MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3941242436e943fbfb7b1767aa2615bcc5637da3d939d3b06a1572de8bf044a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3941242436e943fbfb7b1767aa2615bcc5637da3d939d3b06a1572de8bf044a1
SHA3-384 hash: 5ec19999f3771d915c9d4a3580fe5a95d2e253c56ac8598b6ca0e9ae8891826902c4e49f4219e6db311f4075eabee285
SHA1 hash: fab551f2f9a43993c2350b20b2398c188e88162e
MD5 hash: 5af82b394bae65462bfb643933c09930
humanhash: carbon-stream-xray-fourteen
File name:Doc_21.12.exe
Download: download sample
File size:287'568 bytes
First seen:2020-12-21 20:30:11 UTC
Last seen:2020-12-21 22:33:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2a6be979413db763738afc455ed4d626
ssdeep 6144:kZxnve3vGtNi1NC9xmK0Q6WnR1/0gzi4DM3:Exm3OtqNOmdXWogGP3
Threatray 152 similar samples on MalwareBazaar
TLSH 68542A83B05430DCF4DF833BB4DA4E25A7E2BC6209425E061275BFA57F321815FD9A6A
Reporter James_inthe_box
Tags:exe

Code Signing Certificate

Organisation:COMODO RSA Extended Validation Code Signing CA
Issuer:COMODO RSA Certification Authority
Algorithm:sha384WithRSAEncryption
Valid from:Dec 3 00:00:00 2014 GMT
Valid to:Dec 2 23:59:59 2029 GMT
Serial number: 6DD472EB02AE0406E3DD843F5FE145E1
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: D1863B55A0629F32A5DAD867D02DF1D1A4550B23AC422B53581E79E548FD6617
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
195
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Doc_21.12.exe
Verdict:
No threats detected
Analysis date:
2020-12-21 20:31:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/54b1203e-cb6f-4f10-80f4-a47f6af77b27

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108739/
Detection(s):
SecuriteInfo.com.Trojan.Trick.46764.11878.14038.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/567698
Signature
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Initial sample is a PE file and has a suspicious name
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3941242436e943fbfb7b1767aa2615bcc5637da3d939d3b06a1572de8bf044a1/
Threat name:
Win64.Backdoor.Bazdor
Create hunting rule
Status:
Malicious
First seen:
2020-12-21 20:30:12 UTC
File Type:
PE+ (Exe)
Extracted files:
7
AV detection:
11 of 28 (39.29%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
071a87110c15bb64af2e6d976ed4da8429c3fee4c8872b82475746ea0b26351f
35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780
37ebdaa9539ebdd7606e29dc66f048bb70042d03e75ddc01147cd8277ce0509b
88580df1dfe2a7ea38a971bb53463d96bccc5d3948a02a4bb38fb8b22e218890
8fbb33ae75d79566d8a3682d500be2668376e1a79b193ca0d1d6a280822cb0f6
9e2f9dbbe77ad22963dd6456dc30b807a2e6482c01a232498e75ecb84a8a582e
a32c9245a6dee6720e317f22855b0ffd35eaa0d597f0609d276b8b320d00078a
bfad59ad62d310c2f435c02e6e7621a3ff8779b15029e6f949efe4eeb539a709
cc1c6834480497598c17952b72e93f4b71ce4670f33558857e7ca87b55135013
fd50433385cf4e5958bb402cf76fdc9351dc96b2dd8c8dc49384c2012ec8a194
+ 142 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201221-r51efv66ya/
Unpacked files
SH256 hash:
3941242436e943fbfb7b1767aa2615bcc5637da3d939d3b06a1572de8bf044a1
MD5 hash:
5af82b394bae65462bfb643933c09930
SHA1 hash:
fab551f2f9a43993c2350b20b2398c188e88162e
Link:
https://www.unpac.me/results/589b9864-5934-4d8d-8fb8-5f43826952b7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3941242436e943fbfb7b1767aa2615bcc5637da3d939d3b06a1572de8bf044a1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/108739/

Comments