MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dc6a1e588dfe80988eacc734ad80b180bc6cd52726271a99b9164501b65b3e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Worm.Virut


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3dc6a1e588dfe80988eacc734ad80b180bc6cd52726271a99b9164501b65b3e5
SHA3-384 hash: ec51e1a9e1f99c25c0d82912209e88f33db47e4cf225577dbb529a226a9b467ba5f17d3f2c91b7102392f165cbabe085
SHA1 hash: c91067dcba24db936782e17c55a9797c9a03f5da
MD5 hash: 25c724ff2cda09eca20442587e8797d7
humanhash: arkansas-helium-nevada-black
File name:a0217b40615f8749f133b69d6149d900
Download: download sample
Signature Worm.Virut
Create hunting rule
File size:360'983 bytes
First seen:2020-11-17 12:13:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 85adb7824b864bf70e853de1cdfc7255 (1 x Worm.Virut)
ssdeep 3072:oGJek564HKPqzSq0Or+cXV0T640ufgUl4GwDiVzNCQ+Z+mdmO/9Iz7Ov6XF2PrwN:rHel/m+ciTn8g3v+AFa686oq
Threatray 2 similar samples on MalwareBazaar
TLSH 93747A52B5F240F2F642D6F80C1DAA6B426AC6D5063186839A188B753DB35F273FB1CD
Reporter seifreed
Tags:Worm.Virut

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Ramnit-1849
Create hunting rule

Win.Trojan.Ramnit-1847
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Creating a process from a recently created file
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file in the %temp% directory
Deleting a recently created file
DNS request
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Unauthorized injection to a browser process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3dc6a1e588dfe80988eacc734ad80b180bc6cd52726271a99b9164501b65b3e5/
Threat name:
Win32.Worm.Ramnit
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:17:39 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hxdkdzmi37uatchkzrzuvwaldaf4ntksojrhdkm3sfsfag3fwpsq._file
Verdict:
malicious
Similar samples:
aff4e29973c297fd764b3ba81237afd91912f51f9a4babfd766ce80f9ace2676
Worm.Virut
cdbc54f3e2f91b4402096a585879d8fac004adfbc790ff94f86abf7ba19399b8
Worm.Virut
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-2bxwzppvkx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
3dc6a1e588dfe80988eacc734ad80b180bc6cd52726271a99b9164501b65b3e5
MD5 hash:
25c724ff2cda09eca20442587e8797d7
SHA1 hash:
c91067dcba24db936782e17c55a9797c9a03f5da
Link:
https://www.unpac.me/results/7131d679-a308-4f79-869f-9ed52a4b9ad0/
SH256 hash:
11fcc971f3931303c39dc5f402d201e4111d6d749725fa894fc4daff379846c0
MD5 hash:
62c3773333fa521fbe9339b616a0b292
SHA1 hash:
b1c70768633f4941fc2e045be1e90d5ca693600b
Link:
https://www.unpac.me/results/7131d679-a308-4f79-869f-9ed52a4b9ad0/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments