MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12a8e503b2cde2d9e3803631f0418e1aa6230718fa16b8ee7f7189839a9167ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12a8e503b2cde2d9e3803631f0418e1aa6230718fa16b8ee7f7189839a9167ee
SHA3-384 hash: c10fd0e96a5b51220cf66f00bd7a5cd6ded111f76135f6a729c6863bbbce45e44000f3a10323feeb9b2db4da5de905cb
SHA1 hash: 6bddacb74ead69d2c3def7cf63089986cac60cce
MD5 hash: abb54b9f868764302d6d85874beb6716
humanhash: blue-failed-cardinal-massachusetts
File name:SecuriteInfo.com.Win32.DH_JFeBDiUe.15021.22722
Download: download sample
File size:850'944 bytes
First seen:2020-06-19 14:44:31 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 447175571951dcadff7628bee5af1db0
ssdeep 12288:SS3HxJawBnkadi3KqkeMgFD5FOEEt6Bfm4B79SG/LWDSkvo8aK/UaCM3ZuVLTISC:SCzaoA6q4g6HMfzV9JD7flarJELTzyt
Threatray 10 similar samples on MalwareBazaar
TLSH 580523D9A7D48B76C68AA4BD633307A1DB10C0852AA55AEBD02334FE714F3589F5FD04
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9627/
Detection(s):
PUA.Win.Packer.PECompact-2
Create hunting rule

PUA.Win.Packer.PecompactHeuris-1
Create hunting rule

PUA.Win.Packer.Pecompact-72
Create hunting rule

PUA.Win.Packer.Pecompact-74
Create hunting rule

PUA.Win.Packer.Pecompact-75
Create hunting rule

PUA.Win.Packer.Pecompact-69
Create hunting rule

SecuriteInfo.com.Win32.DH_JFeBDiUe.15021.22722.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Softpulse-6693799-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Proxysteal
Create hunting rule
Status:
Malicious
First seen:
2016-11-03 03:10:56 UTC
File Type:
PE (Dll)
Extracted files:
47
AV detection:
42 of 47 (89.36%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0829886e0ca34a32fa545e0a53d7a2208d963b7b826a14aefde94d9ff4f549e5
1495a59a2300245b0c8cfdfe2e467de7f79a4d287e10e9119a96cdac0a1b7c5b
20f34af2caf2e27d4d761bd4be0691f0e09f178e851f528c493ac7308eb4066f
372b929ae9362bf357a3a8c5c968921f2c950094d928b2ed2cf94ea04bcfdbef
7564394cdf95f47b753662ee9240197a1b54a218a92efca79e873c2d6fb04544
83acd77bd1b76095992046c1cd53fd0fb4f0ae9f22f410facf174f4e1ce2f475
85e0ff2f0c03b8d8ce1d32b446dcef0e32b79fa581a9c27dcf4d0bb92c6b167f
c653365657fbf65429ad845d0a0d93106e972aca929739560ff4b4796bd2be08
ecff057be8cc58b2f50f470b29e8b15ef83b58753398a43339151ad531ae4e1c
ef8e48bd72babfdc3e9c15309d8a3a2abab38907f6522c476c2e71bbc70402b8
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware upx
Link:
https://tria.ge/reports/201109-pzd9sb1kzx/
Behaviour
Modifies Internet Explorer settings
Modifies Internet Explorer start page
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Modifies service
Loads dropped DLL
Reads user/profile data of web browsers
Blacklisted process makes network request
Drops file in Drivers directory
Sets service image path in registry
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/9627/

Comments