MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c058d445fe372c647a94e1dfcdb2cb77dedbc9ef6b5a3c0f9bb92b5bdc41542. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YellowCockatoo


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c058d445fe372c647a94e1dfcdb2cb77dedbc9ef6b5a3c0f9bb92b5bdc41542
SHA3-384 hash: 6f4630def2bed85a0f1f30b9988caa6d64789a8ffb61f7618702dd84f7ba6a11dae922b0f97a95e3fdd90279f1982c11
SHA1 hash: fa4f395d3dd6bba168fb12e63194fa9963bc4880
MD5 hash: e93a2abb20d9198bc541e9cd94f4d6ac
humanhash: six-alabama-montana-football
File name:Appendix-C-Acceptance-of-Acknowledgement-of-Policies-and.exe
Download: download sample
Signature YellowCockatoo
Create hunting rule
File size:790'016 bytes
First seen:2023-12-02 10:44:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e569e6f445d32ba23766ad67d1e3787f (264 x Adware.Generic, 41 x RecordBreaker, 24 x RedLineStealer)
ssdeep 6144:4S005y5u11vsH0Db0cHEdzopG5rgfLNWI0bggvVmHuUiVk2yZ/h2kfYYq4qNrCsZ:4S8cmUDowAy0bgTziwE3UCuaWRuB
Threatray 499 similar samples on MalwareBazaar
TLSH T193F4393FB268653EC5AE0B3245739360997BBB61B81B8C1E47F4090DCF664701E3BA56
TrID 46.7% (.EXE) Inno Setup installer (107240/4/30)
25.0% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
18.1% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
4.5% (.EXE) Win64 Executable (generic) (10523/12/4)
1.9% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 64f4d4dce4f2dcd4 (3 x YellowCockatoo)
Reporter abuse_ch
Tags:exe YellowCockatoo

Intelligence

File Origin
# of uploads :
1
# of downloads :
305
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/461874/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Gathering data
Verdict:
Malicious
Labled as:
Win/grayware_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/0c058d445fe372c647a94e1dfcdb2cb77dedbc9ef6b5a3c0f9bb92b5bdc41542
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/45781de2-9e86-410e-8a77-9299a89388d8
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1352020
Signature
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Behaviour
Behavior Graph:
Download SVG
Score:
12%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/0c058d445fe372c647a94e1dfcdb2cb77dedbc9ef6b5a3c0f9bb92b5bdc41542
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c058d445fe372c647a94e1dfcdb2cb77dedbc9ef6b5a3c0f9bb92b5bdc41542/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bqcy2rc74nzmmr5jjyo7zwzmw5663pe66222hqhzxojllpoecvba._file
Verdict:
unknown
Similar samples:
07999a5e3c1019be2d430d0b2fef1c7e2b1b38a96c3bfd9886506bc4f1bf2df7
YellowCockatoo
10abc7e98ee0c33b37460e25d8bc0b4f73670956feda2c1f4ca5551ee5c81ec5
YellowCockatoo
3bd221e945c0da67960f21c8bec0d678ff84f10dcf3b5866ed57a1ced810cbd9
YellowCockatoo
83cb5a6474ba3f6b38ea11c903da87e02122bfe7cb5b5222c8a377514d6a5651
YellowCockatoo
9ecb3553a9b19155cb2022f5620153581a2b370655f66a53caf44cd920330471
YellowCockatoo
9f501e75fa1f86aca08cecdd4b3fe11676a0aebac9f34cbbbfb12f43a2a075ec
YellowCockatoo
cc5af35fe4bd3d1b4ce2fa24698704d682a8bfea94d7d5e7ce9b4d496b68e6f6
YellowCockatoo
ccc6693d703b68b3bd0e697cbff8f1f59cb4b5aed29da770d8000f3dc61917c1
YellowCockatoo
e0270356bde8bc3b16ba817d006958604d690f72b621db019be44faa6cdf4bde
YellowCockatoo
+ 489 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/231202-mtdg9scb63/
Unpacked files
SH256 hash:
0c058d445fe372c647a94e1dfcdb2cb77dedbc9ef6b5a3c0f9bb92b5bdc41542
MD5 hash:
e93a2abb20d9198bc541e9cd94f4d6ac
SHA1 hash:
fa4f395d3dd6bba168fb12e63194fa9963bc4880
Link:
https://www.unpac.me/results/938f577c-ca08-44aa-aa02-777608801649/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0c058d445fe372c647a94e1dfcdb2cb77dedbc9ef6b5a3c0f9bb92b5bdc41542

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/461874/

Comments