MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee258df3b6f2dce2898606ef5767b8a5127f50df389ca83559adf529dacdfe62. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee258df3b6f2dce2898606ef5767b8a5127f50df389ca83559adf529dacdfe62
SHA3-384 hash: e293064bcdc0b9e7fc83aaf16638f1b11a731ccf9be214f24e7b7861fe12eed8748bd4dcda6d84b8665be05f5e6ff0fc
SHA1 hash: 0173a967747537ae3986eb69e47ce5e6653e4aa0
MD5 hash: c012133c523b154a565ff4f60cbf0f74
humanhash: south-snake-tennessee-oklahoma
File name:ee258df3b6f2dce2898606ef5767b8a5127f50df389ca83559adf529dacdfe62
Download: download sample
File size:51'759 bytes
First seen:2020-03-23 16:19:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 46b0675c1fd7681c7b19a1c83d5aff83
ssdeep 1536:hfiRHjJvd/hnM7Zx1mn7Z34RbgEBLqPSWgBsm5A:sRJV5nKMnx8bgENTWusj
Threatray 150 similar samples on MalwareBazaar
TLSH D633E115F1798621E0C24C709D6B3D67153FFA3ADD10AE5662801D662D3AAC2EB20FB7
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Expressor-24
Create hunting rule

PUA.Win.Packer.Expressor-25
Create hunting rule

PUA.Win.Packer.Expressor-30
Create hunting rule

PUA.Win.Packer.Expressor-10
Create hunting rule

PUA.Win.Packer.Expressor-11
Create hunting rule

PUA.Win.Packer.Expressor-6
Create hunting rule

PUA.Win.Packer.Expressor-7
Create hunting rule

PUA.Win.Packer.Expressor-1
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fkm
Create hunting rule
Status:
Malicious
First seen:
2011-06-20 08:18:00 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
13c555d2bc29bc384b7c496c0aefadfbe38d7b415e11c43bdbcfdf702062d1f3
2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
504cd8dcf16b6e6b55271ef9bcd8603916ec5f81fdeb0615e3c970954d50a7f0
50d68559290556e9e3524e8aec940a98b4564b57cc2a60f79d4da9a7d1f8de46
782f821689d70d89096d4cb5da89ce0ceb35393da77896610d5c2d4edd7414a5
bb2faadcbc0d7c66a84bb763e34cc811194f21a2222541a62fd1c0d9d3ce6c42
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
e0c1fb97e28bc9944bc045ee772dd8da34a985a9e410764734eacdb35429cd1b
eb14b66b263d66a5f9c3388d6a1a8b140a459815a70de76b9f31052c7884f623
+ 140 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ee258df3b6f2dce2898606ef5767b8a5127f50df389ca83559adf529dacdfe62

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/144518/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryA

Comments