MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ddfb2740131dc898d5c24380afd5b6fcf99f6818d74e608b7651acc3c0642de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA 1 File information Comments

SHA256 hash:	1ddfb2740131dc898d5c24380afd5b6fcf99f6818d74e608b7651acc3c0642de
SHA3-384 hash:	48e9cf8d96c8e3864ea3758b693f9683a92cdf406d72a54a8d6932f4b38135dc8ab35d77ecb77db8987424d2b88f6998
SHA1 hash:	2841b2fd780142fd6a088ea62b6e0adc411fb232
MD5 hash:	14e19c9c7b82a65ee91df85637627b78
humanhash:	idaho-autumn-early-ohio
File name:	1ddfb2740131dc898d5c24380afd5b6fcf99f6818d74e608b7651acc3c0642de
Download:	download sample
File size:	5'017'600 bytes
First seen:	2020-11-07 17:38:11 UTC
Last seen:	2020-11-07 20:07:30 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e00ec9b36d87434e41d51fe66c56e80f (1 x NetWire)
ssdeep	98304:69jozdmgyf2Lh1uuWWU/KJHNZxIaIMnJ0iMNo3PYNUuRNYUT4w6cACSVz3Z:698dhymyd1KJtfIRMnWNi+JcXCS5
Threatray	14 similar samples on MalwareBazaar
TLSH	C436232312A50066D1E1CC3EC53BBEE571F647599A82B8B899EB6DC539135F1F203E83
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Artemis14E19C9C7B82.13235.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1ddfb2740131dc898d5c24380afd5b6fcf99f6818d74e608b7651acc3c0642de/

Threat name:

Win32.Backdoor.NetWiredRc

Status:

Malicious

First seen:

2020-11-07 17:45:02 UTC

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Verdict:

unknown

1ba0f8177f56072e3e45ddcbb425c767bf7ffc6f096792240423f63ee5a962d2

1ee39f6cd500940ad97c444778dc717361e01ce5579a28d761aedae86e85af64

22a49fd2468178e5b33cad08985adde50f0530a33260affc58bee6b2401005a9

2aaad8177d08507b09dc3d419b4d31f65db6fe6bc6314ffce650b9fc57f0817c

586308277bf0f934777f113da1b684233d2cdfbf6b746eebc35d2f8dc8d1c585

7e17e9de1f6643f57b6cda4a921b025a9caf5689728b0af2f653887f41e2c318

a3c2207806f9be710f3a1d1cbf1149a708bb080946e2368c8e826f5cef2293e4

ac839669e7e0d6b42bf9517cc6f4db88c9eacc678df15c1c45be1771309cb020

b634177f6a7b2c970dbc79ab94aa911d31ae2559456bae1f0fbe08d6d340f0ba

+ 4 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/201108-wgxza3l86e/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	suspicious_packer_section Create hunting rule
Author:	@j0sm1
Description:	The packer/protector section names/keywords
Reference:	http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample