MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff74910fadbf214950608806110debda7a3728df1cdfc60beeec74b74317ead8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ff74910fadbf214950608806110debda7a3728df1cdfc60beeec74b74317ead8
SHA3-384 hash:	49b1f6d80e9a0aa8a08e32a80bfa14e0c91c4a660e94c170a935e2ad3f02c61a9af7c21be6b003aa015cf2a1eea1a658
SHA1 hash:	2545a3ff8e6e815992f9385a5f0411818c4146d6
MD5 hash:	2469c7e897b343350b6277171e7e0dcf
humanhash:	kansas-moon-purple-oregon
File name:	iec56w4ibovnb4wc.onion_Library__UPXsamples__ProcessHowllowingPacked.bin.malw
Download:	download sample
File size:	4'096 bytes
First seen:	2020-03-18 23:11:43 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a444940f1e817b601e31403aeb2d6222
ssdeep	48:ygYB8AwR8wS90IO8KYM7vsW6bs9qktA6q49hiovX7kEQZ9iT4DebpSeJY8JTa+9B:vAwR8T0IOGM7kW6b1NboioPMpaT9
Threatray	1'106 similar samples on MalwareBazaar
TLSH	248109CF89BAAFFAD5635EBB41C4408223547AB14BE5A3C92C7C61A37D430A08724F25
Reporter	ov3rflow1
Tags:	malw

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-48

PUA.Win.Packer.Upx-4

SecuriteInfo.com.PUA.Tool.Inject.54.15984.19069.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Pakes

Status:

Malicious

First seen:

2017-06-20 00:32:47 UTC

AV detection:

22 of 31 (70.97%)

Threat level:

2/5

Verdict:

unknown

2ef3f42f0c9dfe67e9d4e2abbddf68c9195f8d6aa96b681e810f23303a459b4e

4983921d3469aff39daaa738072cdf18171a7c98184a0a810c9d81daac7082e4

49ad0ed3bf58f6bec614955067d2a6ae9a19825412ed6f6e851973d5d809293f

bc9deb7c274339a0a8b594def58348a995b3d7af4764c796c365b683b7400aea

bdddf5f5fa10f55e58819ff4ae4cf11902c3583503fa8fcf50ce67b1f1f66e4f

cea1d36e04dc9357211734f659dfe352056afc40779ee251fee4e72ceec619bf

d2edc352a2a157c1ac51e314039ca894958635959d905900755992eed6a13256

e41e433626e9dbf6c3a56c29c9dc60adfa53f71cd1c3bc10d682a1b2239c576d

f8105c176cdb46bb1feeaf74ea310272dbca379bd82de975b9ab7ac6974af060

+ 1'096 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ff74910fadbf214950608806110debda7a3728df1cdfc60beeec74b74317ead8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample