MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f632b6e822d69fb54b41f83a357ff65d8bfc67bc3e304e88bf4d9f0c4aedc224. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f632b6e822d69fb54b41f83a357ff65d8bfc67bc3e304e88bf4d9f0c4aedc224
SHA3-384 hash: fbf78e1d05f0b6a4eac3b9db0145287a0c24dcfa60e601aeb45c78e8d66fc60becb62c62a168022d53b0e64806902baa
SHA1 hash: 4e92e5cbe9092f94b4f4951893b5d9ca304d292c
MD5 hash: e20ee9bbbd1ebe131f973fe3706ca799
humanhash: fillet-cold-indigo-cardinal
File name:a.exe
Download: download sample
File size:293'376 bytes
First seen:2020-04-02 13:38:27 UTC
Last seen:2023-05-13 22:48:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 26d3c4cf36a46cd980f89d55afb73146 (2 x NetSupport)
ssdeep 6144:egtJZ0NSt7Jb/Is8vIfYg6KcZQV7GdRMrKUIvcgfoS3Qz89r:egWNStd7R8cYgsZK7qCrqfoS3Mcr
Threatray 6 similar samples on MalwareBazaar
TLSH 2D541209966BD52AE053B57EFE898EF411881D51F79192432B0EBE2F3D313D09E66233
Reporter Anonymous
Tags:Wiper

Intelligence

File Origin
# of uploads :
3
# of downloads :
158
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

Win.Dropper.Tiggre-7061386-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Dropper.Generic4.WWU.UNOFFICIAL
Create hunting rule

Result
Threat name:
CoronaVirus
Create hunting rule
Detection:
malicious
Classification:
rans.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/336297
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Mbt
Create hunting rule
Status:
Malicious
First seen:
2020-03-22 14:31:58 UTC
File Type:
PE (Exe)
Extracted files:
64
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0a13ba6b394ff6c4792edab2d8ee52651fa9ecfe014059b951d28d2f4383f101
266be67338e5e20e0d9eab7a3dfdc11c65f6ee3d2d572b0a5857921d4b7dbdc7
2d725c799e8787ef98e26cb025144cbe405aef31bc4ddd2011c80c09efa87400
67b235aa69f3e58eccab386035b5da7e6665d7718938607c5ce0b91503dcde4d
ee1c8099b910ee2f0be7f94f201846827bb1f886d14d1ce7ab666d985f56f80f
f9452ba1966aee0e4c1713a6293c9551b3ff97d4fbf065696d4691ad339878b8
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/f632b6e822d6/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/9955b63b-b617-4aff-8917-0bbd920361b2/
  
Delivery method
Multiple

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
CHECK_TRUST_INFORequires Elevated Execution (level:highestAvailable)high
Reviews
IDCapabilitiesEvidence
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteExA
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA

Comments