MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2dc810c540787f600ba073fcc3966102a266d867938861c3ac3da38dd7c004fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2dc810c540787f600ba073fcc3966102a266d867938861c3ac3da38dd7c004fa
SHA3-384 hash: 1f4a1910f7a53f4d4a651ed43290a633f90eeca50f15aabaf72810ca473ad2556fdb0bf4569bed6a48765df21a501ab3
SHA1 hash: 32727c96976564a2d7980b04a86add0912b1849a
MD5 hash: 0068ac9dbb865c6c03984061540618df
humanhash: blossom-batman-seven-green
File name:glut32.dll
Download: download sample
File size:909'312 bytes
First seen:2022-05-28 15:37:39 UTC
Last seen:2022-05-28 16:37:09 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash e216bbc2698858002ba12bc18a322b46
ssdeep 24576:qk+n47+G5peNSqxhkMA7u2W6fC+GCTeyX0H47+YyV:NjHre1xhkMA9C+0yX0H4QV
Threatray 12'369 similar samples on MalwareBazaar
TLSH T103151285CE781276F0B606B0940329DCE9F05EE11F39C97643FA83DA39712BA957E583
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10523/12/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4505/5/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter obfusor
Tags:dll Farfli RAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
270
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/275170/
Detection(s):
SecuriteInfo.com.Trojan.Heur.3y8@yO@6UCnb.9842.28301.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed shell32.dll virus
Link:
https://www.filescan.io/uploads/62924217370bb1455cccee21/reports/b905ee3b-a1d5-4191-932d-742998549382/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fcbfd97a-7140-4844-806b-9d7b6021258e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1003148
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-05-28 15:38:08 UTC
File Type:
PE (Dll)
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1e857555be92a0e4bfa8c0e5dc5b7b91a08e6daea0036e3bf23d3d3de79e495f
7c28b994aeb3a85e37225cc20bae2232f97e23f115c2a409da31f353140c631e
8795836a86dc61f9fe1d4b3f798ebf3a4c1900ddac2f207f4d1f46e87b85850f
887aae4c40ef5ac852dcb98c50598ae087e21ba02456b35da67365fcfa6fea9b
8ec16e4c4fd0a80322418ea661e4dd3b427f7369078d85f64069588624752bdc
9c7feb98fb5804f1f80dd03db1f84a06b68ea6043d2d34ab53edce82b83827b2
ae0a99c5cc44699f19c5967df89e034876b214da707275a33bcf7298697ac184
f224eb6d7d25fed68f1053c7f38fbf09e416fc55230d04a1591e97aa2144c092
+ 12'359 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/220528-s2167achf2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
2dc810c540787f600ba073fcc3966102a266d867938861c3ac3da38dd7c004fa
MD5 hash:
0068ac9dbb865c6c03984061540618df
SHA1 hash:
32727c96976564a2d7980b04a86add0912b1849a
Link:
https://www.unpac.me/results/a696671d-4cab-4b5a-a9fa-98a6ad6b7f40/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2dc810c540787f600ba073fcc3966102a266d867938861c3ac3da38dd7c004fa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/275170/

Comments