MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b6e07ef164c3e95b735471b8591de2622478afa19c0aa3dc6cacbf960f48a82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 3 File information Comments

SHA256 hash:	0b6e07ef164c3e95b735471b8591de2622478afa19c0aa3dc6cacbf960f48a82
SHA3-384 hash:	1059b5d37b84832102753850ab950bb172352c167bbf6d65620676b243c92d3c35530de9975d2a72886ca1c8c3ff8dda
SHA1 hash:	d6d7ca1a3fa7a8a6552979374f0c14145a1aa312
MD5 hash:	44f2272b05bb7b02198c3dfdef3faf9d
humanhash:	london-delta-hawaii-ohio
File name:	SecuriteInfo.com.Trojan.SMSSend.3052.27664.18035
Download:	download sample
File size:	1'333'614 bytes
First seen:	2023-10-10 10:41:44 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e710feb0eb6204d1acb452f545c64c30
ssdeep	24576:duQNJ8TSyy5EI+vO1nyzWozeiQCp3P+vK/cRgOnmq9g6IB36rKX6RB6:duQNIAyc2Woz3H3PhcOU7m6slM6
Threatray	31 similar samples on MalwareBazaar
TLSH	T1E65523F564ABCC87EB14D63F8410BD30466719B2539B8BBADAC8333FF562125EE15086
TrID	35.7% (.EXE) Win32 Executable (generic) (4505/5/1) 16.4% (.EXE) Win16/32 Executable Delphi generic (2072/23) 16.0% (.EXE) OS/2 Executable (generic) (2029/13) 15.8% (.EXE) Generic Win/DOS Executable (2002/3) 15.8% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):
dhash icon	cca2aeccc486acdc
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

279

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/452888/

Detection(s):

PUA.Win.Packer.Asprotect-3

SecuriteInfo.com.Trojan.SMSSend.3052.27664.18035.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Creating a window

Searching for synchronization primitives

Sending a custom TCP request

Gathering data

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

asprotect lolbin ntkrnl_protector overlay packed packed packed shell32

Link:

https://www.filescan.io/uploads/65252aa040343f27c675a3ac/reports/d0d8c970-f11a-433f-92dd-174e47dd76da/overview

Verdict:

Malicious

Labled as:

Malware

Link:

https://www.hybrid-analysis.com/sample/0b6e07ef164c3e95b735471b8591de2622478afa19c0aa3dc6cacbf960f48a82

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/f0f0c9ef-fce4-455f-a2dc-5439bdc6e3a6

Result

Threat name:

n/a

Detection:

malicious

Classification:

spyw.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1322741

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to modify clipboard data

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

PE file has nameless sections

Uses Windows timers to delay execution

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0b6e07ef164c3e95b735471b8591de2622478afa19c0aa3dc6cacbf960f48a82/

Threat name:

Win32.Trojan.Zilix

Status:

Malicious

First seen:

2013-01-09 07:58:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

31 of 38 (81.58%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bnxap3ywjq7jlnzvi4nyleo6eyrepcx2dhakupogzlf7syhurkba._file

Verdict:

malicious

3b946a58ce49ce435f861f868a19dce47bbdde166a5826826097bd04a13ec74b

5ebeb6f62bdcdd09c794670801e5cb7d3d26139945e0c9f0e43c246033117885

755e0cf8d26a723b697ab65a8bcd4a5d2131e0971a3ac959310167a0cae1e622

a245bb21af350757ae0eebbd3e8a13332f48a02393cf508e2668835cc98e6dc6

a2f37daa119ae896f8303f16cadd0845e1e30a6fe2b922f22b8a53b6c475ccf7

dbec57abc15cb077528aae8afe7bfbc5f8e16f819d04a35d85c0d09ea19c1867

+ 21 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/231010-mrqptaeh55/

Unpacked files

SH256 hash:

76f484fdb1caf2c3cbe10f5f14d7f984970acfd78b6e9da7e4622bdf5218b604

MD5 hash:

542991bd01dd525a996ea84debbb15e5

SHA1 hash:

858df109281902e7493dd36c6f9ca2e31e64a63b

Link:

https://www.unpac.me/results/802c52f9-cfe2-4435-8755-c15830520b56/

SH256 hash:

0b6e07ef164c3e95b735471b8591de2622478afa19c0aa3dc6cacbf960f48a82

MD5 hash:

44f2272b05bb7b02198c3dfdef3faf9d

SHA1 hash:

d6d7ca1a3fa7a8a6552979374f0c14145a1aa312

Link:

https://www.unpac.me/results/802c52f9-cfe2-4435-8755-c15830520b56/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.55

Link:

https://yomi.yoroi.company/submissions/0b6e07ef164c3e95b735471b8591de2622478afa19c0aa3dc6cacbf960f48a82

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	ASProtect13321RegisteredAlexeySolodovnikov Create hunting rule
Author:	malware-lu

Rule name:	ASProtectv123RC1 Create hunting rule
Author:	malware-lu

Rule name:	ASProtectv12xNewStrain Create hunting rule
Author:	malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/452888/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample