MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 1473388d4a4056bbc7ef3a0c2f9dbfedcef34d224efb75a285a70b21e0fa5c81. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 1473388d4a4056bbc7ef3a0c2f9dbfedcef34d224efb75a285a70b21e0fa5c81 |
|---|---|
| SHA3-384 hash: | 44c2ae6fdb3807133ed69eaa8235fc0cba02c592096460cd41f686b5600b504e739c36123f424901ffc8cf824dd9a250 |
| SHA1 hash: | 895f1751ba0bd80280ca77a2d4a4cdfe3de6a603 |
| MD5 hash: | 165844dcf27c62020fd5e041763a25e0 |
| humanhash: | double-zebra-december-south |
| File name: | a003a3dd12d6d1f5ea1f547e1eb73cea |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 12:13:12 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 3072:yRjB7Vj1h1OKsvkdC/1EDv1c08eXara/P/1V83pcL4pLthEjQT6j:yRjB73h1OKsV4THNVYWkEj1 |
| Threatray | 84 similar samples on MalwareBazaar |
| TLSH | 83248D9235C4C0A3D9A7173459D6EAF429287D22BF72930BAAD0330ECD353D92D25B67 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a window
Creating a file in the Windows directory
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Creating a process from a recently created file
Launching the default Windows debugger (dwwin.exe)
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-17 12:17:43 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 74 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
9/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Drops file in System32 directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
1473388d4a4056bbc7ef3a0c2f9dbfedcef34d224efb75a285a70b21e0fa5c81
MD5 hash:
165844dcf27c62020fd5e041763a25e0
SHA1 hash:
895f1751ba0bd80280ca77a2d4a4cdfe3de6a603
SH256 hash:
f43f6694695dfa627607a37e651bee3630d8681cae1ce66a94e75fa936db0ebc
MD5 hash:
f0c396395a1fe8deee397614897d134d
SHA1 hash:
abf350709533af9953689bd2a29c645413beb538
SH256 hash:
3b63535687b63b010232d64174a6f2a7599db2454a84bd515dd1d236b0fe3adb
MD5 hash:
16c77bec5f87253d4a78304279958b5d
SHA1 hash:
d04cbf55a2b588a84c4e4885e40e1794d88ee6e4
SH256 hash:
e15f4c5a72c8043dbb03b545b394444109446b8270c671f659f94d94d850d306
MD5 hash:
92eccf59c8ed0bb6c26b0158cea273fa
SHA1 hash:
bbed7f334b9293ddbc572311a7a4fa2ea7ebdc85
SH256 hash:
d6b6833f08d247f9d291012e9e00029ea80de115694dfc304ad6c867e0f73eee
MD5 hash:
6ac395193dcbd8b61ba2b19ffc9b281d
SHA1 hash:
187f30134d865fb29a0c996d10899073fdcb570f
SH256 hash:
70dc1fbec559ec2c33f3464c2476ea8bebad6e0fe8e7e16eb6459f35fcaa956f
MD5 hash:
fac781e760402f3f6486e9d1c604f45c
SHA1 hash:
a26cfb7429cc34262e5919539a956be2cab7ce4a
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.