MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d4898d4aec91b789a3abb2d9e103eb1111d783a05a119ef7d1db9ab3811a79c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Adware.ExtenBro

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	d4898d4aec91b789a3abb2d9e103eb1111d783a05a119ef7d1db9ab3811a79c2
SHA3-384 hash:	2c255e4a3fe2f64a3990c100f1e738a1cb8a8252cd3cfd85df7cd6775e1eed35e7cf63b6338464e66fbe4ac09f5955fe
SHA1 hash:	52d57a8a2445955364040d1450b4cbfa109590aa
MD5 hash:	f78888b1d0bb5e5bd147b0ac89971819
humanhash:	tango-lithium-sink-alaska
File name:	d4898d4aec91b789a3abb2d9e103eb1111d783a05a119ef7d1db9ab3811a79c2
Download:	download sample
Signature	Adware.ExtenBro Create hunting rule
File size:	2'066'232 bytes
First seen:	2020-06-03 09:02:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep	49152:WqeNVAYj/We+1TSDT2zLU2/Th/h5Esl5/V+Y:HEHbv+1ODT2LUsTNEsPd+Y
Threatray	13 similar samples on MalwareBazaar
TLSH	E7A5BE3BB2EC653FC4AA0A3145B292505D7BBE71A41A8C1A07F079DCCF76F601E3A615
Reporter	raashidbhatt
Tags:	Adware.ExtenBro exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

93

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Exe-6

Gathering data

Threat name:

Win32.PUA.Agen

Status:

Malicious

First seen:

2020-06-03 08:15:31 UTC

AV detection:

11 of 31 (35.48%)

Threat level:

1/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=2sey2sxmsg3yti5lwlm6ca7lcei5pa5aliiz556r3onlhai2phba._file

Verdict:

malicious

Similar samples:

1f02d06a14d5e83c297271a24f9dad9f28d25e387bc65784077ddc27165290b5

Adware.ExtenBro

250cfc3bf5271e6a5cdd6ebe240865bf2f960c877590b679c878181b42f85341

Adware.ExtenBro

380a0d5b3d5ae9eb9a53cf5bb4fe1737de62020e4f0ec5f56ee601bf8a884d1b

Adware.ExtenBro

548c375182f63e134625ec757d001e42051be39bf22f4065932ba53557825312

Adware.ExtenBro

ace64cbe1ef91a0b14602264fe0de8e3698cb8b901cbd6251b3fd11d87a0bef6

Adware.ExtenBro

b0fedb5fc4232c07ff1161ddcc830cf11596ba2653cc7cea1d5666b4bab1f276

Adware.ExtenBro

b2f041348835c102db3769245ee4c28dd00cb19c3c6710fc9c11228f3bbce61b

Adware.ExtenBro

b87295a4b2fb2d2f4df9d502d52e2f50a5e9b3ba9f56b17e252fa0f3022ae6f4

Adware.ExtenBro

cfb6b2b831592f1ebd43929977ae4963f8c2b3b2472214c82c3c3c1513a6b54f

Adware.ExtenBro

fc0ffda44e2748b424639a1592356cc209abf6045a8d6a069f5f562ea1f31763

Adware.ExtenBro

+ 3 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

discovery

Link:

https://tria.ge/reports/201109-9vdpjaxk2x/

Behaviour

Creates scheduled task(s)

Script User-Agent

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Checks installed software on the system

JavaScript code in executable

Loads dropped DLL

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample