MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 088fb74bd478543cca2e9746a1f86f84cefbc5876137c09bbe53e6f3e79fda9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 088fb74bd478543cca2e9746a1f86f84cefbc5876137c09bbe53e6f3e79fda9c |
|---|---|
| SHA3-384 hash: | e35cde0603a41378db78a02885edea3af6e92c6f6cded889f2d92acb5b218bd70372edcc90bdf12dc21f7a579f610536 |
| SHA1 hash: | 4a480a05a18a0a995da4f7538dbcce905434ca02 |
| MD5 hash: | 70158023c2abb45f1e16134572f16c44 |
| humanhash: | salami-may-lion-single |
| File name: | 70158023c2abb45f1e16134572f16c44 |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 12:13:47 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 6144:PTrhKR9nXPxe1ylY8ISS94ztXaj9sXYaQUoMUIU+okEj1:7rn0tXgsXKRIU+okC |
| Threatray | 82 similar samples on MalwareBazaar |
| TLSH | 9C248D0BB352A612D3F707B05CE686712A3B7D92AB7282073A5533FEA9F15D089117DC |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-09-29 08:25:48 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 72 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
088fb74bd478543cca2e9746a1f86f84cefbc5876137c09bbe53e6f3e79fda9c
MD5 hash:
70158023c2abb45f1e16134572f16c44
SHA1 hash:
4a480a05a18a0a995da4f7538dbcce905434ca02
SH256 hash:
aab3d882beb3a3d1ce3246b7a18e2f7e6f7f6647399ed937c53cad54539cd7b6
MD5 hash:
24b89c29bfe61398106ae88faad5626a
SHA1 hash:
d502a0585754346147d1f24f8cd31cc938f8c3cf
SH256 hash:
e61f27b60659b184b569beb14e448412bf68a2d6a6f6f00229fa424eb7a17592
MD5 hash:
22dd5ec3c02035c5fede0de65c0f44d9
SHA1 hash:
a1e04903ac7b99a146f741deccc42872a957e049
SH256 hash:
895481ac7088f502ce31017f2e00db750f6e0016ae492b0e3202085068e61bd0
MD5 hash:
da37404ab600691e8046a0b9f53b14a6
SHA1 hash:
10de10bbb1bb38e897d43ce09820e02448781f6b
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.