MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 464cc5b5b281c2e7fbf8a4b5b944243605c71cbbeb97faff10bdd6d89951dc3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 464cc5b5b281c2e7fbf8a4b5b944243605c71cbbeb97faff10bdd6d89951dc3f
SHA3-384 hash: a6651fa339aab4749420d8b6e822ed23b3443d42656bc31e2fe4fd5826246cc531e3381ef35cbce8b8d9136acf1a2e18
SHA1 hash: f4a9ec8351ea64663ac0daa9f1a3faac6b3a4372
MD5 hash: 668951cdedc8d7a87ecfdce43602cc14
humanhash: juliet-yellow-burger-mexico
File name:464cc5b5b281c2e7fbf8a4b5b944243605c71cbbeb97faff10bdd6d89951dc3f
Download: download sample
File size:3'560'080 bytes
First seen:2022-08-03 10:28:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5e4d6ff903bbbbd2b4a3402cd209d7e1
ssdeep 98304:+NRgh/x/t7NWq/R0vDf7gf5p9BW7T5vx8L:IG/xaGR0vDfs5dW7Bx8L
Threatray 2 similar samples on MalwareBazaar
TLSH T1ECF5CFDA21503368C01E48385433AE09B1F1961F4B95D5EF76DBAAC067AF8D1E936F0E
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Reporter JAMESWT_WT
Tags:exe Hangzhou Saifan Technology Co. Ltd. signed

Code Signing Certificate

Organisation:杭州赛凡科技有限公司
Issuer:DigiCert EV Code Signing CA (SHA2)
Algorithm:sha256WithRSAEncryption
Valid from:2021-05-26T00:00:00Z
Valid to:2023-04-10T23:59:59Z
Serial number: 0a9343e91620412db67aac27093bdf77
Intelligence: 5 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 4c969bc5c4da2a5f1f5927ba2a66c5730133d8090091f58be3d89dab61c1fd67
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
302
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
464cc5b5b281c2e7fbf8a4b5b944243605c71cbbeb97faff10bdd6d89951dc3f
Verdict:
No threats detected
Analysis date:
2022-08-03 10:33:02 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f99d3de5-4b1c-4c9a-8c67-740559f4d71d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/296155/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
fingerprint overlay packed
Link:
https://www.filescan.io/uploads/62ea4e366336465f2a09c90f/reports/d792f12d-70e6-4e43-b735-80ce83ecef3f/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/8caf743e-740e-4818-8633-7b95a6787f3b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1045529
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/464cc5b5b281c2e7fbf8a4b5b944243605c71cbbeb97faff10bdd6d89951dc3f/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=izgmlnnsqhbop67yus23srbegyc4ohf35ol7v7yqxxlnrgkr3q7q._file
Verdict:
unknown
Similar samples:
517b37b47dc15abc5ae733109d178dde2e34a6f0cc3d9f93b1869c3c576b3d76
7ec1d0796cb4163cec686ae4f9c0b0b8e8ae5572cebcea472616e99552042d20
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220803-mh8t2aaag8/
Unpacked files
SH256 hash:
464cc5b5b281c2e7fbf8a4b5b944243605c71cbbeb97faff10bdd6d89951dc3f
MD5 hash:
668951cdedc8d7a87ecfdce43602cc14
SHA1 hash:
f4a9ec8351ea64663ac0daa9f1a3faac6b3a4372
Link:
https://www.unpac.me/results/987460d1-5ee1-461d-9585-4a22d68919e9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/464cc5b5b281c2e7fbf8a4b5b944243605c71cbbeb97faff10bdd6d89951dc3f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/296155/

Comments