MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e993dc4733d3db72ebb90a0e2aa6c0e665ac6bb1679c5235ed8df88a9091dacd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NetWire

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	e993dc4733d3db72ebb90a0e2aa6c0e665ac6bb1679c5235ed8df88a9091dacd
SHA3-384 hash:	a161ddd6a0e96208d6729959e98c0607ad5d0356c017facee4b3486beb1b0935bae0f42c4d8a78f84e5db3b6dec6c56e
SHA1 hash:	e24e0b92874580b4004be986a584e21ed664fd98
MD5 hash:	b3176738f06cad7acfa8040b9f1af3d7
humanhash:	oscar-yankee-mobile-alpha
File name:	e993dc4733d3db72ebb90a0e2aa6c0e665ac6bb1679c5235ed8df88a9091dacd
Download:	download sample
Signature	NetWire Create hunting rule
File size:	571'520 bytes
First seen:	2020-03-23 16:20:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6730e3100309a795dd167b67eb34d2fd (1 x NetWire)
ssdeep	6144:iutNx2xOZqBG+J+8vANs38I8HYTNJVKmjOvqSp424Ah7:iut2xOwd+8A23p8HYRj3QnRh7
Threatray	4'824 similar samples on MalwareBazaar
TLSH	67C4AEE14B8E9038DDB14979AC30A76B72AD3DB79EC5D36C26B548C6FD6210D90E0E13
Reporter	Marco_Ramilli
Tags:	exe NetWire

Code Signing Certificate

Organisation:	DVDRipCut 9 Setup
Issuer:	DVDRipCut 9 Setup
Algorithm:	sha256WithRSAEncryption
Valid from:	Oct 31 09:52:50 2018 GMT
Valid to:	Oct 31 09:52:50 2019 GMT
Serial number:	01
Intelligence:	370 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:	This certificate is on the Cert Central blocklist
Thumbprint Algorithm:	SHA256
Thumbprint:	C078E552343E84C6C4BB3BF9FC3D9C57F6AF155FE139705321B5C025421E8A8A
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Noon-7331771-0

Win.Trojan.HawkEye-7455512-1

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2018-11-01 17:19:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Verdict:

malicious

Label(s):

netwirerc

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NetWire

exe e993dc4733d3db72ebb90a0e2aa6c0e665ac6bb1679c5235ed8df88a9091dacd

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/73126/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaSetSystemError MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaLateMemCallLd MSVBVM60.DLL::__vbaErrorOverflow

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample