MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16cb299292ac04c37e6eaf76f012ffe975d887bf607e5fae2261e14e3d6036e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16cb299292ac04c37e6eaf76f012ffe975d887bf607e5fae2261e14e3d6036e0
SHA3-384 hash: e67541e2d164e5badf152213c137d2b6c4185895b12bc4efacb92ac16f1ced36a4330ac23279930c9920b619ec27c704
SHA1 hash: 525b78c7a7125fe5ea3c82382c6f31a30aba58ad
MD5 hash: 79426a13892a3ef28da63ccf19fc8fdb
humanhash: november-eleven-lion-island
File name:79426a13892a3ef28da63ccf19fc8fdb.exe
Download: download sample
File size:1'430'528 bytes
First seen:2023-07-11 09:01:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fa06ef46573a32168e85901ecab4ced9
ssdeep 24576:QiHoEayZQBXRD0x+2PZAS9uThpwTrXyxgul8mOOC9/1f/Jh0XFZJxj1fjTC8ocDk:QiIEaBDM+L1wrAlOP/1j01ZjjJUcvw
Threatray 1'996 similar samples on MalwareBazaar
TLSH T1816533E28980E9DDD93C8174FAE7389FB02AFE5E0EDA7690805079D6C67E5007733A15
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.5% (.EXE) Win32 Executable (generic) (4505/5/1)
8.4% (.ICL) Windows Icons Library (generic) (2059/9)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 0812260d4a2d1008
Reporter obfusor
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
270
Origin country :
HK HK
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
79426a13892a3ef28da63ccf19fc8fdb.exe
Verdict:
Malicious activity
Analysis date:
2023-07-11 09:02:41 UTC
Tags:
shellcode remote
Link:
https://app.any.run/tasks/08c614d9-9733-4b54-8335-56ee12b6096d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/415424/
Detection(s):
PUA.Win.Packer.AsprotectSke-3
Create hunting rule

PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Sending a custom TCP request
Creating a file
Enabling the 'hidden' option for analyzed file
DNS request
Sending an HTTP POST request
Enabling autorun by creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug anti-vm packed
Link:
https://www.filescan.io/uploads/64ad1a8b6e9f7019de9f2831/reports/ec834d90-5618-45e7-aa90-bed325c44a88/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/16cb299292ac04c37e6eaf76f012ffe975d887bf607e5fae2261e14e3d6036e0
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/6812495a-72a0-4a9c-b446-36170a0aa476
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1270697
Signature
Antivirus detection for URL or domain
Contains functionality to inject code into remote processes
Contains functionality to modify clipboard data
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/16cb299292ac04c37e6eaf76f012ffe975d887bf607e5fae2261e14e3d6036e0/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-07-11 09:02:06 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c3fsteusvqcmg7tov53paex75f25rb57mb7f7lrcmhqu4plag3qa._file
Verdict:
malicious
Similar samples:
067c0acf256bd3849d7a6a1dfe6b39f79c467d4ff8467a85ae863e3742877c31
152ef5fcd0278e127c3df415018857f3aed0a748160032356786815ccbe870d5
261ec697b5a7215b436d0f6d16c64278ee88d1df97de3f777fc46198500c28c8
5ebeb6f62bdcdd09c794670801e5cb7d3d26139945e0c9f0e43c246033117885
78e27b98a7490de940c39948497894aba3d1408dd3ca2bbaa26430032b0a0bd6
8ccdd89bb9ad7beb60c5e14079bda0fd28aa9b953d89580d439b3fc871605481
9fbeb629ea0dc72ac8db680855984d51b28c1195e48abff2e68b0228f49d5b0f
c5d5a28565277162bc72399c71d38bf329be3a8e5b34140447212533c06a2be2
e867b0089c8de42336fda26cb236f1560fade689995da8761637d45980f16986
+ 1'986 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230711-kzftgafh67/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
a40328d7c9f484ac6707a3f9fe341f1538acb7a1b62c9e0ad9a1946c22400b11
MD5 hash:
ce8bd85ed8775ff3f9ddd2eecabce55c
SHA1 hash:
dac478fc73eabb114c7cbd618867ada118213cea
Link:
https://www.unpac.me/results/451f549d-0719-454e-aa48-5e0e77c6902e/
SH256 hash:
16cb299292ac04c37e6eaf76f012ffe975d887bf607e5fae2261e14e3d6036e0
MD5 hash:
79426a13892a3ef28da63ccf19fc8fdb
SHA1 hash:
525b78c7a7125fe5ea3c82382c6f31a30aba58ad
Link:
https://www.unpac.me/results/451f549d-0719-454e-aa48-5e0e77c6902e/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/415424/

Comments