MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 0c5f5359cc0e057e46205acd94e818b293d8ccd1211b86c07b4bbcd68fa8a1dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 0c5f5359cc0e057e46205acd94e818b293d8ccd1211b86c07b4bbcd68fa8a1dd |
|---|---|
| SHA3-384 hash: | 29a7617fb1221748227c762680805208d4206fa908d1820e173f91ae90bd208214cf6b1e3218b475b3b1c7eccd3fc931 |
| SHA1 hash: | 214e85b382031631d5129ead8894e3030fa1ff43 |
| MD5 hash: | a85b341635c65c3c54abae7bc1005c67 |
| humanhash: | timing-coffee-colorado-alabama |
| File name: | a85b341635c65c3c54abae7bc1005c67 |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 14:00:06 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 3072:sxlQXG4nG829mcCACAbn2UmODw5LNzrMwowxgco5I3ZIOSkTC4pLthEjQT6j:Sy0XmB5NwwSco5I3ZIOSkTCkEj1 |
| Threatray | 100 similar samples on MalwareBazaar |
| TLSH | CA248D02F948D14BFDA607314CE58F881B656CA95FB2A70BBDDC371EA97B3188C05B52 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows directory
Running batch commands
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a process from a recently created file
Launching the default Windows debugger (dwwin.exe)
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-07 18:56:47 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 90 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
9/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Drops file in System32 directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
0c5f5359cc0e057e46205acd94e818b293d8ccd1211b86c07b4bbcd68fa8a1dd
MD5 hash:
a85b341635c65c3c54abae7bc1005c67
SHA1 hash:
214e85b382031631d5129ead8894e3030fa1ff43
SH256 hash:
5dc7af1e5378f25d96c4b4d293ab955a8bb14966ac2bc521475f296a3e6cb7f2
MD5 hash:
82ed304b44c2f7e4a8756e2f6b02faa0
SHA1 hash:
6de56dd9be78ebd69644fda4d2e14f8ab09264ba
SH256 hash:
9ca93093a78c39ed0e7d6b3ad16453fa517b6ae6d20a5574d536d4524ee8d8b5
MD5 hash:
bc3655d458fc823b82e91efab8df25fe
SHA1 hash:
308a4d8413718e476cf631356989d54a6cac0e8b
SH256 hash:
9809e691fea53af2e326bae5e5d036b37d3d0437cc99fa0eaa851e7103404cd0
MD5 hash:
749c4083b59705ec6140381b3da3685b
SHA1 hash:
4273e9fbbda8df69b1edb56a98b5eb6c8601d911
SH256 hash:
15152dca99a73cdcb38cb7307fb48087b9c8ebd197c3a6b2444bc3c7626496f4
MD5 hash:
d1b27df75507f32898ba6736a4472673
SHA1 hash:
7c1134509467afc41da1832be422daccfa0f43dc
SH256 hash:
b4030b45e0fe159e497b84698e05b756e48a5e7228b8c2c1100485c0b9685386
MD5 hash:
b7dc95fbaa1792c92a513b65745f8daa
SHA1 hash:
b0a4db08ea42324c6eeeece46eab8328ccb4614e
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.