MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff2eb800ff16745fc13c216ff6d5cc2de99466244393f67ab6ea6f8189ae01dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff2eb800ff16745fc13c216ff6d5cc2de99466244393f67ab6ea6f8189ae01dd
SHA3-384 hash: ddbd20186bf90bcd96021f979824a2e44110d136a25031ba38bb81a8262a0df85cfb1dfb49508bfd254657a4f35f28eb
SHA1 hash: f8397d940a204a2261dba2babd6e0718dd87574c
MD5 hash: 143cb4f16dcfc16a02812718acd32c8f
humanhash: papa-kilo-india-floor
File name:iec56w4ibovnb4wc.onion_Library__DPRK__HiddenCobra.exe.malw
Download: download sample
File size:107'008 bytes
First seen:2020-03-18 21:57:02 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 5e9c8819379d7bcee6003e9bdf4e6701
ssdeep 1536:GvSjInlBLrYOyzlgZdQ0OTigNDFxu/7zS5o3tRShIYQtl5ye:GvSjIPrmgZdQ00NHoKUShctl5ye
Threatray 1 similar samples on MalwareBazaar
TLSH 9FA39D52B5D241B5F584457D04AB5F37CB3F33610B4ADB038710EFA69E62322A33A3A6
Reporter ov3rflow1
Tags:malw

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Agent-6378742-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Joanap
Create hunting rule
Status:
Malicious
First seen:
2015-11-21 07:45:00 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
e79bbb45421320be05211a94ed507430cc9f6cf80d607d61a317af255733fcf2
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ff2eb800ff16745fc13c216ff6d5cc2de99466244393f67ab6ea6f8189ae01dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::SetStdHandle
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::GetFileAttributesW
KERNEL32.dll::FindFirstFileW
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
WIN_SVC_APICan Manipulate Windows ServicesADVAPI32.dll::RegisterServiceCtrlHandlerW

Comments