MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 03a54d3b7cf0d1f321fcb5453df8a03ce9578f6c807611ba00ce0fa27711e2c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 03a54d3b7cf0d1f321fcb5453df8a03ce9578f6c807611ba00ce0fa27711e2c6 |
|---|---|
| SHA3-384 hash: | 52f3e68fdbe702b246a76a8fc2538d0e8e148438e09c143ff11968b042f67b93c80b9b70109b976fe4cf1bc776bfdac2 |
| SHA1 hash: | 8daf492ddb18cd33b3145b13be91032b47b1e07c |
| MD5 hash: | 85d698942778f2cafa49fb94bf0b615c |
| humanhash: | low-lactose-ack-carolina |
| File name: | a05e86b151d667bcf01926ca04a68690 |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 12:25:42 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 3072:YAkwlzfagygo1rBcvANgGp7gMc+/dQ2lV+GVQMoO+sT1cXMw4pLthEjQT6j:YAjrygo1FvKGV1c+Co+7RbkEj1 |
| Threatray | 72 similar samples on MalwareBazaar |
| TLSH | 67246B953AF18453D4EB033A89FAD6FCDE707D679F12963B2044336E69733A82A15720 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows directory
Running batch commands
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a process from a recently created file
Launching the default Windows debugger (dwwin.exe)
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-17 12:31:06 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 62 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
9/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Drops file in System32 directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
03a54d3b7cf0d1f321fcb5453df8a03ce9578f6c807611ba00ce0fa27711e2c6
MD5 hash:
85d698942778f2cafa49fb94bf0b615c
SHA1 hash:
8daf492ddb18cd33b3145b13be91032b47b1e07c
SH256 hash:
3e8ded7cc67f6bc20d1cd03e1e4eb123a56d6e88393ded77061d92bf77f7e63d
MD5 hash:
32391bbf9b672072f3d9de8680a896f5
SHA1 hash:
611da2ff9557bdb3a0b34605338501b7fb61503c
SH256 hash:
a07d5dce81b2d5921753eb0ca3507f6b3cbff9bdbb26aa1156ea3ea1765d3456
MD5 hash:
1052a4a001de4e5162d838e25e573ec7
SHA1 hash:
7edb0a9449cf4a1679de7a5fc7e5d9749c393399
SH256 hash:
53954f5f482ba98ca5fc8c3a7df6bd452b39bd69080fed4d6ed76bf8db9dfa32
MD5 hash:
0e1911edbcbdf8c8ee2b5bca0439aa34
SHA1 hash:
ea297328d5a67e187836a11dc1a6b47b346c1e19
SH256 hash:
0281d4e96b6cd03a86ea18e5c4aa4d3af3deae59ceef9a2b09330aa4d7753c22
MD5 hash:
68a6c264897db08c0b67ee9692fdb167
SHA1 hash:
37036e9887ea448a7421034aa08fa6d50df78754
SH256 hash:
3f99bd274d2962a00a8ed117af21ac05d989301166fb57067b23beca9d249f9b
MD5 hash:
63a5551b79e9441cb80678a3da8f6ea3
SHA1 hash:
fb94f69466fc049f18dbd5c04d81a209b6e01c2e
SH256 hash:
d6b6833f08d247f9d291012e9e00029ea80de115694dfc304ad6c867e0f73eee
MD5 hash:
6ac395193dcbd8b61ba2b19ffc9b281d
SHA1 hash:
187f30134d865fb29a0c996d10899073fdcb570f
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.