MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c19c15867d67267bd79c9304bcdfb4ddb894b4d79cf6e127ba4336ad67ba884. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c19c15867d67267bd79c9304bcdfb4ddb894b4d79cf6e127ba4336ad67ba884
SHA3-384 hash: 93adf754dfd79f4d68f38a8b29834562424e8a8781189872ad99693a993c8481fc25801fdd359ce31130e0a0c95cf0a0
SHA1 hash: 5a331da596bc7bdfb7b7969c7e08b506915fdb75
MD5 hash: b1ed785c1ccd55c0e528df24550eb6aa
humanhash: item-august-north-april
File name:4c19c15867d67267bd79c9304bcdfb4ddb894b4d79cf6e127ba4336ad67ba884
Download: download sample
File size:19'890'176 bytes
First seen:2020-07-06 06:35:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 45cde04b9b0c9b9d61f0f7af2e1ca9fe
ssdeep 393216:FFqJldpJbKxgk5gJYHH1tmwYPAhWog9qRQStMOByOnIunrh:FYPU5SYn1oLPWWog9dSmOBy8Iyh
Threatray 44 similar samples on MalwareBazaar
TLSH E5171223E120C4A1D21913B29AB51B3C29389B695AF0CA93EBC4DDF17C715639FA731D
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Onlinegames-6629257-0
Create hunting rule

Win.Malware.Ulise-6859144-0
Create hunting rule

Win.Malware.Score-6940809-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Sending a custom TCP request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c19c15867d67267bd79c9304bcdfb4ddb894b4d79cf6e127ba4336ad67ba884/
Threat name:
Win32.PUA.FlyStudio
Create hunting rule
Status:
Malicious
First seen:
2020-06-22 05:12:45 UTC
File Type:
PE (Exe)
Extracted files:
74
AV detection:
23 of 30 (76.67%)
Threat level:
  1/5
Verdict:
suspicious
Similar samples:
1495a59a2300245b0c8cfdfe2e467de7f79a4d287e10e9119a96cdac0a1b7c5b
369fc40113a588ab1916d537d07b1151ea60bbb4f5d1a7f2de841b94791a2d11
4eb372dc146535028ffa1c88b7a6f0c7ce3a462b9dd53e1f7acdb61545bdfeeb
5d31ded12c6a8943f96522d5353af0d3bbb9a5ee81cef07db1c14c7cc0f117c6
6ed0051747d0d5fbf4273b02e7267a257a82217c4b474117ea853014218b2b18
82385c5627675bb1a2f760238c766d1b8d3c31e109e067334959c084d62e5d55
8f327b1ce9510b718d832e0d0d38caf1aa73c3af31f6a915442f5b90015e7e6e
9b6c23ee51101f9e2542bb697e7b218e0a57d51ac6b577998cba351581aa7491
9fd40d22f5ff232a91ed5a5cf02d0b2c1ef24ec36035c9dbf5af9b709db9b7bc
ac1b332e6958c5b81be1b747c8a30172741514ed397952e01ad174be94f112a4
+ 34 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200706-e36y9asc1x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Datper
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Datper in memory
Reference:https://blogs.jpcert.or.jp/en/2017/08/detecting-datper-malware-from-proxy-logs.html

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments