MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d8febcf12d4e13f59f16516af3576201775f352b69e943223f10fffbe535306. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d8febcf12d4e13f59f16516af3576201775f352b69e943223f10fffbe535306
SHA3-384 hash: 2735be25a8ed6125818c83d38a5bad40625504497e5bb3cd9e9f9a79f1b822b79194207cd4b470cebdbeae77b1bbe07c
SHA1 hash: b8d374ca168d7013150438827e5df654b10dbe3e
MD5 hash: f2581658257acfab1ba074c0c750fe10
humanhash: zebra-blossom-fourteen-nevada
File name:virussign.com_f2581658257acfab1ba074c0c750fe10
Download: download sample
File size:489'036 bytes
First seen:2022-07-13 14:31:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ce51d8aebf3e43ebe34fbea28391ca23
ssdeep 6144:WdspDeDrxkg/vrMuJIgwhEFHyOrJcX/Pgqwzm5IzkWjS4e4azExBKO1t4Kb70Nqr:s8kxNhOZElO5kkWjhD4AI
Threatray 3 similar samples on MalwareBazaar
TLSH T1A6A47D6AF7C08837D2631A38CD5B8768EC22BE503E2955463BF81D4C5F79381792A3D6
TrID 27.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
26.5% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
14.1% (.EXE) Win32 Executable Delphi generic (14182/79/4)
9.9% (.EXE) DOS Borland compiled Executable (generic) (10000/1/2)
6.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
Reporter KdssSupport
Tags:exe


Avatar
KdssSupport
Uploaded with API

Intelligence

File Origin
# of uploads :
1
# of downloads :
156
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
virussign.com_f2581658257acfab1ba074c0c750fe10
Verdict:
Suspicious activity
Analysis date:
2022-07-14 03:07:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/39cfb856-6682-42b8-833f-c1781510a5e4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/287421/
Detection(s):
PUA.Win.Packer.BorlandDelphi-5
Create hunting rule

PUA.Win.Packer.BorlandDelphi-6
Create hunting rule

Win.Worm.Fasong-2
Create hunting rule

PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

PUA.Win.Packer.AcprotectUltraprotect-1
Create hunting rule

Win.Worm.Fasong-9753929-0
Create hunting rule

Win.Worm.Fasong-9753931-0
Create hunting rule

Win.Worm.Fasong-9753932-0
Create hunting rule

Win.Worm.Fasong-9806395-0
Create hunting rule

Win.Malware.Fasong-9910797-0
Create hunting rule

Win.Malware.Fasong-9918317-0
Create hunting rule

Win.Worm.Fasong-4
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Creating a file in the Windows directory
Creating a file
Creating a service
Enabling the 'hidden' option for recently created files
Creating a process from a recently created file
Creating a process with a hidden window
Sending a custom TCP request
Searching for synchronization primitives
Enabling autorun for a service
Enabling autorun with the shell\open\command registry branches
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
evasive greyware hh.exe keylogger overlay regedit.exe
Link:
https://www.filescan.io/uploads/62ced8323ec0b06899770676/reports/a48fb628-71aa-4642-ae10-8c4e0ad69627/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/25ad7d98-bf55-43ad-9874-c6d49d9b5b74
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1030713
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
Creates an undocumented autostart registry key
Creates files in the recycle bin to hide itself
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sets file extension default program settings to executables
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d8febcf12d4e13f59f16516af3576201775f352b69e943223f10fffbe535306/
Threat name:
Win32.Worm.Fasong
Create hunting rule
Status:
Malicious
First seen:
2022-07-08 09:14:00 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
26 of 26 (100.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jwh6xtys2tqt6wprmulk6nlwealxl42sw2pjimrd6eh77pstkmda._file
Verdict:
malicious
Similar samples:
03745fbf91cf67f1c079704524ed1b5064fc3e067083e33a9cc1655a3748ee2a
744d7fc9796a48f7d5b1173b91d1b018f13f91db7798a3d9cfd27fb22d678898
de048753f687a726312de3ad7f8f0e05966fdd5207942d4a4a82488ff2936248
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence upx
Link:
https://tria.ge/reports/220713-rwbhxaadg4/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Adds Run key to start application
Enumerates connected drives
Loads dropped DLL
Executes dropped EXE
UPX packed file
Modifies system executable filetype association
Unpacked files
SH256 hash:
4d8febcf12d4e13f59f16516af3576201775f352b69e943223f10fffbe535306
MD5 hash:
f2581658257acfab1ba074c0c750fe10
SHA1 hash:
b8d374ca168d7013150438827e5df654b10dbe3e
Link:
https://www.unpac.me/results/8f263871-4e92-422b-8f81-d02cd1d427fd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4d8febcf12d4e13f59f16516af3576201775f352b69e943223f10fffbe535306

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4d8febcf12d4e13f59f16516af3576201775f352b69e943223f10fffbe535306

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/287421/

Comments