MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 485a5454645f5d90d1b3097336b08dcaa9d4b49db9738a2f953e81081002600d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 485a5454645f5d90d1b3097336b08dcaa9d4b49db9738a2f953e81081002600d
SHA3-384 hash: 3b62195a2c177990b6e9641f258b945d001b5a02fe0261bd1b581b5d4c4e584864367a7490f321fd222e743a0ff5a160
SHA1 hash: 39f2dc79978a6bf937aa588998b14ab05b70ff83
MD5 hash: 18b6865da4d3970fa3c102731ca82d96
humanhash: two-tango-eight-high
File name:2014-06-12_djylh.exe
Download: download sample
File size:1'082'880 bytes
First seen:2021-05-07 04:49:53 UTC
Last seen:2024-03-11 04:09:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 80f37801b18696aa5d4a78f9854a6ace
ssdeep 24576:NxloCukO/lRO0L5BBfS6MNv/jzQjThDzILxk5D:NxeCAbHBfS6mnje4Y
Threatray 120 similar samples on MalwareBazaar
TLSH F23533AD882B5F48F458B2F7C40FAA366159D309C143C7A1A6F175A9F8B57C06C91CCE
Reporter starsSk87264403
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/152386/
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

Win.Malware.Generic-9820446-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Changing a file
DNS request
Sending a UDP request
Creating a file
Searching for the window
Deleting a recently created file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/715639
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential thread-based time evasion detected
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/485a5454645f5d90d1b3097336b08dcaa9d4b49db9738a2f953e81081002600d/
Threat name:
Win32.PUA.FlyStudio
Create hunting rule
Status:
Malicious
First seen:
2014-06-22 09:04:00 UTC
File Type:
PE (Exe)
Extracted files:
69
AV detection:
22 of 31 (70.97%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
1495a59a2300245b0c8cfdfe2e467de7f79a4d287e10e9119a96cdac0a1b7c5b
15de7f8defad6bace8c44bd3bd7725c10c0dc8336a58a7e8d92075a651fd61d0
56133c0d017af35f49253926e3583cf72c36146ab7faa65b6058971685166652
75b388003cc32b680abc3d9b41bc6c435af723de235eaab36a323fddcb906f62
799b7395c9f279d8cd1cd24657788ecb37db7ae03c0dddeb3344a95a551d1325
94b85015bb3beb57e1810aec53712b8158fa10e3a970b0ee65484be34b3073cd
98e4329d418e085edef489875df98f75e772d3d5f96178682e953566e408f525
a4053c9427fa00b62f65abf8ad7760e39df7f7ea0c72ed89375e2076f7cb79a3
b867428ec9adc7134924cf71e05558eb35a64e1ed17ada1d41788fa8a213ed84
fa1462d4e6fce1dbb5c4813cd596555e3a583face9932e173af9913a421fb428
+ 110 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210507-gkad3b5r82/
Behaviour
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Enumerates connected drives
UPX packed file
Unpacked files
SH256 hash:
ca6d29b99869a95430d72222234161fe79f25e05af65c7e5166debb2e59fff70
MD5 hash:
54843f53001275ffcea0e353a55fec5f
SHA1 hash:
7df15909195a14434fc45e914cd1d64df186af77
Link:
https://www.unpac.me/results/9df19468-7b56-4b16-8704-19ec598666f5/
SH256 hash:
4f2e56439b2c2717d8c687ad2a54430ffe19b8cd4cc96fca39166dfec60deeef
MD5 hash:
43db94836418f00a439b5e94567e8ea7
SHA1 hash:
83b4edc89abe0ebbe55b5e28434e5ef57e58d4f8
Link:
https://www.unpac.me/results/9df19468-7b56-4b16-8704-19ec598666f5/
SH256 hash:
485a5454645f5d90d1b3097336b08dcaa9d4b49db9738a2f953e81081002600d
MD5 hash:
18b6865da4d3970fa3c102731ca82d96
SHA1 hash:
39f2dc79978a6bf937aa588998b14ab05b70ff83
Link:
https://www.unpac.me/results/9df19468-7b56-4b16-8704-19ec598666f5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
FlyStudio
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/485a5454645f5d90d1b3097336b08dcaa9d4b49db9738a2f953e81081002600d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 485a5454645f5d90d1b3097336b08dcaa9d4b49db9738a2f953e81081002600d

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/152386/
  
URLhaus
https://urlhaus.abuse.ch/url/197801/
  
Delivery method
Distributed via web download

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-07 05:03:13 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [F0001.002] Anti-Behavioral Analysis::Standard Compression
1) [F0001.008] Anti-Behavioral Analysis::UPX