MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39f00d9056a5e0f8fedb37a3b14f82853ce6505af5386c3e41dd1b3c9d94d955. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39f00d9056a5e0f8fedb37a3b14f82853ce6505af5386c3e41dd1b3c9d94d955
SHA3-384 hash: d9921256e60b54c36087726635b62e608d0d586852ecb2a5431218b877a2763dfc1aaf6478fd031919ff8c81ef2c14cd
SHA1 hash: 41419c0bdb42337a069caa1bad52f69573fb1f08
MD5 hash: 35ae989d678cb4a02a6ee2123346e4a0
humanhash: salami-fix-freddie-emma
File name:virussign.com_35ae989d678cb4a02a6ee2123346e4a0
Download: download sample
File size:86'985 bytes
First seen:2022-07-13 14:16:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 908e67f8b0160bfd82132ad8738bb56b (1 x QQPass)
ssdeep 1536:EzfMMknJvVvwlTHavNbA8w9KxlO9Lc3Otp15wKwYPpLK6f:CfMbJOZHaV7wdZcm19w6pz
Threatray 6 similar samples on MalwareBazaar
TLSH T19783E09558AF520DB7A5E02310486CEBE9141BCB1EE1D6A9D633732E8C58F131CFE276
TrID 52.9% (.EXE) Win32 Executable (generic) (4505/5/1)
23.5% (.EXE) Generic Win/DOS Executable (2002/3)
23.5% (.EXE) DOS Executable Generic (2000/1)
Reporter KdssSupport
Tags:exe


Avatar
KdssSupport
Uploaded with API

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/287195/
Detection(s):
Win.Malware.Dqqw-9951425-0
Create hunting rule

Win.Trojan.QQPass-5710308-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Enabling the 'hidden' option for files in the %temp% directory
Сreating synchronization primitives
Creating a process from a recently created file
Sending a custom TCP request
Enabling autorun
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/62ced46ed6d93426ceea2253/reports/508effe3-51ee-4e98-b2f0-9c44928225a5/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4ebf0c35-7439-422d-8495-0eb0d0edcce1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/39f00d9056a5e0f8fedb37a3b14f82853ce6505af5386c3e41dd1b3c9d94d955/
Threat name:
Win32.Infostealer.QqPass
Create hunting rule
Status:
Malicious
First seen:
2022-07-07 01:50:10 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
26 of 26 (100.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hhya3ecwuxqpr7w3g6r3ct4cqu6omuc26u4gypsb3untzhmu3fkq._file
Verdict:
malicious
Similar samples:
2105b0c130a9494a9c7918cf64a87340cebaef44cba966f9cd6937cdf913c9dd
569fd1c150962b586fea6e025c53ab225e4c7b5e72455e65ee22ba5ed96ea102
67a0f7b898bf9f2a93780e7b4b5b51fe9a8a1a6e31975d6d29dbb624f1c71fe6
68c8f03a7cf8d608ffd5f1fb1ee1db70ebd23ff6f409b2636edc5d41a7058624
7203f57b029e6942d06250400cfcfa58ab92afd76f51865848e1eeff89bbaee2
7443c4b61199be718b1ed32ef579d801de1931a950d8798378a5ef37ff1a25d3
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220713-rlsdnsabb2/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
1c07f60d4054debb6394d61a212a67a1f536917ec33e059458e457140cba050c
MD5 hash:
11c605aeb75205e751c1b9543a19ca02
SHA1 hash:
b6373b8edfe573f8e4e7791926514661de6af4f6
Link:
https://www.unpac.me/results/523958c9-b803-4a01-a194-32db5724f3ee/
SH256 hash:
39f00d9056a5e0f8fedb37a3b14f82853ce6505af5386c3e41dd1b3c9d94d955
MD5 hash:
35ae989d678cb4a02a6ee2123346e4a0
SHA1 hash:
41419c0bdb42337a069caa1bad52f69573fb1f08
Link:
https://www.unpac.me/results/523958c9-b803-4a01-a194-32db5724f3ee/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/39f00d9056a5e0f8fedb37a3b14f82853ce6505af5386c3e41dd1b3c9d94d955

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_MPress
Create hunting rule
Author:ditekSHen
Description:Detects executables built or packed with MPress PE compressor
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 39f00d9056a5e0f8fedb37a3b14f82853ce6505af5386c3e41dd1b3c9d94d955

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/287195/

Comments