MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1033ae0d84ffe67b1ce97be7e5543c269b720f0591025315d5cb6abff379225f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1033ae0d84ffe67b1ce97be7e5543c269b720f0591025315d5cb6abff379225f
SHA3-384 hash: bf59eaf9638053f309868e5f53e08c23a7694ce7b09b00e4dcc093660770bf9295192d6b90ad3b8f6e3808306a84d557
SHA1 hash: 026e52f062e9c7ed0974a31dc37c2d3ab1f2a5a9
MD5 hash: bbcda77f5d80bcff9dc400fa580c79d7
humanhash: iowa-seven-early-eighteen
File name:SecuriteInfo.com.HackTool.Win32.DefeatDefend.5960.25155
Download: download sample
File size:929'280 bytes
First seen:2024-02-06 03:00:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c07a5e2247b48b561b9ee6a9e632f518 (2 x DCRat)
ssdeep 24576:vGzl9+a4Ne1nEFI56xU+0IdY2Zv952uetfbFEzP4UFhOpEc:v+tOWnEFZR0El0JEzQAhYF
Threatray 159 similar samples on MalwareBazaar
TLSH T15F158C62B3C3C1B2EFA215F3C5B95376193CB879173889CB73D4282ED9A16C06A75319
TrID 42.1% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
22.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
9.5% (.SCR) Windows screen saver (13097/50/3)
7.7% (.EXE) Win64 Executable (generic) (10523/12/4)
4.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon 9084c2d964b44e22 (1 x DCRat)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
370
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/474791/
Detection(s):
SecuriteInfo.com.HackTool.Win32.DefeatDefend.5960.25155.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
fingerprint hook keylogger lolbin packed shell32
Link:
https://www.filescan.io/uploads/65c1a0f219fc380914234013/reports/27aeb83d-718e-4426-8046-51d25f9bc01a/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/1033ae0d84ffe67b1ce97be7e5543c269b720f0591025315d5cb6abff379225f
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/52a3e6bc-2f4e-40a3-8b35-5d5a7a437e73
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1387259
Signature
Contains functionality to register a low level keyboard hook
Installs a global keyboard hook
Multi AV Scanner detection for submitted file
Sample or dropped binary is a compiled AutoHotkey binary
Uses Windows timers to delay execution
Behaviour
Behavior Graph:
Download SVG
Score:
59%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/1033ae0d84ffe67b1ce97be7e5543c269b720f0591025315d5cb6abff379225f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1033ae0d84ffe67b1ce97be7e5543c269b720f0591025315d5cb6abff379225f/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=caz24dme77thwhhjppt6kvb4e2nxedyfsebfgfovznvl743zejpq._file
Verdict:
malicious
Similar samples:
02392dadd74d3a180bfe79b12cb1b361515a42b7aef57ddc8a76f0112fedfa7d
1033ae0d84ffe67b1ce97be7e5543c269b720f0591025315d5cb6abff379225f
248b0f8740d4c1772675dd789d4995e00ef5b9ed8503e5760cd2eb6e731aff90
3c4d586eac09b997f57af9b6679569bc9b321941754b008f45b801c196cab03c
6ade40b71ee50ca95629aaa593bc8f48335ff0eee6c47c3a1dcaacbd9f1eaf42
db0e7ecf7d7934cc0a0620372cb5dfb554efab090662b51830097dac3d37ca87
de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a
+ 149 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240206-dhwp2afger/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
1033ae0d84ffe67b1ce97be7e5543c269b720f0591025315d5cb6abff379225f
MD5 hash:
bbcda77f5d80bcff9dc400fa580c79d7
SHA1 hash:
026e52f062e9c7ed0974a31dc37c2d3ab1f2a5a9
Link:
https://www.unpac.me/results/aaa3641e-0410-4c75-84ff-ecd95e4ec93a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1033ae0d84ffe67b1ce97be7e5543c269b720f0591025315d5cb6abff379225f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/474791/

Comments