MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Adware.Generic

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951
SHA3-384 hash:	c107aa80ecd7d969aa65bff57d56d0cc6cacad33dc7f9281436c7f526b410e35a9a60d653cca20c3cd082e7b1723dd03
SHA1 hash:	6342522e5fd28c6a40cb4443c0300ee16caaa504
MD5 hash:	a487bae084bbd75ecbdc5d9fede362ba
humanhash:	sweet-pasta-echo-washington
File name:	SecuriteInfo.com.Adware.Downware.3968.6751.24587
Download:	download sample
Signature	Adware.Generic Create hunting rule
File size:	123'469 bytes
First seen:	2020-06-19 14:44:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7fa974366048f9c551ef45714595665e (946 x Formbook, 398 x Loki, 261 x AgentTesla)
ssdeep	3072:SgXdZt9P6D3XJ2r+DuWv5K2Or76SB+ZP55fnPcHI1QHSnjaq:Se34cKU2c75+ZPPfnE2Qyn2q
Threatray	104 similar samples on MalwareBazaar
TLSH	48C3021AA1C15AB7EA6216710637D37BE3FAC68803411B37C7656FAB3F12183DD0A785
Reporter	SecuriteInfoCom
Tags:	Adware.Generic

Intelligence

File Origin

# of uploads :

1

# of downloads :

99

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/9608/

Detection(s):

SecuriteInfo.com.Adware.Downware.3968.6751.24587.UNOFFICIAL

PUA.Win.Downloader.Soft32downloader-6691270-0

Gathering data

Threat name:

Win32.Adware.ConvertAd

Status:

Malicious

First seen:

2014-05-03 02:39:00 UTC

File Type:

PE (Exe)

AV detection:

20 of 48 (41.67%)

Threat level:

1/5

Verdict:

malicious

Similar samples:

071c9ef8d382452d6bcaa4a46eeb4a0e71562097201d228caf15229fd2b68ac9

0f1f333f34d4ab91907ca6a0ad8d3360d5324623e9c885ab228127bce34932e5

48b9908bc98ae2903ee34167224b402fe5eb3a6c9b853ab17e728de52e2639a0

55a6b731215e8aea38a6f556669290c120ab916ac57754e45aca7b28b6cb0b9a

5cd1e21eef3c4ed694dc429b88b403995244060feb4fdea12473aff4d782e1f5

9b6c23ee51101f9e2542bb697e7b218e0a57d51ac6b577998cba351581aa7491

c190a5ad07413d85b0bd7da6c74b8cff0e46a10bdb15775d4b700b2de957ccd1

e162d29d0ba895e3ea7d75000c41c843225c7d29147b323ed9a72f4de3c1f6f0

fde7c52c166cd76fea454bbb539e7eba9ce704f5b442534bf5c4163213215426

ff92eb5433354ad51ba6c586ed91e8b69f32271b0d523352c87f8ae4d075151b

+ 94 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-rhbm5zs2g6/

Behaviour

Loads dropped DLL

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/9608/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample