MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 0f3750ad15660c490b362e4ef40d1eadd1fe8381e6bcb07db32f5a6cc77aebc6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 4
| SHA256 hash: | 0f3750ad15660c490b362e4ef40d1eadd1fe8381e6bcb07db32f5a6cc77aebc6 |
|---|---|
| SHA3-384 hash: | eea0132368abf49d39b3cd15ce50ed5f5365b3e320df25f3f471e43bc117cbde896df90500af34c48f7523176f21d70f |
| SHA1 hash: | 18628e04d8a1abd0f7434f3d5a5feca00c7f41b5 |
| MD5 hash: | 60070fe395899d6a0a1e8f578a31ce73 |
| humanhash: | whiskey-blossom-robert-edward |
| File name: | a68e8d09f099b8b44d504aead7ee2250 |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 14:46:28 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 3072:wlltj5jb+JmpAdC4OP+ZIF5BIR39XsWPMpFhxbNgcMFDSPb34pLthEjQT6j:BmNSITBi39X9uFhxbKcMgkEj1 |
| Threatray | 161 similar samples on MalwareBazaar |
| TLSH | 46247C81F75D8103D26B073588ED8A946BBAFC65BF31BB9B7985335F0C782158828B71 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-17 14:48:37 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 151 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
0f3750ad15660c490b362e4ef40d1eadd1fe8381e6bcb07db32f5a6cc77aebc6
MD5 hash:
60070fe395899d6a0a1e8f578a31ce73
SHA1 hash:
18628e04d8a1abd0f7434f3d5a5feca00c7f41b5
SH256 hash:
4228cb04b89b8e66c50c6961bc1c76cc7a8fb232dc4cb1c33b00b6be9b6ccb31
MD5 hash:
81afafa01bde5540043398912137ac97
SHA1 hash:
7c483fe36f6597f267f543cf6872bfef3dd75c6b
SH256 hash:
bdc61bfe9031e68770717ea606bdf8cc8321f4d7003c303dca4c2e86b4a52c3a
MD5 hash:
ce1a11c071613b50f2d9adcb4a01e6c9
SHA1 hash:
c30389868b498f1645a022a8a7b555595b7c03d2
SH256 hash:
f5f1397ac8067ba62a7921f22f6b1bc3705bedec160a173b7adea3f866d9ea79
MD5 hash:
ed13d9a8e5ebae4279d5b3183cede2a7
SHA1 hash:
50778e84db8ce10b5340bc33a000a27c91ea8b80
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.