MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f066f830f62f469a36d49b22554dfd186c0d131a3ad924df108262f87b2346ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	f066f830f62f469a36d49b22554dfd186c0d131a3ad924df108262f87b2346ab
SHA3-384 hash:	7fd70054b9287f9ae0f0f0ce8d9fc7f40234ae1e8c6bdc952a87ed0bdbf99c1534df1e70bdd256099bd60ee3fcaff906
SHA1 hash:	ebc399abf8202e43552aa3ce208ed220f98de2a0
MD5 hash:	85538a0df951551d1d7a6734313afea6
humanhash:	hawaii-oranges-kentucky-rugby
File name:	f066f830f62f469a36d49b22554dfd186c0d131a3ad924df108262f87b2346ab
Download:	download sample
File size:	798'720 bytes
First seen:	2020-03-23 18:43:49 UTC
Last seen:	2020-03-30 07:05:58 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	2a65f23f9688c5bffdfbe38f36eab5b0
ssdeep	12288:J07d0xdPz1Mrx0G2+3UllsbfgU+qeMb9M6S11bhwm1dTdxGmnOhPswMzFB:J07dAdPz1865libIU+kUNndTH7ePMX
Threatray	13 similar samples on MalwareBazaar
TLSH	2905012057A80581E8F27D367E528A3B89307CB5B671DB57FA2C724E2F3992494313B7
Reporter	Marco_Ramilli
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.AsprotectSke-6

PUA.Win.Packer.AsprotectSke-1

PUA.Win.Packer.AsprotectSke-4

PUA.Win.Packer.Asprotect-3

PUA.Win.Packer.AsprotectSke-5

SecuriteInfo.com.Variant.Jacard.129965.26716.32318.UNOFFICIAL

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Gathering data

Threat name:

Win32.Trojan.Occamy

Status:

Malicious

First seen:

2018-10-25 21:50:18 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

15 of 30 (50.00%)

Threat level:

2/5

Verdict:

malicious

632562060da02f7ed5e92b1fe1bd94ce8d993cb134e93f8294beade2f0f42974

72660328d491a37b99ae219252eccab4dfd568329fbb72e512167b239ba2c190

afe57674c53de398de18be61175e7cf55447e9c57cd3b4c82b035a9d65ec86f3

b00ffbe33a4398cdfdb136564f24dfd6ff292b11a9adbc4041aa2a532af6edfb

b5961f407c0afef04c9406ba17cbae3fe4cc575b47e50081abbda0d96f9c0f18

d06d675add136cc82c55c68166df534afa018e9f1ae333a9a75cacc1ec66d9d3

d2edc352a2a157c1ac51e314039ca894958635959d905900755992eed6a13256

e2136c8268bb5be4fe2a295a9bb9250c00437452cd3d65822290e3a68b1fb94b

f4bf1d1294fcdebf960a81bc8bdf14edb488c4d844a90ab100a1d5354f8cd443

+ 3 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe f066f830f62f469a36d49b22554dfd186c0d131a3ad924df108262f87b2346ab

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/116031/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	kernel32.dll::LoadLibraryA
WIN_REG_API	Can Manipulate Windows Registry	advapi32.dll::RegQueryValueExA
WIN_SVC_API	Can Manipulate Windows Services	advapi32.dll::StartServiceCtrlDispatcherA
WIN_USER_API	Performs GUI Actions	user32.dll::CreateWindowExA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample