MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 1156ea9866d467a88aff992944f8d1972e0767ea288f9234e1c08a4ac4b02c71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 4
| SHA256 hash: | 1156ea9866d467a88aff992944f8d1972e0767ea288f9234e1c08a4ac4b02c71 |
|---|---|
| SHA3-384 hash: | c2eb0bdc76bedc9d817db24495fe637f41dddcea5dda2b8b113afd7286189d2a984e097e033a09da8f26bb62a096f6c0 |
| SHA1 hash: | 4967ab52e2446a37201564b1b8d3f4b31335051e |
| MD5 hash: | 2ae83eccb58d0480f4a51bdb28637d53 |
| humanhash: | fix-enemy-orange-six |
| File name: | a8478e47875a52765f755f7d703a3350 |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 14:11:41 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 3072:iR1xH4K8utt8ont2CxepcfXKPTOdhLT9Ei0FNMLdrZOQDTfn4pLthEjQT6j:iN/8unxt96wLT9EiqNMLdrwQnkEj1 |
| Threatray | 165 similar samples on MalwareBazaar |
| TLSH | EB248D1176668543F53317358CE7C7A01FA97C1AAFE8828B32D1774E24F1A688F66B31 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Creating a file in the Windows directory
Creating a process from a recently created file
Launching the default Windows debugger (dwwin.exe)
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Result
Verdict:
0
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-17 14:13:28 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 155 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
9/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Drops file in System32 directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
1156ea9866d467a88aff992944f8d1972e0767ea288f9234e1c08a4ac4b02c71
MD5 hash:
2ae83eccb58d0480f4a51bdb28637d53
SHA1 hash:
4967ab52e2446a37201564b1b8d3f4b31335051e
SH256 hash:
8b75c856696391217b088cd19caa146c1c0c9e5c10d7661e3cbc8e7095440171
MD5 hash:
428b686b2a11788a579a24f80e6e3075
SHA1 hash:
67cd59fe17b12f258452bcc56f677def3f9ed31c
SH256 hash:
12812a77129ad241bdfeaf33ec0adf1d04d544bd745f0a06275741f95890e009
MD5 hash:
15808eb9328fb9d82c29de9a2b79cab0
SHA1 hash:
5e5f685184a4a8a25ccca5f4d5d37acf3dcaa2e6
SH256 hash:
4ef069a6eb3777d8ea5623b4c603221cafa5ce6506934053d4658e7c05801e84
MD5 hash:
f163d5fe6f387cd80e7a9095d471c500
SHA1 hash:
b4d2731898b6e70f33204078f6bc64eb8244c2f1
SH256 hash:
3724c89aa816f7b1f79b1decc35a5a3241c29ffd59095259385fd2537ae990cb
MD5 hash:
2fb6c71a6cb2246df60cdbb67cbb4649
SHA1 hash:
f00f2c304175f9233483b9efcca9cbbb6fbc1657
SH256 hash:
ec38090e3474fca9e6c86b5c004495ea0629229368503555fa4aa13020130ff9
MD5 hash:
695aa795a516ac1a9bbc5f865f7ae858
SHA1 hash:
5d2e931068f93660e1e8d07eb7b4299cc8cb1803
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.