MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4977092255012b7f607600c46e90b6cd48a5cea85a6325146c5ed2f3a25293a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4977092255012b7f607600c46e90b6cd48a5cea85a6325146c5ed2f3a25293a8
SHA3-384 hash: 4b0f0fc82ef59b9a4f58d9476f5baaf981f0da7babd1e365ec5684ad0d26236263d88976b7060460f8e6edaace809bc8
SHA1 hash: 4d1aa27c52af4aa95e91150cd39187dcfe181620
MD5 hash: 516462d0690868091d2bb91873a3fb17
humanhash: beryllium-grey-march-table
File name:516462d0690868091d2bb91873a3fb17.exe
Download: download sample
File size:7'266'640 bytes
First seen:2023-07-24 15:28:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c6e51dda1622035b42b177c9afe67c30
ssdeep 196608:e1DNr558bhV8dkwDsb6M31fyU3Gt2UlWt9G5SkKuB/ah3kM:e1DNFabhV8d9+d1fj3k2woJuQFkM
Threatray 34 similar samples on MalwareBazaar
TLSH T1A376121AB9648C34D593D0331015D6A39205D68EBA18DBCF23B11D0AFEF55EB8B12BED
TrID 43.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
22.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
9.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.2% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 1a3e69c8f012dcd9
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
264
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/431255/
Detection(s):
PUA.Win.Downloader.Driverpack-6717506-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a window
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/4977092255012b7f607600c46e90b6cd48a5cea85a6325146c5ed2f3a25293a8
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/e52b668e-1b11-4a5e-83d0-97e7724fea97
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1278637
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1278637 Sample: 9fupMnMfB6.exe Startdate: 24/07/2023 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 9fupMnMfB6.exe 2->6         started        process3 process4 8 javaw.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4977092255012b7f607600c46e90b6cd48a5cea85a6325146c5ed2f3a25293a8/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-07-23 02:57:29 UTC
File Type:
PE (Exe)
Extracted files:
2773
AV detection:
9 of 38 (23.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jf3qsisvaevx6ydwadcg5efwzvekltviljrskfdml3jphisssoua._file
Verdict:
unknown
Similar samples:
0b5fee2fdcc82f062b412a22a3fc3e5e52257da160cc83de0b569b41da5513f7
14966a7a72a99444cae654f28e2bc4dbb92b7af8e75e98045ba5ffedce4a3407
2221ff7ad5fbb6e42a65b10f3317ddab5616e1c90ab40647075a17db5788f907
24a9c6dabac2cff15f96de43dc26aed74ac750e66fd239d2330c0bdaa65542d1
2cdd9e76cebe68ba75d1e43ff4759147b9c27a9cf66624590caba9bf8c405431
7ee83c2c5f7d401f2531598194d8f98b51369914299d0240994fdd773799e9f7
87e18f4cc965ba6a9b30326b7332196eb08c75e8bd213c5f8f77bb7e6834c842
9785e32632c3b6b652f3fd3e0d4624b23090140e4cd14f0ae85819f243d93615
da44ee4f0906dccee0c4653f9ada9668b3588b1821ebc52f0e99b15b1dfa414e
dd61ac8cd411106cef32fbc71827d92609ccfb3941e70294badbb07910e4b700
+ 24 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230724-swbz4sfd6x/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
4977092255012b7f607600c46e90b6cd48a5cea85a6325146c5ed2f3a25293a8
MD5 hash:
516462d0690868091d2bb91873a3fb17
SHA1 hash:
4d1aa27c52af4aa95e91150cd39187dcfe181620
Link:
https://www.unpac.me/results/8532c5eb-8a44-4a20-bd80-a12c82539b11/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.63
Link:
https://yomi.yoroi.company/submissions/4977092255012b7f607600c46e90b6cd48a5cea85a6325146c5ed2f3a25293a8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4977092255012b7f607600c46e90b6cd48a5cea85a6325146c5ed2f3a25293a8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2557677/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/431255/

Comments