MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1495a59a2300245b0c8cfdfe2e467de7f79a4d287e10e9119a96cdac0a1b7c5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1495a59a2300245b0c8cfdfe2e467de7f79a4d287e10e9119a96cdac0a1b7c5b
SHA3-384 hash: 1ad5457ac56cb397fe1fcd2fb7ca9ceee78ae7dc7316eaca23b1eb8ae933e30c6686711eec5f5c290068a17f17e896ea
SHA1 hash: 101ad5b83850cb742bbf574558d0d9434128373f
MD5 hash: 94e83f8646385a5da01de62b5847af65
humanhash: twelve-kilo-north-hawaii
File name:1495a59a2300245b0c8cfdfe2e467de7f79a4d287e10e9119a96cdac0a1b7c5b
Download: download sample
File size:2'706'432 bytes
First seen:2020-06-03 09:32:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 55ab69a3bd3fdf073f05fa19d1021d4d
ssdeep 49152:ou9/3Pvk43UKrIzhXZPMNLc2bcR1Bfl/mX71BWOKpCo5bk0vbPWpo9kydhh:ou9/Ps43UKrIzlZPYOUDKs50vOuTdhh
Threatray 45 similar samples on MalwareBazaar
TLSH 20C53302D3B84664E852CC74E376F0BA89096C1CB8116663FDC9FADA99B76F1253D10F
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

SecuriteInfo.com.HTML-8319.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 17:17:25 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  2/5
Verdict:
suspicious
Similar samples:
2a214959e1a85a4d11444053d4262961ee29e2cc53c3f4ae8f1a59152e5d67f3
369fc40113a588ab1916d537d07b1151ea60bbb4f5d1a7f2de841b94791a2d11
39599008089755aa7cccb534b2c94ccb537f266018bb67ae3ed4b9f51c0a40b9
4c19c15867d67267bd79c9304bcdfb4ddb894b4d79cf6e127ba4336ad67ba884
4eb372dc146535028ffa1c88b7a6f0c7ce3a462b9dd53e1f7acdb61545bdfeeb
6ed0051747d0d5fbf4273b02e7267a257a82217c4b474117ea853014218b2b18
8f327b1ce9510b718d832e0d0d38caf1aa73c3af31f6a915442f5b90015e7e6e
9fd40d22f5ff232a91ed5a5cf02d0b2c1ef24ec36035c9dbf5af9b709db9b7bc
ac1b332e6958c5b81be1b747c8a30172741514ed397952e01ad174be94f112a4
bcedd36c318c6bde7515a91d98e5f171b371e6a17ac0b45e717c5f1bde22d55f
+ 35 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
bootkit persistence upx
Link:
https://tria.ge/reports/201109-avkylrqpfe/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Writes to the Master Boot Record (MBR)
Loads dropped DLL
Executes dropped EXE
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments