MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01a38195faaf7780f0f600c6d0d6c924559a4e639312e4023ce859e874d923c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01a38195faaf7780f0f600c6d0d6c924559a4e639312e4023ce859e874d923c3
SHA3-384 hash: 0813cfc977c83720fba81f508fab9741468d8902fc37720b0b216e5b588a4b3dd879c3277333edd0d9ce4f2b46458961
SHA1 hash: 266caf9b4504ae8b6819e74036ee19af0313fb9d
MD5 hash: aede0e3fffd02d84321a1a7abb1d65bc
humanhash: berlin-comet-maryland-cola
File name:sxd2.6.exe
Download: download sample
File size:1'611'304 bytes
First seen:2021-05-07 05:16:31 UTC
Last seen:2023-08-27 08:49:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ec8d67e3b31af8bfc9f959d321d7123b
ssdeep 24576:fADekZ97AtnXie8U4mwrCmzRYL3iYWV5udjJP/CY9pq/20e1sCwu:f74mkf4hGgcY9A20eeCwu
Threatray 113 similar samples on MalwareBazaar
TLSH C9758E17F612D4B2D901167135AAD738FDB0A7540E28DAD3F3E9EE2D7C32452962B20E
Reporter starsSk87264403

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Nicht bestätigt 321614.crdownload
Verdict:
Suspicious activity
Analysis date:
2019-10-04 08:30:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5176cad9-1ab8-4da5-82ed-7e9dd8fb3e89

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/152431/
Detection(s):
PUA.Win.Packer.PrivateExeProte-16
Create hunting rule

PUA.Win.Packer.AcprotectUltraprotect-1
Create hunting rule

PUA.Win.Packer.Anti-28
Create hunting rule

PUA.Win.Packer.Anti-29
Create hunting rule

PUA.Win.Packer.Nspack-26
Create hunting rule

PUA.Win.Packer.Nspack-1
Create hunting rule

PUA.Win.Packer.Nspack-25
Create hunting rule

PUA.Win.Packer.Nspack-22
Create hunting rule

Win.Trojan.Generic-9753029-0
Create hunting rule

Win.Packed.Graybird-9753043-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Deleting a recently created file
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/715563
Signature
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Renames NTDLL to bypass HIPS
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01a38195faaf7780f0f600c6d0d6c924559a4e639312e4023ce859e874d923c3/
Threat name:
Win32.PUA.FlyStudio
Create hunting rule
Status:
Malicious
First seen:
2013-10-23 07:35:00 UTC
File Type:
PE (Exe)
Extracted files:
61
AV detection:
13 of 29 (44.83%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
1495a59a2300245b0c8cfdfe2e467de7f79a4d287e10e9119a96cdac0a1b7c5b
2a214959e1a85a4d11444053d4262961ee29e2cc53c3f4ae8f1a59152e5d67f3
485a5454645f5d90d1b3097336b08dcaa9d4b49db9738a2f953e81081002600d
4bb4435958fa48762b34905fc5ac50c78878eccb33252f72cb037d664cb60fc9
4c19c15867d67267bd79c9304bcdfb4ddb894b4d79cf6e127ba4336ad67ba884
94b85015bb3beb57e1810aec53712b8158fa10e3a970b0ee65484be34b3073cd
a578e71d04eae80004ab431497c95fb9779a95dc7f0c60996c24c1cb7139745d
b00ffbe33a4398cdfdb136564f24dfd6ff292b11a9adbc4041aa2a532af6edfb
bd0d884649509aece899372e0bea6f6dbe833b463e35206753dae69a0bc60632
bd668ef292ae01d2ed9a32b1ea054e2acb484f61e86481f306669637ba31ce82
+ 103 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210507-zcsge13khe/
Behaviour
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Checks computer location settings
Unpacked files
SH256 hash:
01a38195faaf7780f0f600c6d0d6c924559a4e639312e4023ce859e874d923c3
MD5 hash:
aede0e3fffd02d84321a1a7abb1d65bc
SHA1 hash:
266caf9b4504ae8b6819e74036ee19af0313fb9d
Link:
https://www.unpac.me/results/caa4fc40-5014-4d55-ba57-d8b62926ad01/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
FlyStudio
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/01a38195faaf7780f0f600c6d0d6c924559a4e639312e4023ce859e874d923c3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 01a38195faaf7780f0f600c6d0d6c924559a4e639312e4023ce859e874d923c3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/227054/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/152431/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-07 06:06:38 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0001.035] Anti-Behavioral Analysis::Process Environment Block BeingDebugged
1) [B0001.025] Anti-Behavioral Analysis::Software Breakpoints
2) [B0001.032] Anti-Behavioral Analysis::Timing/Delay Check GetTickCount
3) [B0012.001] Anti-Static Analysis::Argument Obfuscation
4) [F0001.002] Anti-Behavioral Analysis::Standard Compression
5) [F0002.001] Collection::Application Hook
6) [F0002.002] Collection::Polling
8) [B0030.002] Command and Control::Receive Data
9) [B0030.001] Command and Control::Send Data
10) [C0002.009] Communication Micro-objective::Connect to Server::HTTP Communication
11) [C0002.012] Communication Micro-objective::Create Request::HTTP Communication
12) [C0002.017] Communication Micro-objective::Get Response::HTTP Communication
13) [C0002.014] Communication Micro-objective::Read Header::HTTP Communication
14) [C0002.003] Communication Micro-objective::Send Request::HTTP Communication
15) [C0001.012] Communication Micro-objective::Get Socket Status::Socket Communication
16) [C0001.009] Communication Micro-objective::Initialize Winsock Library::Socket Communication
17) [C0001.006] Communication Micro-objective::Receive Data::Socket Communication
18) [C0001.007] Communication Micro-objective::Send Data::Socket Communication
19) [C0001.001] Communication Micro-objective::Set Socket Config::Socket Communication
20) [C0027.009] Cryptography Micro-objective::RC4::Encrypt Data
21) [C0028.002] Cryptography Micro-objective::RC4 KSA::Encryption Key
22) [C0019] Data Micro-objective::Check String
23) [C0026.001] Data Micro-objective::Base64::Encode Data
24) [C0026.002] Data Micro-objective::XOR::Encode Data
26) [B0023] Execution::Install Additional Program
27) [C0049] File System Micro-objective::Get File Attributes
28) [C0051] File System Micro-objective::Read File
29) [C0052] File System Micro-objective::Writes File
30) [E1510] Impact::Clipboard Modification
31) [C0034.001] Operating System Micro-objective::Set Variable::Environment Variable
32) [C0036.004] Operating System Micro-objective::Create Registry Key::Registry
33) [C0036.003] Operating System Micro-objective::Open Registry Key::Registry
34) [C0036.006] Operating System Micro-objective::Query Registry Value::Registry
35) [C0036.001] Operating System Micro-objective::Set Registry Key::Registry
36) [C0040] Process Micro-objective::Allocate Thread Local Storage
37) [C0017] Process Micro-objective::Create Process
38) [C0038] Process Micro-objective::Create Thread
39) [C0054] Process Micro-objective::Resume Thread
40) [C0041] Process Micro-objective::Set Thread Local Storage Value
41) [C0018] Process Micro-objective::Terminate Process