MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 258029045d72eb7fe738dce1df886a17c9d3ee81d6a8f8d7d2ff532ee199cc0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 258029045d72eb7fe738dce1df886a17c9d3ee81d6a8f8d7d2ff532ee199cc0e
SHA3-384 hash: 00ac19e4a773d9c6a29b28e8697a17cdc1b3743d40efe56f876b04dc7bcc9c48cae53d22c88ce77775b7d03db652c747
SHA1 hash: 26a63580037b7f87594b9f3ba5e631e8f5db5430
MD5 hash: 5add6beaa3ff0ee782567a0a730e46d1
humanhash: diet-six-ceiling-vegan
File name:SecuriteInfo.com.BehavesLike.Win32.AdwareFileTour.tc.26432.30977
Download: download sample
File size:1'772'891 bytes
First seen:2022-08-11 21:31:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep 49152:8qeNVzaOkNuGJ0YF1I8P7Jop40jpv6gWZ:JENaOGgYo8C4Esg0
Threatray 403 similar samples on MalwareBazaar
TLSH T1DB85CF3FB268653ED4AB4B3245B39250997BBB61A81B8C2E47F0080DCF665701F3FA55
TrID 48.3% (.EXE) Inno Setup installer (109740/4/30)
18.9% (.EXE) InstallShield setup (43053/19/16)
18.3% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
4.6% (.EXE) Win64 Executable (generic) (10523/12/4)
2.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
306
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.BehavesLike.Win32.AdwareFileTour.tc.26432.30977
Verdict:
Malicious activity
Analysis date:
2022-08-11 21:32:04 UTC
Tags:
installer
Link:
https://app.any.run/tasks/2c9a69d7-3f90-4810-ab19-ab3e627f153a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/298097/
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

SecuriteInfo.com.BehavesLike.Win32.AdwareFileTour.tc.26432.30977.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/28731/overview
Behaviour
MalwareBazaar
CheckNumberOfProcessor
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
overlay packed setupapi.dll shell32.dll
Link:
https://www.filescan.io/uploads/62f57553080024921b6b260a/reports/3d9b23f4-8c1f-4e40-a5c7-b4ec10c418b0/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cc4602cd-d9de-4af8-9605-15163903b1ae
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
28 / 100
Link:
https://www.joesandbox.com/analysis/1050255
Signature
Found API chain indicative of debugger detection
Multi AV Scanner detection for submitted file
Obfuscated command line found
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/258029045d72eb7fe738dce1df886a17c9d3ee81d6a8f8d7d2ff532ee199cc0e/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ewacsbc5olvx7zzy3tq57cdkc7e5h3ub22uprv6s75js5ymzzqha._file
Verdict:
unknown
Similar samples:
3e99b59df79d1ab9ff7386e209d9135192661042bcdf44dde85ff4687ff57d01
3f947f5a849f11be9079a5c2418240e2faf7e53b63662c85b92fad8f47ea4d09
a1a9137dea275aa805e5640f6450366dbf6e10be066e5c12c34904e45e469c4c
d3c5e10462110b2ac5f825e7834e857ff7b75639acaf1c46448d401b0765d212
f16630378ba5cd07f2e131f3afa483c6f722406702d9201450c3be17f8b1081e
ff9a5eda0ae6d5dffa71c02b0a4f96e07f62365db68ba7ab74e53a512e77fabf
+ 393 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220811-1dk43afad7/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
b642b02b7f60944ca1fd874f93ffc3b3886bf3fd05849ab676f77c5e1fa1657e
MD5 hash:
6af6f18837bd68196cb0b375b649994f
SHA1 hash:
e56bc8b5f95e7cd6af7110896ae42d3dca733a26
Link:
https://www.unpac.me/results/877f3c0e-37cd-4141-9c6b-4327bb0f5ae6/
SH256 hash:
e01eef3d04b6be0a8770788a5eae3e75625ffdf43559a932ffde30ca2c763980
MD5 hash:
902b058954319a7dd6b561054238620e
SHA1 hash:
37faadbc4d498b897ddc0c0d09c63b552065149a
Link:
https://www.unpac.me/results/877f3c0e-37cd-4141-9c6b-4327bb0f5ae6/
SH256 hash:
258029045d72eb7fe738dce1df886a17c9d3ee81d6a8f8d7d2ff532ee199cc0e
MD5 hash:
5add6beaa3ff0ee782567a0a730e46d1
SHA1 hash:
26a63580037b7f87594b9f3ba5e631e8f5db5430
Link:
https://www.unpac.me/results/877f3c0e-37cd-4141-9c6b-4327bb0f5ae6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/258029045d72eb7fe738dce1df886a17c9d3ee81d6a8f8d7d2ff532ee199cc0e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/298097/

Comments