MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e9338c5d2bed541d261f279a69418853e6effbd5d96a06cc11a22168e2ae31a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e9338c5d2bed541d261f279a69418853e6effbd5d96a06cc11a22168e2ae31a9
SHA3-384 hash: 83106593812383707eb17cc1b9a223bc9313e88d2c57afb8ba8149ffddb79cc089d007bff7d1cf077239b9a7f00f6cb0
SHA1 hash: 4f9f0b45a298a7ccedb69890c24a1df51483392e
MD5 hash: 40c6d6d0194688cf981bd2c090efb08a
humanhash: mars-lemon-hot-cup
File name:winlogon.exe
Download: download sample
File size:389'120 bytes
First seen:2022-05-05 03:04:33 UTC
Last seen:2022-05-05 03:38:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1e639356dd901bb602ff9ef5b3730809
ssdeep 6144:kKrRlByVChnelfkylErdaooMArkOYZ41DWrDpsNX2:kKN7wChnel7lErkoAAsNX2
Threatray 4 similar samples on MalwareBazaar
TLSH T18C84915263E90964F5F76F70D8764622AB333C859E3DC24F0290955E2EB2B94EC38763
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon c4ccd8b4e4cccc0c
Reporter Lan73722735
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
248
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
javas.exe
Verdict:
No threats detected
Analysis date:
2021-10-01 15:13:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0a292800-8904-45b4-8b00-01d0d259e682

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/268752/
Detection(s):
SecuriteInfo.com.PUA.Tool.InstSrv.9.19996.19513.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/16362/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
CheckCmdLine
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
coinminer control.exe expand.exe greyware replace.exe shell32.dll
Link:
https://www.filescan.io/uploads/62733ef4d2a90e9f3a23c077/reports/73b74a9f-65bc-48d5-8802-3fc341262a9a/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/6c5a6836-2fea-477c-8a8d-509cd85bc84c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/988192
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 620684 Sample: winlogon.exe Startdate: 05/05/2022 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 winlogon.exe 2 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e9338c5d2bed541d261f279a69418853e6effbd5d96a06cc11a22168e2ae31a9/
Verdict:
unknown
Similar samples:
23ee36c32f198966a793d71f9e2f0b4e0b8c1429202f38f2fab3a25c692c5c64
5d31ded12c6a8943f96522d5353af0d3bbb9a5ee81cef07db1c14c7cc0f117c6
8ccce2a5d01211e5db0bcc8721dbea06422c5f3133466e4945e4d301d44df3b2
9b6c23ee51101f9e2542bb697e7b218e0a57d51ac6b577998cba351581aa7491
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220505-dk6ysahhbk/
Unpacked files
SH256 hash:
e9338c5d2bed541d261f279a69418853e6effbd5d96a06cc11a22168e2ae31a9
MD5 hash:
40c6d6d0194688cf981bd2c090efb08a
SHA1 hash:
4f9f0b45a298a7ccedb69890c24a1df51483392e
Link:
https://www.unpac.me/results/f1dd18e4-6aef-4473-97ce-50c350f18a3d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e9338c5d2bed541d261f279a69418853e6effbd5d96a06cc11a22168e2ae31a9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/268752/

Comments