8e2e
9a06e82fbe300512f791edae916c94a5d9fe6ba93072545ecd6e12b4e234b240
b82b7a6c942551964c3bd0b159dc4af1fb7deb945476183279092328228bd7a9
ecc9d224a17d90915911101403c8e043dfaebdb1f91b777ab7aaafff5473e7b7
+ 36 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e6fd67f6f97b12e9c521c165db7d021c9c86ac1f45582692a8972090f20a9a6d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/201979/
  
URLhaus
https://urlhaus.abuse.ch/url/201863/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high
Reviews
IDCapabilitiesEvidence
SHELL_APIManipulates System ShellSHELL32.DLL::ShellExecuteA
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.DLL::RegCreateKeyExA

Comments