MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 29b336e49f7d969f9247e7bd6dfc66685a501c9717c81e4ee732d7eca1ad144c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 5
| SHA256 hash: | 29b336e49f7d969f9247e7bd6dfc66685a501c9717c81e4ee732d7eca1ad144c |
|---|---|
| SHA3-384 hash: | e21a6d4494383c50941bbc7f0e70ba3602d537a4f52a5cdb7c9470a547187b9ceb44fda0216e6f7352a4ba8177c945aa |
| SHA1 hash: | b36f7c554d4adfb93fb0a7c1365e00ab6684ca71 |
| MD5 hash: | 4a1c859a5365a544b48105b03f822d7d |
| humanhash: | oklahoma-bacon-autumn-robert |
| File name: | 4a1c859a5365a544b48105b03f822d7d.exe |
| Download: | download sample |
| File size: | 2'973'423 bytes |
| First seen: | 2022-02-07 08:22:36 UTC |
| Last seen: | 2022-02-07 09:54:35 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| ssdeep | 49152:OgYnI9oXWIl1uh4HlxHKRbmeVnv1ZMsZJjW8jVcYJn49srVHuSpsfgeIVUsWpq82:OgGIar24Ydz5T42rVHXrz+p1V+5 |
| Threatray | 2 similar samples on MalwareBazaar |
| TLSH | T1B8D5338CE45B792EFE2BFA721E18453A445BB7DC0FA05BE71D1B4B81D249A5413B32C2 |
| Reporter |  abuse_ch |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
2
# of downloads :
123
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for synchronization primitives
Searching for the window
Launching the default Windows debugger (dwwin.exe)
DNS request
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
overlay packed
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Generic
Status:
Suspicious
First seen:
2022-02-07 08:23:21 UTC
File Type:
PE (Exe)
AV detection:
7 of 27 (25.93%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Program crash
Drops file in Windows directory
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
33307defedcc6a44646e55cbc2fab8da51419eaf4ce4f88a6d46ddff5b1b548d
MD5 hash:
08eed55c645e2d3c2b875b758a2afff1
SHA1 hash:
220f06be2a4ecf92bc1b8e696dad8eaa0d2a1d9c
SH256 hash:
29b336e49f7d969f9247e7bd6dfc66685a501c9717c81e4ee732d7eca1ad144c
MD5 hash:
4a1c859a5365a544b48105b03f822d7d
SHA1 hash:
b36f7c554d4adfb93fb0a7c1365e00ab6684ca71
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 29b336e49f7d969f9247e7bd6dfc66685a501c9717c81e4ee732d7eca1ad144c
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.