MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 1678ed79e7ad6d5c009128fa4c0f8f083d8ba24ab0a23a2c079080ceb4ba790a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 1678ed79e7ad6d5c009128fa4c0f8f083d8ba24ab0a23a2c079080ceb4ba790a |
|---|---|
| SHA3-384 hash: | 9d9c298155940a3a09ac9d9a6f3e0e56584706bad1653dbd4fe8cfc13801736735d103518bfe585c54fb7c0e3c38ccce |
| SHA1 hash: | 22e13dd82b42fbf79a7b7fef80db51c7f675b763 |
| MD5 hash: | a021773b0d0168be8f660b652690f363 |
| humanhash: | maine-may-harry-one |
| File name: | a021773b0d0168be8f660b652690f363 |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 11:24:16 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 6144:0N15gkIQfFD1oxrBoj2UJFq0zZr50qvQQ0MkEj1:4tFD1oa/RFr5dcMkC |
| Threatray | 53 similar samples on MalwareBazaar |
| TLSH | 84248D413793C2A3D05721BC44E2D6701E39FDA7AFBA906F3695732F2D722628625371 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a window
Creating a file in the Windows directory
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Creating a file in the Windows subdirectories
Result
Verdict:
0
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-07 18:49:56 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 43 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
1678ed79e7ad6d5c009128fa4c0f8f083d8ba24ab0a23a2c079080ceb4ba790a
MD5 hash:
a021773b0d0168be8f660b652690f363
SHA1 hash:
22e13dd82b42fbf79a7b7fef80db51c7f675b763
SH256 hash:
0845f0ea4bb26fe9f9ad9274735098b9f8df1a96a708adeb92ce49ed616f214e
MD5 hash:
bf8b6c1906e41a8b059232adbedddd9a
SHA1 hash:
998986e27b3a8e8c45a1e4d6b94f8cc8d97be2d6
SH256 hash:
1d99c167d61fbe11c8ae3780169c5a924c0006d3fd840cdd10c8488eab8d20f8
MD5 hash:
ec221e07058f2b32c19a3d9e38fdea19
SHA1 hash:
0a5e0bb38c9be677f59fdfba8cd6ecd5ed0cfb5a
SH256 hash:
337f8eb4da9395bc1ec119199f3b567fbd23e14cc78202df361bd0db68052afb
MD5 hash:
8f8c270bb9b6ebf8232e0257fdd7432c
SHA1 hash:
930d7d967c8a63fb9a9b9cdd46a683b54f4f714c
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.