MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 14da1a1ccadf50f6599e7889e37627b7ebe383b1b482029f94cea57336e864b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 14da1a1ccadf50f6599e7889e37627b7ebe383b1b482029f94cea57336e864b7 |
|---|---|
| SHA3-384 hash: | 1e173f992cd0a1e50cf3251395c91234ce0e64193a0349fe3f6617a40abe4af188055d2820a8168bbce8936282ac0ca2 |
| SHA1 hash: | 2c23d6955d116091e985534eeb9fa551887a4afa |
| MD5 hash: | a14a6c7c46dc2477982d18e2cd4874a5 |
| humanhash: | lithium-diet-monkey-maine |
| File name: | a14a6c7c46dc2477982d18e2cd4874a5 |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 12:29:18 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 3072:+l11/2CZhzs9OrbihvvVyNy6qt30oBaowfYtQAPw2liq4pLthEjQT6j:+l11zZheOrbyvMNy6m3ZliqkEj1 |
| Threatray | 118 similar samples on MalwareBazaar |
| TLSH | 36247ECC73578713E4630E3285F08AB456B8FC6A6BBB572B3945731F0BB15A48C50A6E |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-07 09:27:00 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 108 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
14da1a1ccadf50f6599e7889e37627b7ebe383b1b482029f94cea57336e864b7
MD5 hash:
a14a6c7c46dc2477982d18e2cd4874a5
SHA1 hash:
2c23d6955d116091e985534eeb9fa551887a4afa
SH256 hash:
c4d0194fb1960fa0cee5fd65b3b6d72d4c800ea35af983640d2f38a35ce8f95d
MD5 hash:
c487feb1657f9579f184cfb46a0c1ac2
SHA1 hash:
3982e73a4c07fab9ac7c3fe0ef765296800f6cf0
SH256 hash:
51c37fa4cd0128ffcfabfbb6b0d35b9c5029ec7aa46bfb06724e356baf8a5053
MD5 hash:
651869ab7dcfb3ccf309591e6620e65a
SHA1 hash:
1865d50fde2a8d34f92953ca4da9f28fd1eeda38
SH256 hash:
35cfa589fad65f07a767b4065839e3cc7ac86adcddd7b87af7b80170aa0a3609
MD5 hash:
c3029422ef35e12f5d72fc73d6775a7b
SHA1 hash:
641a98a1b0acfc3549dc62b60a8d81bc0cf00d03
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.