MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1af31e070d760cc3dfbee776d2172de9e08ff25e1315c8e8032aac23c7df3d53. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	1af31e070d760cc3dfbee776d2172de9e08ff25e1315c8e8032aac23c7df3d53
SHA3-384 hash:	8d2bf9a7f9aaaa963e85da93c215b49b62a73bbe9232ec5ccececa191e0a08ed1880bce33d309e4352e17064db5d591c
SHA1 hash:	218fdbae598cf60e901822d834b16c474b1af629
MD5 hash:	be4eb7d63ad25d78ba86ec8540ed7f2b
humanhash:	fillet-washington-uncle-spaghetti
File name:	be4eb7d63ad25d78ba86ec8540ed7f2b.exe
Download:	download sample
File size:	39'810 bytes
First seen:	2024-12-10 06:09:12 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	015950177a65feccbef8450ed6d6a55c
ssdeep	768:BSuEBr5TxZ3ILakH+MQTbTf1YK5dEde6w4tKmc3K1RHpuiCYycRoGpj:5ErPZ3IBZcbTfu1HlrJFCPcbj
TLSH	T1F603298196E8C0BBF9F20FB1297145519EB3FC2108B5D45F9304DE8E7932A85C92DB6B
TrID	37.3% (.EXE) Win64 Executable (generic) (10522/11/4) 17.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 15.9% (.EXE) Win32 Executable (generic) (4504/4/1) 7.3% (.ICL) Windows Icons Library (generic) (2059/9) 7.2% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

377

Origin country :

Vendor Threat Intelligence

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6757db3c4a662cb5265744bc

Tags:

injection

Result

Verdict:

Clean

Maliciousness:

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

microsoft_visual_cc

Link:

https://www.filescan.io/uploads/6757db3c5194a7f476f5198d/reports/8c1bd931-e713-45a3-bb7c-605d758a85be/overview

Verdict:

Suspicious

Labled as:

Malware_44.6

Link:

https://www.hybrid-analysis.com/sample/1af31e070d760cc3dfbee776d2172de9e08ff25e1315c8e8032aac23c7df3d53

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/7990201a-2826-4391-8714-13d4282d23ae

Result

Threat name:

n/a

Detection:

unknown

Classification:

n/a

Score:

1 / 100

Link:

https://www.joesandbox.com/analysis/1572155

Behaviour

Behavior Graph:

Download SVG

Score:

74%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/1af31e070d760cc3dfbee776d2172de9e08ff25e1315c8e8032aac23c7df3d53

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1af31e070d760cc3dfbee776d2172de9e08ff25e1315c8e8032aac23c7df3d53/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dlzr4bynoygmhx56453nefzn5hqi74s6cmk4r2adfkwchr67hvjq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/241210-gw2d8awkfw/

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/f8d75c01-b10e-498c-bf88-f4e18c28b61d

Unpacked files

SH256 hash:

1af31e070d760cc3dfbee776d2172de9e08ff25e1315c8e8032aac23c7df3d53

MD5 hash:

be4eb7d63ad25d78ba86ec8540ed7f2b

SHA1 hash:

218fdbae598cf60e901822d834b16c474b1af629

Link:

https://www.unpac.me/results/7214e12d-16d0-4543-b059-a4e2f6f3162b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1af31e070d760cc3dfbee776d2172de9e08ff25e1315c8e8032aac23c7df3d53

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 1af31e070d760cc3dfbee776d2172de9e08ff25e1315c8e8032aac23c7df3d53

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2944285/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Reviews

ID	Capabilities	Evidence
SHELL_API	Manipulates System Shell	SHELL32.dll::ShellExecuteW SHELL32.dll::SHFileOperationW SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CreateProcessW KERNEL32.dll::OpenProcess KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::LoadLibraryW KERNEL32.dll::LoadLibraryA KERNEL32.dll::LoadLibraryExW KERNEL32.dll::GetDiskFreeSpaceW KERNEL32.dll::GetCommandLineW
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::CopyFileW KERNEL32.dll::CreateDirectoryW KERNEL32.dll::CreateFileW KERNEL32.dll::DeleteFileW KERNEL32.dll::MoveFileW KERNEL32.dll::GetWindowsDirectoryW
WIN_REG_API	Can Manipulate Windows Registry	ADVAPI32.dll::RegCreateKeyExW ADVAPI32.dll::RegDeleteKeyW ADVAPI32.dll::RegOpenKeyExW ADVAPI32.dll::RegQueryValueExW ADVAPI32.dll::RegSetValueExW
WIN_USER_API	Performs GUI Actions	USER32.dll::AppendMenuW USER32.dll::EmptyClipboard USER32.dll::FindWindowExW USER32.dll::OpenClipboard USER32.dll::PeekMessageW USER32.dll::CreateWindowExW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample