MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2097cfcef072f6b12370139d94a171073df2255807c01ad6d747f0d24a190aa6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Adware.ExtenBro

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	2097cfcef072f6b12370139d94a171073df2255807c01ad6d747f0d24a190aa6
SHA3-384 hash:	4b65bab294e20a23608e1d4cb3859d6cd8fdfb790482b770d511ee77b13d6a4381510d5fcf2375045f91a858c85bccbc
SHA1 hash:	9aa32c2a67da99465f6b4c8c88cd52b109a243c4
MD5 hash:	ade449592745b54724fa70ec488b99fd
humanhash:	kitten-north-river-fourteen
File name:	f_002c15
Download:	download sample
Signature	Adware.ExtenBro Create hunting rule
File size:	2'449'376 bytes
First seen:	2021-08-31 15:58:30 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	48aa5c8931746a9655524f67b25a47ef (4 x Adware.Generic, 3 x AsyncRAT, 3 x Vidar)
ssdeep	49152:khg3LcSpYqQLyUf42fy6A4OeOqdAIjtYKmbaS/0GfVfcDi9r:JLcSpd8yEzvPlK1JODiN
Threatray	20 similar samples on MalwareBazaar
TLSH	T107B5230373C74032E9E0697898334A516E53BD6938F175595EF0FB0E4EB8BD2A872B64
dhash icon	686eeee2b292c6ec (6 x njrat, 3 x RedLineStealer, 2 x CoinMiner)
Reporter	Anonymous
Tags:	Adware.ExtenBro exe

Intelligence

File Origin

# of uploads :

# of downloads :

262

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

apk.tw_DriverToolkitInstaller.exe

Verdict:

Suspicious activity

Analysis date:

2021-07-17 08:00:49 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/58f2b4dc-9eec-4e4a-82f7-669953216319

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/184249/

Detection(s):

PUA.Win.Malware.Speedingupmypc-6718419-0

Win.Trojan.Drivertoolkit-7639971-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Searching for the window

Sending a UDP request

Malware family:

DriverToolKit

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/b9df8df9-06f0-4eda-9230-1e73461966a5

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

evad

Score:

36 / 100

Link:

https://www.joesandbox.com/analysis/616116

Signature

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2097cfcef072f6b12370139d94a171073df2255807c01ad6d747f0d24a190aa6/

Threat name:

Win32.PUA.DriverToolKit

Status:

Malicious

First seen:

2015-07-03 02:36:00 UTC

File Type:

PE (Exe)

AV detection:

21 of 28 (75.00%)

Threat level:

1/5

Verdict:

suspicious

Adware.ExtenBro

111d1529eb5320465bc09a12146b321b0f4409372a8b73048b7798904082068c

Adware.ExtenBro

1b7d7515f98891cf08164a7469bb9c9f3133e7834cfe99d55094594ca330e982

Adware.ExtenBro

36dbd261a7559865cd8fcf4b437758e113c89cfd05dda604a646f343dda2abe6

Adware.ExtenBro

67b235aa69f3e58eccab386035b5da7e6665d7718938607c5ce0b91503dcde4d

Adware.ExtenBro

9105599faee6b8cbbfb8f7c8a61ef6fc3a59dcd7230877149a89ce2dc7696e3d

Adware.ExtenBro

debc1a729e69d48bab2082aab44d8aae428066d42379838464dadecba5066852

Adware.ExtenBro

deebba95dabc50ecaca9ec1a70f321b9712baa078ff94dce2cb2385900c21b20

Adware.ExtenBro

e6447686ab68ede1a7b92ddc98b7e90ccf64d48876ace4b91cc45ea2437cc67c

Adware.ExtenBro

+ 10 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/210831-kmyacdprfe/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

87a39087c1a71e381acf4bb9a7ae2432409240fe68676e6e90415a0aed55bcb7

MD5 hash:

262f3330227a6ac4a73c2fcbb693d784

SHA1 hash:

c073327566e1db3b6f139175fb3cd081f85219ec

Link:

https://www.unpac.me/results/50b247b7-4e35-499c-9a8c-15df6f11591c/

SH256 hash:

945a30ef2c212d4bd336dff26fd965a04c2c05bda853a6503187e5997f560a72

MD5 hash:

c46eba1d951b1ecaad4ee468e9e7f33f

SHA1 hash:

b1636f3de82f76c4b30162f85113468fa0b52624

Link:

https://www.unpac.me/results/50b247b7-4e35-499c-9a8c-15df6f11591c/

SH256 hash:

960335f461f6cff314f0ae09f4a42364a4fa128a9d3b2153e306000033a3ed89

MD5 hash:

009eeb20a83a6da94846e902b170ad44

SHA1 hash:

7f09283facc59942312d9fa5001bbf71a37f5c46

Link:

https://www.unpac.me/results/50b247b7-4e35-499c-9a8c-15df6f11591c/

SH256 hash:

5b4268944746f0a4fe7051af7e6cc80cc3755921c94c1c00a49785e1b3e1a0e5

MD5 hash:

a74a8602a0e77754f601aa13fe0a35e4

SHA1 hash:

7a3da0babac09cfc57d093d28ae31955b554cc4a

Link:

https://www.unpac.me/results/50b247b7-4e35-499c-9a8c-15df6f11591c/

SH256 hash:

e973a4ba5d3daaf72ad1397b557ed71fa248615ffbb459e3ee86dc1af6c92cba

MD5 hash:

c9ae40bf93503b2acebd808ead83a1b8

SHA1 hash:

6187d71c230d9b67cfddd3e6a7f1700752eab3e5

Link:

https://www.unpac.me/results/50b247b7-4e35-499c-9a8c-15df6f11591c/

SH256 hash:

2d704bfaf295528f703401eafd41a49fe8d6965e9d33f22f6b7ce10340d56f37

MD5 hash:

60b2d9a5fcef9e5283eda9dc310e370d

SHA1 hash:

402868b608a068ddaecf6e2c63a10a7bccb024b7

Link:

https://www.unpac.me/results/50b247b7-4e35-499c-9a8c-15df6f11591c/

SH256 hash:

d5e2475fc6a9d563b3484d18a71535b958508aea289b79846f948febda14f089

MD5 hash:

c5144656dc7fcdbb98a2f4ebdcad6dae

SHA1 hash:

21564f5fe3324ba956f07ee7ecc20624fed07fb2

Link:

https://www.unpac.me/results/50b247b7-4e35-499c-9a8c-15df6f11591c/

SH256 hash:

44b8e6a310564338968158a1ed88c8535dece20acb06c5e22d87953c261dfed0

MD5 hash:

9c8886759e736d3f27674e0fff63d40a

SHA1 hash:

ceff6a7b106c3262d9e8496d2ab319821b100541

Link:

https://www.unpac.me/results/50b247b7-4e35-499c-9a8c-15df6f11591c/

SH256 hash:

25a03caed8ced6b4aff82ac86106bf1401f6c780c7719d821e8b44c2b7496680

MD5 hash:

4fec953b2903ca1dc503a08db5dfd8b7

SHA1 hash:

4d1ae35ce801b19abe2ffa48c972a6c416b92644

Link:

https://www.unpac.me/results/50b247b7-4e35-499c-9a8c-15df6f11591c/

SH256 hash:

2097cfcef072f6b12370139d94a171073df2255807c01ad6d747f0d24a190aa6

MD5 hash:

ade449592745b54724fa70ec488b99fd

SHA1 hash:

9aa32c2a67da99465f6b4c8c88cd52b109a243c4

Link:

https://www.unpac.me/results/50b247b7-4e35-499c-9a8c-15df6f11591c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.40

Link:

https://yomi.yoroi.company/submissions/2097cfcef072f6b12370139d94a171073df2255807c01ad6d747f0d24a190aa6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Adware.ExtenBro

exe 2097cfcef072f6b12370139d94a171073df2255807c01ad6d747f0d24a190aa6

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/184249/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample