MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11be2cdb534fa637fe2f9e0c6953c49d0b257588c7d835297c928a6ff92b0e2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 3 File information Comments

SHA256 hash:	11be2cdb534fa637fe2f9e0c6953c49d0b257588c7d835297c928a6ff92b0e2b
SHA3-384 hash:	365f9008b7ae02b1a4b246d94dbcf05f4a55e32f79b36d1ca9a8d2be22b9add258b54177e638d49932f6e397403f6999
SHA1 hash:	6d9fc1c6dc71895e8d269ea7427bc0ef38e0d128
MD5 hash:	9e0fa39f3df0cb90ed89414341d3d2c1
humanhash:	stream-cardinal-spaghetti-yankee
File name:	SecuriteInfo.com.Adware.Softcnapp.80.20499.27466
Download:	download sample
File size:	2'437'232 bytes
First seen:	2022-04-14 10:33:49 UTC
Last seen:	2022-04-20 10:21:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	6054ee25fc768440c51538b5d2050c22
ssdeep	49152:0HgpRwa+IipD13UtGiFkWEsRi6AUX+JfWF1UI:0HgpktJQkWZPAi+JfG
TLSH	T1ACB5BF25FFD5C1B2EAA3267864B6632BED366E152320CCC7D2813E0549312D1A93E75F
TrID	40.3% (.EXE) Win64 Executable (generic) (10523/12/4) 19.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 17.2% (.EXE) Win32 Executable (generic) (4505/5/1) 7.7% (.EXE) OS/2 Executable (generic) (2029/13) 7.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	9aacccccca80e0b8 (1 x Adware.Softcnapp)
Reporter	SecuriteInfoCom
Tags:	exe signed

Code Signing Certificate

Organisation:	Shanghai Oriental Webcasting Co. Ltd.
Issuer:	VeriSign Class 3 Code Signing 2010 CA
Algorithm:	sha1WithRSAEncryption
Valid from:	2017-10-13T00:00:00Z
Valid to:	2019-11-12T23:59:59Z
Serial number:	30057d6e260d0a17ffad1bdaf667ebf4
Thumbprint Algorithm:	SHA256
Thumbprint:	7f2537177f13da2e8c4db964c7ef6b599bb451de097ac32e28ceda9258cc8b11
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

273

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Adware.Softcnapp.80.20499.27466

Verdict:

Malicious activity

Analysis date:

2022-04-14 10:38:31 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/cc805399-9c18-42ee-b14d-b317ced6c5f8

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/263649/

Detection(s):

SecuriteInfo.com.Adware.Softcnapp.80.20499.27466.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

Creating a window

Сreating synchronization primitives

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/13870/overview

Behaviour

MalwareBazaar

MeasuringTime

CPUID_Instruction

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

CheckCmdLine

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug explorer.exe fingerprint greyware hacktool overlay packed

Link:

https://www.filescan.io/uploads/6257f8a6eab80a7a6c121789/reports/edd42651-926c-45fb-b907-26b5a76c919a/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/d7f46ec9-9896-4d4c-8837-75b598e4ecc9

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

54 / 100

Link:

https://www.joesandbox.com/analysis/976735

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Contains functionality to infect the boot sector

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/11be2cdb534fa637fe2f9e0c6953c49d0b257588c7d835297c928a6ff92b0e2b/

Threat name:

Win32.PUA.SoftCnapp

Status:

Malicious

First seen:

2019-07-10 20:14:57 UTC

File Type:

PE (Exe)

Extracted files:

141

AV detection:

22 of 42 (52.38%)

Threat level:

1/5

Verdict:

malicious

Result

Malware family:

n/a

Score:

6/10

Tags:

discovery

Link:

https://tria.ge/reports/220414-ml4dqabab6/

Behaviour

Drops file in Windows directory

Checks installed software on the system

Unpacked files

SH256 hash:

11be2cdb534fa637fe2f9e0c6953c49d0b257588c7d835297c928a6ff92b0e2b

MD5 hash:

9e0fa39f3df0cb90ed89414341d3d2c1

SHA1 hash:

6d9fc1c6dc71895e8d269ea7427bc0ef38e0d128

Link:

https://www.unpac.me/results/1f4a64fb-ea2a-4877-873f-2d33296f2ef6/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.33

Link:

https://yomi.yoroi.company/submissions/11be2cdb534fa637fe2f9e0c6953c49d0b257588c7d835297c928a6ff92b0e2b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Agent_BTZ Create hunting rule

Rule name:	Agent_BTZ Create hunting rule

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/263649/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample