MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33c72f7177a297ca3c396a50c7ad4bb85d20693d8cdc2fbc26b979d1cf0bddd4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CrownAdPro


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33c72f7177a297ca3c396a50c7ad4bb85d20693d8cdc2fbc26b979d1cf0bddd4
SHA3-384 hash: 9ae03ec512a432ccacfebeb72c27546e72b004fbf8f060dab454f752b41bccbad3f325d21e30744731ce4bc5ed57743a
SHA1 hash: 420b54d3d6cfc013c9a55dc6c1ee7148459776f9
MD5 hash: 2626a621fab10eec02e1c3dc2ab29361
humanhash: carpet-oranges-vegan-wyoming
File name:2626a621fab10eec02e1c3dc2ab29361
Download: download sample
Signature CrownAdPro
Create hunting rule
File size:585'216 bytes
First seen:2021-10-26 21:17:16 UTC
Last seen:2021-10-26 22:19:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7276786446dd386310f1928814c93495 (1 x CrownAdPro)
ssdeep 12288:GY7Lwe5zzrtK6HOWUGmuulkI7o8XEqxcAMR3D0oil4bUEpRzW3rd6b1PXpfQE8r1:G0Lwu3InErq3+P5IEj4D
TLSH T15BC4AE52BE4290B6E2E221BC56BA97325D3DA93407115AC7D3C44E798D301D0BF3A7BE
Reporter zbetcheckin
Tags:32 CrownAdPro exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
336
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Crownadpro
Create hunting rule
Link:
https://www.capesandbox.com/analysis/200347/
Detection(s):
SecuriteInfo.com.Variant.Mikey.112480.26728.4557.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug greyware hacktool
Link:
https://www.filescan.io/uploads/6178708ea9d585e6d539ddca/reports/ffeaefd6-3979-4ec1-a2f3-c89abd264149/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8913bef7-fb89-4648-b54b-46caffa73a55
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/877377
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33c72f7177a297ca3c396a50c7ad4bb85d20693d8cdc2fbc26b979d1cf0bddd4/
Threat name:
Win32.Trojan.Mikey
Create hunting rule
Status:
Malicious
First seen:
2021-10-25 07:32:49 UTC
AV detection:
20 of 45 (44.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gpds64lxukl4upbznjimplklxbosa2j5rtoc7pbgxf45dtyl3xka._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata
Link:
https://tria.ge/reports/211026-z5ln8sabak/
Behaviour
Checks SCSI registry key(s)
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
suricata: ET MALWARE CrownAdPro CnC Activity M1
suricata: ET MALWARE CrownAdPro CnC Activity M2
suricata: ET MALWARE CrownAdPro CnC Activity M3
suricata: ET MALWARE CrownAdPro CnC Activity M4
suricata: ET MALWARE CrownAdPro CnC Activity M5
Unpacked files
SH256 hash:
33c72f7177a297ca3c396a50c7ad4bb85d20693d8cdc2fbc26b979d1cf0bddd4
MD5 hash:
2626a621fab10eec02e1c3dc2ab29361
SHA1 hash:
420b54d3d6cfc013c9a55dc6c1ee7148459776f9
Link:
https://www.unpac.me/results/7fc45c7e-b869-49c5-a9a0-45ea7a236956/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/33c72f7177a297ca3c396a50c7ad4bb85d20693d8cdc2fbc26b979d1cf0bddd4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CrownAdPro

Executable exe 33c72f7177a297ca3c396a50c7ad4bb85d20693d8cdc2fbc26b979d1cf0bddd4

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1717256/
Cape
Cape
https://www.capesandbox.com/analysis/200347/

Comments


Avatar
zbet commented on 2021-10-26 21:17:17 UTC

url : hxxp://prodownload.live/admin/upload/cross2007.exe