MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34344e93916303db50c77fa67b7c3f068a7b7537b14aaf2f1fdd81ba72f06035. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA 1 File information Comments

SHA256 hash:	34344e93916303db50c77fa67b7c3f068a7b7537b14aaf2f1fdd81ba72f06035
SHA3-384 hash:	426a7de221fb744e1fe0829f65955efb7e5bcb87a68423bb2b752a62fe528b59ae3a924f42c50c2a0c2fca43e673ed15
SHA1 hash:	a7ac7d7370b3cc1416444363964772496a698443
MD5 hash:	8fd122e26c39c3df20c67ad187ab76a4
humanhash:	winter-kentucky-six-cup
File name:	sm21222.exe
Download:	download sample
File size:	220'862 bytes
First seen:	2022-12-31 03:06:57 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b78ecf47c0a3e24a6f4af114e2d1f5de (295 x GuLoader, 23 x Formbook, 21 x RemcosRAT)
ssdeep	3072:EQZvOsPPKedccHVvZYiJ8H0T5h/WdQlP+vi9NF8wgq54YxxYakp1GzT6vfEMh:EBeRVhBaHKWdxK7FkW4Yxx0Sifnh
Threatray	105 similar samples on MalwareBazaar
TLSH	T15824021223E2482FF8E387B229F59775A779EE010571524F53E06F352E746A38D113AE
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	2010b079d4c4a500
Reporter	atomiczsec
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

162

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

sm21222.exe

Verdict:

Malicious activity

Analysis date:

2022-12-31 03:10:01 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/d119a56b-564b-405d-ba57-61167c2f4fe7

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Mal.Generic-S.31020.16397.20236.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Creating a file in the %temp% subdirectories

Searching for the window

Changing a file

Verdict:

No Threat

Threat level:

10/10

Confidence:

100%

Tags:

buer overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/63afa7572b1f5b0e511a40cb/reports/e2963b44-56b1-4fe1-86fe-c7e23d152d0d/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/1dd61c81-e280-4eea-8b21-b933a51ab98f

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

2 / 100

Link:

https://www.joesandbox.com/analysis/1143415

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/34344e93916303db50c77fa67b7c3f068a7b7537b14aaf2f1fdd81ba72f06035/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gq2e5e4rmmb5wughp6thw7b7a2fhw5jxwffk6ly73wa3u4xqma2q._file

Verdict:

unknown

0cc7d034e9b01b5f02d0843e62c5ce0c79dc380fc3c126be71c8ad31ab8acad6

0edacb001024ad548cefbdb4125260b3514cbcb3af12c1706710ed0086643800

19f71da28ebab8fe7256a657c603698ad607a7273e85d0e8b107269643cfa5dd

292448122c421fa603e529ff0a9c3ecfbe46f90bc8287b3d5f23cd0edc6e37a2

35e4927ea02978e01bee3917c5c2c92d46308473bf3eaf4ef1d4d3c0eb0a0d4f

42d8660460520cc995d9e871953c424a6a95cba8796fa763fb9ebe46cbc7189d

83b1180e8794a4d719586d4f5fe237b37167ef93c186d3c0976a70d39541c72f

88c642b1fa43b77487f3916dd95ac236189971475c3289c745dc45a739e6453f

ea07ac0be9b5d757b3d6eab704606fb022770451be04c729af03f3a0941d3fc8

+ 95 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/221231-dma9wsha96/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Enumerates physical storage devices

Loads dropped DLL

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/0cdbc3dd-3ca7-484f-96ca-5e1844ecebb0

Unpacked files

SH256 hash:

fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c

MD5 hash:

3e277798b9d8f48806fbb5ebfd4990db

SHA1 hash:

d1ab343c5792bc99599ec7acba506e8ba7e05969

Link:

https://www.unpac.me/results/f4bc6d3f-d7d3-400d-b4d7-3d48f5a66984/

SH256 hash:

227a52e0785b070baf673c4d97d28ced967c3c01ea62bd1da5f5c593940919db

MD5 hash:

3138dac7ef0377dc6a37ba84dc56badd

SHA1 hash:

ec071ccfd71645a8c5d0687f7d12f04ec432dc6c

Link:

https://www.unpac.me/results/f4bc6d3f-d7d3-400d-b4d7-3d48f5a66984/

SH256 hash:

34344e93916303db50c77fa67b7c3f068a7b7537b14aaf2f1fdd81ba72f06035

MD5 hash:

8fd122e26c39c3df20c67ad187ab76a4

SHA1 hash:

a7ac7d7370b3cc1416444363964772496a698443

Link:

https://www.unpac.me/results/f4bc6d3f-d7d3-400d-b4d7-3d48f5a66984/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.28

Link:

https://yomi.yoroi.company/submissions/34344e93916303db50c77fa67b7c3f068a7b7537b14aaf2f1fdd81ba72f06035

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Ins_NSIS_Buer_Nov_2020_1 Create hunting rule
Author:	Arkbird_SOLG
Description:	Detect NSIS installer used for Buer loader

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample