MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1dcf30737ac12880bd355009211689736e629284a4d8a6797c66757314003e9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1dcf30737ac12880bd355009211689736e629284a4d8a6797c66757314003e9a
SHA3-384 hash: 1dcf8967a6ef6f67057d16cb54e29b6ec752077aa7916ab9c720d0f7e5f36ee99eba606b209da02ceddd54bcd1ece4d0
SHA1 hash: e6c553bf770dc43d47929bb96316f5d4df3c4bfa
MD5 hash: afd310760edb83162135791633b44d1b
humanhash: mango-burger-river-paris
File name:SecuriteInfo.com.Trojan.MulDrop6.41499.23436.14776
Download: download sample
File size:262'656 bytes
First seen:2023-10-06 00:30:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2e67dc15273a58ab62fa6f1d96842ff2
ssdeep 3072:TTRCGvrDmrN28JQsjEq728TgK3PYrCb+NThzl4f6BYFO+3uRLV/cB6JUHcPB554T:T1XvXq5jIRog38B6WHu/cT4B5gP
Threatray 79 similar samples on MalwareBazaar
TLSH T16C4412C3B30BE898C7AD2435A81B165A5A11A97D06134FBFB6C6B32F1B2D1524F1E835
TrID 52.9% (.EXE) Win32 Executable (generic) (4505/5/1)
23.5% (.EXE) Generic Win/DOS Executable (2002/3)
23.5% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 00a0a1888cc8aa9b
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
290
Origin country :
FR FR
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MulDrop6.41499.23436.14776.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
epmpress flystudio lolbin mpress packed packed shell32 virus zbot
Link:
https://www.filescan.io/uploads/651f554e426c8727d6efff39/reports/e44b06d0-5322-42b8-bd48-541beccfcd38/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/1dcf30737ac12880bd355009211689736e629284a4d8a6797c66757314003e9a
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
CoinMiner
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1ca8309b-c25d-43f5-80cc-7965d4a75e3e
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1320664
Signature
Contains functionality to modify clipboard data
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1dcf30737ac12880bd355009211689736e629284a4d8a6797c66757314003e9a/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2011-05-29 22:53:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
19 of 36 (52.78%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dxhta432yeuibpjvkaescfujonxgfeueutmkm6l4mz2xgfaah2na._file
Verdict:
unknown
Similar samples:
08fa2eaf0a93a4b1cc98e8eb518f3e55f4cd46c8f698b66db9c86eb76c323133
2010a7e1a136a9881ba4db4beb99088ea77ea2997d36e6d1d16fc696b34fda8b
28894ebd9537959f6d45cb8f5cd21fcff66472820f5e8bcc6944276fa32c2623
4c988891326eea9e5fe8aeaa93ffb3f7001bd3cda048a72ab24c8b54dd1834e4
58ae584470a61f3225e8d5ad1d7359f0a132a81438ff8fc427a42ba41feaf040
8388aa093a9bcf92fe70e2f5e6e4864e4c7e757e0812c1acb4fc8b9bb48e90c5
ca10c218c7ed12f56148c11d31a0698c8d232064faba12402c16b70f7e34bf55
d1e1c9332fa8a6bd045fd4ccfa11055a4e17d1cad72239aab2400870191c4185
dccceaaa2022c7ebde90a5596464855302d6621a04f80314f312968331b165b2
f8d665d64793bd0d9c015c19f5eef47e7ece8e03f932e98bec38483dc2afdaad
+ 69 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/231006-at3qyaab96/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
101c5f4d12fb85f5a4dc7814ff759516ea7db2c943fdfd093129bce2f0374164
MD5 hash:
60ee57fb01542dd0cae72d67f475ea0b
SHA1 hash:
f0d378f265f5c708f890d0f393a4ec9c34e0f880
Link:
https://www.unpac.me/results/97597568-3c7d-496b-9440-56239f186171/
SH256 hash:
1dcf30737ac12880bd355009211689736e629284a4d8a6797c66757314003e9a
MD5 hash:
afd310760edb83162135791633b44d1b
SHA1 hash:
e6c553bf770dc43d47929bb96316f5d4df3c4bfa
Link:
https://www.unpac.me/results/97597568-3c7d-496b-9440-56239f186171/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.79
Link:
https://yomi.yoroi.company/submissions/1dcf30737ac12880bd355009211689736e629284a4d8a6797c66757314003e9a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_MPress
Create hunting rule
Author:ditekSHen
Description:Detects executables built or packed with MPress PE compressor
Rule name:maldoc_getEIP_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:mpress_2_xx_x86
Create hunting rule
Author:Kevin Falcoz
Description:MPRESS v2.XX x86 - no .NET
Rule name:TeslaCryptPackedMalware
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments