MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 000aba05d34281fa9a509e464d2c4ac3a2c94bff16928b73723abe274f516d98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 4
| SHA256 hash: | 000aba05d34281fa9a509e464d2c4ac3a2c94bff16928b73723abe274f516d98 |
|---|---|
| SHA3-384 hash: | 149bfb518d23362996bcaaa530d00699a8a2b9a3f35f75d691ddfe8dc81345e9accad1c6248eb8c1687f28bf24d29fa3 |
| SHA1 hash: | f477f6b0988134e50d8c8af741f20302b681b44f |
| MD5 hash: | f1fd3982347ac205cb952087d50de13b |
| humanhash: | hotel-wyoming-oklahoma-edward |
| File name: | a5cf8952a82601bd4507fefb9942a121 |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 14:52:24 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 3072:McfhJQsIwaL/d1Rl7PEZ/N90uLYYNM7uN4pLthEjQT6j:XhJQTwajRl7cZ/N9SEM7uNkEj1 |
| Threatray | 158 similar samples on MalwareBazaar |
| TLSH | 8B246B02358B85A1E5FF127448F182708677FC56ABB6322FB980377FA9722505D23B2D |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Creating a file in the Windows directory
Creating a process from a recently created file
Launching the default Windows debugger (dwwin.exe)
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-17 14:55:41 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 148 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
9/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Drops file in System32 directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
000aba05d34281fa9a509e464d2c4ac3a2c94bff16928b73723abe274f516d98
MD5 hash:
f1fd3982347ac205cb952087d50de13b
SHA1 hash:
f477f6b0988134e50d8c8af741f20302b681b44f
SH256 hash:
732978d3d4b41484c29d4fe3421b65c75d3f8a8548cfd5cdfb77fe4211e3262b
MD5 hash:
b6d28b96a2a6a8f1e4a54d48e06571be
SHA1 hash:
6acb027bc5812a12f5537eb35ed2dd6291ab40e1
SH256 hash:
0c5de0a340991337f80015dc2083a4812be0020d7c230b7e7868be5926b00a45
MD5 hash:
b3a76a5529bec2b2419590aafbf06d2b
SHA1 hash:
b813b57f544c55b988651fab9ec7a80539c47dfa
SH256 hash:
dc5d1c89a980dc17618ebc53e5038ec112056ba112b86ac9f4c245f58f3b01eb
MD5 hash:
97ac7ce64254314f4be48e6589047612
SHA1 hash:
5ce9bf8c8512a71048f07ca132fcc2a3710e0c11
SH256 hash:
3424d9f148ab29327b7eecda5903850b8757917de822c035499d656ce1095b9e
MD5 hash:
a623bbc5b90549f8caeeaaaa2be360f9
SHA1 hash:
9d0b2e6fbab68bddb343d2051152e25e73b06317
SH256 hash:
b1256ab9ef879291e0250d248a729aa8dfa0388d57e3f8c1f9450664d8a20f45
MD5 hash:
dd4ea61da20ee597f9a0852a9c2e5c7a
SHA1 hash:
a6a64f45b30945a2c072edd2dd47bb5b3010f372
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.