MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41ccfe90282ef9f607a6abfcce0ff6af362970d454a568fe2d214dc4c3a7b17b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41ccfe90282ef9f607a6abfcce0ff6af362970d454a568fe2d214dc4c3a7b17b
SHA3-384 hash: ad0e7630ab733986a3e66eb15bc9126cf2f4af6cdd6718e08186673ee9dfb2e854653b6e8802a9be0b17aa279a9d7acf
SHA1 hash: 8bb7e3b10363342bf4936fda9b355c690315a368
MD5 hash: dabe7dbfe8d5f7876eb11df42212a698
humanhash: vegan-jupiter-tennis-comet
File name:out.exe
Download: download sample
File size:3'743'744 bytes
First seen:2021-07-13 21:39:52 UTC
Last seen:2021-07-13 22:35:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e973ff3d40f88fdbed21d20dbc865c50
ssdeep 98304:T2usQVlvZp5a6FEthPG4rK5eOQQJC0QodVkNA9:T2OPDaPPdKHLKO
Threatray 16 similar samples on MalwareBazaar
TLSH T16E06E013A6514CB1E2511C3D85677F75BEB14B460B03D9ABA3AEFDE4DC3A091E2231CA
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171519/
Detection(s):
PUA.Win.Packer.Upx-45
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/54971d7b-2cc6-4edc-a8c4-f82ab736883e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/815916
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/41ccfe90282ef9f607a6abfcce0ff6af362970d454a568fe2d214dc4c3a7b17b/
Threat name:
Win32.PUA.FlyStudio
Create hunting rule
Status:
Malicious
First seen:
2021-07-13 19:06:41 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
19 of 29 (65.52%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
01a38195faaf7780f0f600c6d0d6c924559a4e639312e4023ce859e874d923c3
34a52388b0de94f535226b9e7e0815ca1e0eff80bf1b07f3d9de3fb9f50b26ac
39599008089755aa7cccb534b2c94ccb537f266018bb67ae3ed4b9f51c0a40b9
485a5454645f5d90d1b3097336b08dcaa9d4b49db9738a2f953e81081002600d
68d9b1b79eac821bd61cfea1a528b5a26fc371be1e24bf71ec424fddb63e5c92
8bdd3fc67f143159eb3cb3eb5dc0634448145a76604a0615cb2db7fb34127fd7
94b85015bb3beb57e1810aec53712b8158fa10e3a970b0ee65484be34b3073cd
98e4329d418e085edef489875df98f75e772d3d5f96178682e953566e408f525
ad36573bcb7c51f96c47c21c6a4b828884709c242ae6185df918779db3b8da07
bd47998f87fc18065b678dc8df17b7b7deee3f1b6b65f0fba0b130c3f6e80581
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210713-j16fj7qsna/
Behaviour
Suspicious use of SetWindowsHookEx
UPX packed file
Unpacked files
SH256 hash:
8cfc04ec1af6fe54eba81d9d13eb3d3cc7a6f41dfeaa5f25ade46abf305c3c4c
MD5 hash:
f403f11d114ad2898b405853de4bd638
SHA1 hash:
fbbd66800efde9118552537441b691641c21a0ed
Link:
https://www.unpac.me/results/509715fc-5cb8-4fd8-b22a-51bc77fe10b2/
SH256 hash:
21d16265775832adcc6238f29a6984ff2772c23b1e77c73be55500b11f8f03e8
MD5 hash:
1c2861dde5bb47376cddbf32812c5a02
SHA1 hash:
fa244b9b5da0b65046904eb5102fa959c24937d0
Link:
https://www.unpac.me/results/509715fc-5cb8-4fd8-b22a-51bc77fe10b2/
SH256 hash:
41ccfe90282ef9f607a6abfcce0ff6af362970d454a568fe2d214dc4c3a7b17b
MD5 hash:
dabe7dbfe8d5f7876eb11df42212a698
SHA1 hash:
8bb7e3b10363342bf4936fda9b355c690315a368
Link:
https://www.unpac.me/results/509715fc-5cb8-4fd8-b22a-51bc77fe10b2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.88
Link:
https://yomi.yoroi.company/submissions/41ccfe90282ef9f607a6abfcce0ff6af362970d454a568fe2d214dc4c3a7b17b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time
Rule name:IPPort_combo_mem
Create hunting rule
Author:James_inthe_box
Description:IP and port combo

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/171519/

Comments