MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17ae41e1fde622159bcfd56e80ce0cdee5edfc147370e77091f17eed192d54e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Adware.Generic

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	17ae41e1fde622159bcfd56e80ce0cdee5edfc147370e77091f17eed192d54e0
SHA3-384 hash:	200e62cc3c1dffaa68125e7a3bdc31fd35d44eb02b8ed6567ae70c50b8c04c3f1c43c3f3b5b0da56cbe9e9846d2b2e19
SHA1 hash:	ccd75faff7c762b8de2ea1d1bd248905c6079ea0
MD5 hash:	6870fc8181ffe34d34aec5bc9da5796d
humanhash:	double-kitten-lactose-kitten
File name:	17ae41e1fde622159bcfd56e80ce0cdee5edfc147370e77091f17eed192d54e0
Download:	download sample
Signature	Adware.Generic Create hunting rule
File size:	1'411'852 bytes
First seen:	2020-06-10 07:36:14 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	29b61e5a552b3a9bc00953de1c93be41 (174 x Formbook, 82 x AgentTesla, 81 x Loki)
ssdeep	24576:0ryGcPEq2ahqB7CEPIBpPeo0uCHhguVJIRgvxSOUyARpI3sl2DxbZKky51xaXswR:0eGSEq2WrBparHh1mgsMCI261ZXy51Y1
Threatray	988 similar samples on MalwareBazaar
TLSH	FC65F1612A96444FD182773CD2EC6F38E1E8CE96283746475B32FC6AF96FA44DE81241
Reporter	JAMESWT_WT
Tags:	Adware.Generic

Intelligence

File Origin

# of uploads :

1

# of downloads :

78

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Downloader.Soft32downloader-6691270-0

Gathering data

Threat name:

Win32.Trojan.MintPorcupine

Status:

Malicious

First seen:

2020-05-26 05:30:53 UTC

File Type:

PE (Exe)

Extracted files:

14

AV detection:

29 of 31 (93.55%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca

04ecc8a39bb1236fb737256d4438f3781141a95d8d55576bd1a7e17a0c8b5aa0

1f9ff29afc60eebf41511416db4988007f3d041744574ac144f88eaf82e52b25

4cd80b1158f28fc2c53e2f84e5ae119bf54cc2507a8d649e649f2cc6458bf2de

5270cd6488da8841fbe6f1fa6b91f7b27be14bfcd52d1f2f3925cc2973ef4944

78b1751491463b0d579eda079654d1dfb9296b98e2867b4fdc765256e5962398

967db64d16674b438203bc9303f8e7ad4f424ada45eb28330dd61295ee86786d

a3c44389aac31e62cd3267525d4cfebbd65c32fbaec918500b606d67b0ea62d8

b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b

e3d039ff4df80a16aec37b13d85f4e75703de36b19694e3a70bae79b2eb46cc5

+ 978 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

persistence

Link:

https://tria.ge/reports/201109-93gx4stsms/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Program crash

Suspicious use of SetThreadContext

Adds Run key to start application

Loads dropped DLL

Uses the VBS compiler for execution

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample