MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 471913bb2b60fdac12937d6703684014f13efc93d2e161c46e0dbc0cf6d6da70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Adware.Generic

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	471913bb2b60fdac12937d6703684014f13efc93d2e161c46e0dbc0cf6d6da70
SHA3-384 hash:	93056c85991c383fd57851b8846b4ca8e0991d0351d2c9bae7a590ddf67e4a799e8a9e6e54c45b2f8e6c690d16a2fbb4
SHA1 hash:	164a272787758db23832df8f843d369f8de88148
MD5 hash:	6b48f5cd7932f393bc0445f6f88398ae
humanhash:	vermont-one-early-happy
File name:	471913bb2b60fdac12937d6703684014f13efc93d2e161c46e0dbc0cf6d6da70
Download:	download sample
Signature	Adware.Generic Create hunting rule
File size:	307'630 bytes
First seen:	2020-11-12 14:10:01 UTC
Last seen:	2024-07-24 13:46:56 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	7c2c71dfce9a27650634dc8b1ca03bf0 (160 x Loki, 58 x Formbook, 55 x Adware.Generic)
ssdeep	6144:LEQTP9Ubws1pNhWgrd4LsEDIJPzQNmYX8fl6fwNzUY7+AbjCkCATVjH:RP9SB1pygrd4Lsge7QT8N6fwdVHbOLAB
Threatray	4 similar samples on MalwareBazaar
TLSH	1E64129DFB68E0A7F88112F21C7A2B735DE99AA7211C87CF3B441F9B305A606464D353
Reporter	seifreed
Tags:	Adware.Generic

Intelligence

File Origin

# of uploads :

2

# of downloads :

83

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Downloader.Soft32downloader-6691270-0

PUA.Win.Adware.Browserio-6725861-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/471913bb2b60fdac12937d6703684014f13efc93d2e161c46e0dbc0cf6d6da70/

Threat name:

Win32.Trojan.Wacatac

Status:

Malicious

First seen:

2020-11-12 14:12:08 UTC

AV detection:

19 of 29 (65.52%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

75eaef3ff85ebf0dc881f81c8e736308e7a70b1274c95a131c9ecf281a0abfbd

b95f07b7085e31d9ec3502ee4d48f7ed72874922fc12a76c306ce7e9e2d108a8

d42c263c86ca45c6c1c3a7dff0e312ae91fb6db3626fac0c670f94da9249b5a2

d78fd3b8cb9c914dee5e60da793e2860f7fcf0393be067876bd3a00daf37a8e2

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201112-j9jgs7yjsx/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Unpacked files

SH256 hash:

471913bb2b60fdac12937d6703684014f13efc93d2e161c46e0dbc0cf6d6da70

MD5 hash:

6b48f5cd7932f393bc0445f6f88398ae

SHA1 hash:

164a272787758db23832df8f843d369f8de88148

Link:

https://www.unpac.me/results/e14046c7-2868-463a-a556-1e7bbee68675/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample