MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45d473eb0961855e45ba3bc0afb395aed0f772e7c8a477d40d4f43e5494ca9f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45d473eb0961855e45ba3bc0afb395aed0f772e7c8a477d40d4f43e5494ca9f7
SHA3-384 hash: 47e3c6eeccc5d6c5f73b02b4b83b4f5c77ffd2651e21c7094fef53cb97ff6f49c42cbceb8fb21cf86252d1a237201652
SHA1 hash: 2ddd385b97873b29cfc9ff0a5259d43f2bdcacac
MD5 hash: 347e47a74a37ced9882afb8a14433083
humanhash: robert-cat-louisiana-salami
File name:45d473eb0961855e45ba3bc0afb395aed0f772e7c8a477d40d4f43e5494ca9f7
Download: download sample
File size:5'109'248 bytes
First seen:2020-11-10 11:37:39 UTC
Last seen:2024-07-24 13:43:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ddbbed1e26baed238de562826f1176f
ssdeep 98304:Wz+aY3C26m37RZrsM62mZxe2FY3OV87DtzfKH0sCKaCW:uY3v3LR9CG2u7YhaCW
Threatray 17 similar samples on MalwareBazaar
TLSH 2436237257251284D1E5CC398637BEE471F7132F8F40B8B86D9BADC914224F2E227A97
Reporter seifreed

Intelligence

File Origin
# of uploads :
2
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/528769
Signature
Detected VMProtect packer
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 313481 Sample: Higg80wYYr Startdate: 10/11/2020 Architecture: WINDOWS Score: 48 10 Detected VMProtect packer 2->10 12 Machine Learning detection for sample 2->12 6 Higg80wYYr.exe 2->6         started        process3 process4 8 WerFault.exe 20 7 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/45d473eb0961855e45ba3bc0afb395aed0f772e7c8a477d40d4f43e5494ca9f7/
Threat name:
Win32.Trojan.Cometer
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 00:07:54 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
095721924420baff3670898412fc911ff32540544e8fad5495d334cded931270
2aaad8177d08507b09dc3d419b4d31f65db6fe6bc6314ffce650b9fc57f0817c
2ace0be70434934b6e140f679a0c1551dd589abedfb1f6abeb5ceffaf0a1b9d9
3e5bbf9fcae918011ec4eee75ac6402fddf20d09fef95b362d0e226d56b80f1d
6285cf98c96fdfa826a2d5e4de045bb84dfc7e05d21b561c54a5b63ad2c298e1
7e17e9de1f6643f57b6cda4a921b025a9caf5689728b0af2f653887f41e2c318
84783081ade87f5a4a1902a275eb66c7fe8ebef9e43cdd2d4527bdb1a5a51f04
a3c2207806f9be710f3a1d1cbf1149a708bb080946e2368c8e826f5cef2293e4
ac839669e7e0d6b42bf9517cc6f4db88c9eacc678df15c1c45be1771309cb020
b634177f6a7b2c970dbc79ab94aa911d31ae2559456bae1f0fbe08d6d340f0ba
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
vmprotect
Link:
https://tria.ge/reports/201110-bz36qa6kq6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
VMProtect packed file
Suspicious use of NtCreateProcessExOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments