MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 2351f70dff900db3b283c640892e182546391d346c0dfc36439e5c2b2b661b42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 2351f70dff900db3b283c640892e182546391d346c0dfc36439e5c2b2b661b42 |
|---|---|
| SHA3-384 hash: | 89065db781ae8b892f2b47c991b5cd781cdeba776cc147a9892e5b88ad47e560da13bb2a96f04da5e8ea49fec7382f24 |
| SHA1 hash: | 0cac087fb11062ee532cac6931fe6b00b9739ebd |
| MD5 hash: | a9c1667e6b6fc8aa4fd89aa0f9b491ae |
| humanhash: | happy-crazy-yellow-sad |
| File name: | a9c1667e6b6fc8aa4fd89aa0f9b491ae |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 14:00:17 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 3072:M19sKaTj0cKE2kVNu+XJcwfY9lDd9XztgyWvIW9hc54pLthEjQT6j:M19sKJDE2kVyAu1fDtISkEj1 |
| Threatray | 100 similar samples on MalwareBazaar |
| TLSH | 91249D4036D3E556C0076732A9E987A41A35BC169FBDD24B7589F73E2D7A2038C27FA0 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows subdirectories
Sending a UDP request
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-08 06:56:00 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 90 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
2351f70dff900db3b283c640892e182546391d346c0dfc36439e5c2b2b661b42
MD5 hash:
a9c1667e6b6fc8aa4fd89aa0f9b491ae
SHA1 hash:
0cac087fb11062ee532cac6931fe6b00b9739ebd
SH256 hash:
c1b2a9e0d76ea3d8de6ec26f4ed524ffba7be14b9e9dc004da457524b1cff6f2
MD5 hash:
6132472e9d33abe55d2302d40f214e75
SHA1 hash:
5e8bdf78fd3ad813f3436016ce1f2c8b4711e5db
SH256 hash:
8b1255527e27b6484c18af714046d3916fb5c212a98832c5b0dd8b09e1269b56
MD5 hash:
e1a9cda3aeb2c05e649c56befed47453
SHA1 hash:
ed68e80ae4af33f43bef6ae4f6985c3e2394c1b8
SH256 hash:
36e43a935dbbc7e4f63acfe3066b73fa3c8bcdd41a4d893bb1b716583cdd47cc
MD5 hash:
e9db63cc9e72f40f3fe19acdd900bbfa
SHA1 hash:
93f12c1e57e6593f6abbcbf13cec47082104873e
SH256 hash:
ed5ff9116ad52c7f8912212c7171d192bd6afeb265c1bd92618cdd2a1baf87aa
MD5 hash:
3cf3183277657602808d27defc2396d7
SHA1 hash:
c3b7cca6ae900fa26775a0a6222454aea3281385
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.