MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e5bde630033fde6d83bbc7b9b12e323c7cfc09b499818d49666559817cd018d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	3e5bde630033fde6d83bbc7b9b12e323c7cfc09b499818d49666559817cd018d
SHA3-384 hash:	03a203590bc637b14302924920133b5f9783854593323c1fbd2c84a105516dcaf132bf91a16a76bf044e5e0b7b94b38d
SHA1 hash:	14eaa3f7697674ae8e06e8c2c860c2c829c2f64a
MD5 hash:	9068fbb20fadf7e380c3e78489a35923
humanhash:	virginia-july-foxtrot-johnny
File name:	indie game 3.0.exe
Download:	download sample
File size:	28'471'852 bytes
First seen:	2022-04-14 08:40:11 UTC
Last seen:	2022-04-20 10:24:18 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	93c6c421fee0148a7bfe63e14db75419
ssdeep	393216:HC92L+FCFKcexAKZofwwuvGvJDOolANSCg4ofs2pVixsU6KvNNJW5iXvkW21B1s7:Q2yF9LARNtzIofsIUf/JWUXvz0BGJ9
Threatray	3 similar samples on MalwareBazaar
TLSH	T1CC573313E9F65126D8B10034D4F9862225AD7D3CD722E7D3E6C04FAA79270C3AB756E2
TrID	40.3% (.EXE) Win64 Executable (generic) (10523/12/4) 19.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 17.2% (.EXE) Win32 Executable (generic) (4505/5/1) 7.7% (.EXE) OS/2 Executable (generic) (2029/13) 7.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	71ccd2d292c6e470
Reporter	tech_skeech
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

418

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

indie game 3.0.exe

Verdict:

Malicious activity

Analysis date:

2022-04-14 08:59:03 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9e228f3e-07e1-42d1-a4ed-fc433b86be47

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Result

Verdict:

Clean

Maliciousness:

Behaviour

Launching a process

Searching for the window

Сreating synchronization primitives

Creating a file in the %temp% subdirectories

Creating a window

Searching for synchronization primitives

DNS request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware overlay packed remcos shell32.dll zbot

Link:

https://www.filescan.io/uploads/6257de20eab80a7a6c1155e5/reports/ab6b9afe-d2b9-4b7d-84e7-11c05d9a644e/overview

Result

Verdict:

MALICIOUS

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/976683

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Gathering data

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2022-04-13 20:44:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

11 of 41 (26.83%)

Threat level:

5/5

Verdict:

unknown

6a26df22cb05dc2e18cff91e23ca17faa373533c96b0aae17fc85212a9153568

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/220414-klfasaahc2/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Loads dropped DLL

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3e5bde630033fde6d83bbc7b9b12e323c7cfc09b499818d49666559817cd018d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 3e5bde630033fde6d83bbc7b9b12e323c7cfc09b499818d49666559817cd018d

(this sample)

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample