MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e37ccb3f0327957d04963703bdc9e31a121da9d44ef83abcbb388165e76d5db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e37ccb3f0327957d04963703bdc9e31a121da9d44ef83abcbb388165e76d5db
SHA3-384 hash: 7b7d68fd570f2b81ff750cfed1975b1c94831bb8f6a76763090558ca610122187ff907f6b69320998d74c6611cbaacc1
SHA1 hash: 8d5444a5dbf7796ed15175661bdeb5a1016e91b5
MD5 hash: c9c40faa8a82a55b8aa55f1d60602eb0
humanhash: wyoming-seven-fillet-saturn
File name:MpCmd4.dll
Download: download sample
File size:2'580'877 bytes
First seen:2022-07-14 11:16:05 UTC
Last seen:2022-07-26 23:45:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f2460826515739f4fba1b0b66b3b49c0
ssdeep 49152:inC2C5rGNPR/3+JqNgn+3dZYmanTv4d7gYXB:iTR/3+JqNgn+3dZYmak7gYXB
Threatray 2'291 similar samples on MalwareBazaar
TLSH T1CAC51B43AAC70DBAC9D66BB4A1D31335B778FD608B3A5E3F6608C63509536C4AD1EB10
TrID 43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
27.6% (.EXE) Win64 Executable (generic) (10523/12/4)
13.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) OS/2 Executable (generic) (2029/13)
5.2% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter r3dbU7z
Tags:dll exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
237
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
MpCmd4.dll
Verdict:
No threats detected
Analysis date:
2022-07-14 11:20:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/65b98dfe-5312-42d4-8cbf-af7c30b2d382

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/289106/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug overlay spyeye
Link:
https://www.filescan.io/uploads/62cffb3083ba16fee5c3973d/reports/0f2119a6-1bd5-4a87-853a-fc1a0b2ecd27/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1031318
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5e37ccb3f0327957d04963703bdc9e31a121da9d44ef83abcbb388165e76d5db/
Threat name:
Win64.Trojan.Shelma
Create hunting rule
Status:
Malicious
First seen:
2022-07-14 11:17:10 UTC
File Type:
PE+ (Dll)
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ly34zm7qgj4vpucjmnydxxe6ggqsdwu5itxyhk6lwoebmxtw2xnq._file
Verdict:
malicious
Similar samples:
054498f9520c77728c723a72e1657dd9371090e8c9ac67b53e888e5c0d03afed
0555b34b40f176362f5b9e070253358d8faec831f9675c03adfdb2929d168ee8
260191afe0e066cf63b69262018f62ac4d3fa02cd2188440f9d678de671772ff
40a4f84e519d5f19e8dcdd291c0044d0f260cfec720e065bee9644b8ed2e2491
4491bb41f0c1b41f17964834db747576ef873f9d1a999e2b78f39e7798281ee4
5193e7d006b375ac296ea34ab8917842faf6e0eeea196ad9319ea28d8ffcab30
b29b0f2a27ccbb9f12363a3dde1f2d2373fdc782232f4804f0abffbb8daf9d25
c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb
e8b1a240c6fad4dd2e7bd0b08a0681131f2804d64d58869e60ad333cddc58cb0
ec76ecb58f5ec6d02f2b125102c9fe613891582a7607535a39e1b598cbfc5622
+ 2'281 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220714-ndpe9sfgfr/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtCreateUserProcessOtherParentProcess
Unpacked files
SH256 hash:
5e37ccb3f0327957d04963703bdc9e31a121da9d44ef83abcbb388165e76d5db
MD5 hash:
c9c40faa8a82a55b8aa55f1d60602eb0
SHA1 hash:
8d5444a5dbf7796ed15175661bdeb5a1016e91b5
Link:
https://www.unpac.me/results/66e63eb6-1efc-4c98-92ea-b851c3c54c8d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5e37ccb3f0327957d04963703bdc9e31a121da9d44ef83abcbb388165e76d5db

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5e37ccb3f0327957d04963703bdc9e31a121da9d44ef83abcbb388165e76d5db

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/289106/

Comments