MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20f34af2caf2e27d4d761bd4be0691f0e09f178e851f528c493ac7308eb4066f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 20f34af2caf2e27d4d761bd4be0691f0e09f178e851f528c493ac7308eb4066f
SHA3-384 hash: 77ed341b10a71ea3425459dfa834aa52f898a7130d80249880cd3b630314c9dd7ead98f6488efbd8c9bfe36ab6646f79
SHA1 hash: 13b15448dc0b38f16ca5a23d6587063b29a16bdc
MD5 hash: 1093ca56029e2ab8b4f60cf367f94afd
humanhash: social-crazy-ohio-sweet
File name:SecuriteInfo.com.Win32.DH_JFeBDiUe.19900.4857
Download: download sample
File size:842'752 bytes
First seen:2020-06-19 14:43:30 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 447175571951dcadff7628bee5af1db0
ssdeep 24576:zfT/LznpnEoCzrLg1NqPkXQJAsboGRs5lX7NJQ:zfTDj5EosrIScQJrUOs75+
Threatray 17 similar samples on MalwareBazaar
TLSH B305235872214E7FDE1CFAB36883DE5603589280A6774F6C1D7857F30F3A0AE61E5A90
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9585/
Detection(s):
PUA.Win.Packer.PECompact-2
Create hunting rule

PUA.Win.Packer.PecompactHeuris-1
Create hunting rule

PUA.Win.Packer.Pecompact-72
Create hunting rule

PUA.Win.Packer.Pecompact-74
Create hunting rule

PUA.Win.Packer.Pecompact-75
Create hunting rule

PUA.Win.Packer.Pecompact-69
Create hunting rule

SecuriteInfo.com.Win32.DH_JFeBDiUe.19900.4857.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Softpulse-6693799-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.GenDownloader
Create hunting rule
Status:
Malicious
First seen:
2016-10-28 11:52:37 UTC
File Type:
PE (Dll)
Extracted files:
43
AV detection:
44 of 47 (93.62%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0829886e0ca34a32fa545e0a53d7a2208d963b7b826a14aefde94d9ff4f549e5
12a8e503b2cde2d9e3803631f0418e1aa6230718fa16b8ee7f7189839a9167ee
1495a59a2300245b0c8cfdfe2e467de7f79a4d287e10e9119a96cdac0a1b7c5b
2d40a6c3d1200616055b55031daa8a6b010b3c99219f6b6da87bcd2b2f27d6c2
372b929ae9362bf357a3a8c5c968921f2c950094d928b2ed2cf94ea04bcfdbef
54488d42558df58d9694b6a6150e4934c045c588566be3a555c005ce0aa4ab39
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
7564394cdf95f47b753662ee9240197a1b54a218a92efca79e873c2d6fb04544
c653365657fbf65429ad845d0a0d93106e972aca929739560ff4b4796bd2be08
ef8e48bd72babfdc3e9c15309d8a3a2abab38907f6522c476c2e71bbc70402b8
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware upx
Link:
https://tria.ge/reports/201109-m7fbvkvc7s/
Behaviour
Modifies Internet Explorer settings
Modifies Internet Explorer start page
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Modifies service
Loads dropped DLL
Reads user/profile data of web browsers
Blacklisted process makes network request
Drops file in Drivers directory
Sets service image path in registry
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/9585/

Comments