MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 372b929ae9362bf357a3a8c5c968921f2c950094d928b2ed2cf94ea04bcfdbef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 372b929ae9362bf357a3a8c5c968921f2c950094d928b2ed2cf94ea04bcfdbef
SHA3-384 hash: 5d2b73c9d94984b78134648b4f59bad807895f50026b6b3de2021d87f56dccd067eec41c070dc5a7430207ca66188535
SHA1 hash: acdd39a0d8068bfc4a16a0193c90eae85a5831fa
MD5 hash: 85003057fbddd3468478adc04a1b50cd
humanhash: beer-quebec-march-minnesota
File name:SecuriteInfo.com.Win32.DH_JFeBDiUe.9288.4057
Download: download sample
File size:866'304 bytes
First seen:2020-06-19 14:43:51 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash afd04e56252995617d12345a0a21d7f8
ssdeep 24576:3D+nJNewma3kv5Ek6626crIag97FyRRWt0d:ANew3kv5PY66FRRW6
Threatray 18 similar samples on MalwareBazaar
TLSH 7E05332A1D841DB8C294B67CA53E37765DF4FA6E6770BBED15008DFF3C11682B224906
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9599/
Detection(s):
PUA.Win.Packer.PECompact-2
Create hunting rule

PUA.Win.Packer.PecompactHeuris-1
Create hunting rule

PUA.Win.Packer.Pecompact-72
Create hunting rule

PUA.Win.Packer.Pecompact-74
Create hunting rule

PUA.Win.Packer.Pecompact-75
Create hunting rule

PUA.Win.Packer.Pecompact-69
Create hunting rule

SecuriteInfo.com.Win32.DH_JFeBDiUe.9288.4057.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Softpulse-6693799-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Browser.StartPage
Create hunting rule
Status:
Malicious
First seen:
2018-11-09 05:59:20 UTC
File Type:
PE (Dll)
Extracted files:
47
AV detection:
39 of 47 (82.98%)
Threat level:
  4/5
Verdict:
unknown
Similar samples:
0829886e0ca34a32fa545e0a53d7a2208d963b7b826a14aefde94d9ff4f549e5
12a8e503b2cde2d9e3803631f0418e1aa6230718fa16b8ee7f7189839a9167ee
1495a59a2300245b0c8cfdfe2e467de7f79a4d287e10e9119a96cdac0a1b7c5b
1eebb3e709b273372a1edf1ef713c7cd68e90370251b4e15e5f5ec8a9328d816
20f34af2caf2e27d4d761bd4be0691f0e09f178e851f528c493ac7308eb4066f
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
7564394cdf95f47b753662ee9240197a1b54a218a92efca79e873c2d6fb04544
85e0ff2f0c03b8d8ce1d32b446dcef0e32b79fa581a9c27dcf4d0bb92c6b167f
c653365657fbf65429ad845d0a0d93106e972aca929739560ff4b4796bd2be08
ef8e48bd72babfdc3e9c15309d8a3a2abab38907f6522c476c2e71bbc70402b8
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware upx
Link:
https://tria.ge/reports/201109-jmqdbw8lr2/
Behaviour
Modifies Internet Explorer settings
Modifies Internet Explorer start page
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Drops file in System32 directory
Modifies service
Loads dropped DLL
Reads user/profile data of web browsers
Blacklisted process makes network request
Drops file in Drivers directory
Sets service image path in registry
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/9599/

Comments