MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 4a6ffa02ff7280e00cf722c4f2235f0e318e6cc8a2b9968639ba715f1a38c834. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 10
| SHA256 hash: | 4a6ffa02ff7280e00cf722c4f2235f0e318e6cc8a2b9968639ba715f1a38c834 |
|---|---|
| SHA3-384 hash: | ae1ce025870f20a6f93143185eb07d886d33ef2a16e648e26ce7905547ff7592270236267127f39228d464b1740bc213 |
| SHA1 hash: | 43fcebbd637cff9c277b923c6fc9667a08477093 |
| MD5 hash: | 9365b81cc6201ded09a5e3c29bc4158f |
| humanhash: | december-nitrogen-bacon-kitten |
| File name: | myp0912.exe |
| Download: | download sample |
| File size: | 10'300'390 bytes |
| First seen: | 2022-05-15 18:00:48 UTC |
| Last seen: | 2022-05-15 18:36:20 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport) |
| ssdeep | 196608:WVXjbbdpdfqK6TKAg9eoaF2BpZ4Qe8y24ITNhCmfGQNqTxup3y:WtboK6TFg9nLpZNAI7TzNq1upi |
| TLSH | T16DA6233FB368A63EC5AA1B3205739360597B7A65B81A8C1F47F0450ECF2A1701F3B656 |
| TrID | 61.8% (.EXE) Inno Setup installer (109740/4/30) 23.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9) 5.9% (.EXE) Win64 Executable (generic) (10523/12/4) 2.5% (.EXE) Win32 Executable (generic) (4505/5/1) 1.6% (.MZP) WinArchiver Mountable compressed Archive (3000/1) |
| File icon (PE): |  |
| dhash icon | d4e266611919999d (2 x RedLineStealer, 1 x Spambot.Kelihos) |
| Reporter |  cocaman |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
2
# of downloads :
253
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://myprintscreen.com/soft/myp0912.exe
Verdict:
Suspicious activity
Analysis date:
2022-01-13 02:58:34 UTC
Tags:
installer
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
Moving a recently created file
Sending an HTTP GET request
Sending a custom TCP request
DNS request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Query of malicious DNS domain
Sending a TCP request to an infection source
Sending an HTTP GET request to an infection source
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
control.exe expand.exe overlay packed setupapi.dll shell32.dll
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Verdict:
Malicious
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Signature
Creates multiple autostart registry keys
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Obfuscated command line found
Snort IDS alert for network traffic
Tries to delay execution (extensive OutputDebugStringW loop)
Tries to resolve many domain names, but no domain seems valid
Behaviour
Behavior Graph:
Threat name:
Win32.PUA.Superfluss
Status:
Malicious
First seen:
2020-12-11 02:38:52 UTC
File Type:
PE (Exe)
Extracted files:
65
AV detection:
16 of 41 (39.02%)
Threat level:
1/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
10/10
Tags:
persistence suricata
Behaviour
Modifies system certificate store
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Adds Run key to start application
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
suricata: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses
Unpacked files
SH256 hash:
fe1fe00e50bca193949b1568f9364eab328c8de40640aba54e24dd8113608226
MD5 hash:
e9b3282c887b51a18d0af3ef8219093a
SHA1 hash:
e125daa404eaeddb428a522b5f7b420deaf8223c
SH256 hash:
e2b4f058df1edef773af3cb9fcf83e14ab9d3295ac3969b20c8107a8a1d31bee
MD5 hash:
7621e4570163284d1c77b68e1976b73c
SHA1 hash:
b597981092177dc4bb76e4b01f241189c204f032
SH256 hash:
12f1322e2f06cb0746b91039f607257dd80dc87ad4f5bcf60bc3dd4eb247b592
MD5 hash:
c43c18ef971573f4122d93993da9b927
SHA1 hash:
b4e1e855291c3900316d40e7f936c97610ea703f
SH256 hash:
f2089954ba135b289775d64b4b4d7eea96e28db38214610891a65c4c39ce6f3c
MD5 hash:
e0a7df4345af1bd9fe8a4da6012824ae
SHA1 hash:
9e71a0974610f84092f4c70750457b9e085fb29a
SH256 hash:
533238ee4f4c78e7e65af72f90db20785c541433a08a489e206cb051deb0942a
MD5 hash:
cac983634405a0a51d972ab099b005c6
SHA1 hash:
9af622a15bc956c0cb89737be2c27ce3ebd30318
SH256 hash:
8570e1df77e576e82719ae239d4b79e5b34b633a449415fd61ad43bff069ac1a
MD5 hash:
f985f4d5448dafccac2962ab9950acd3
SHA1 hash:
930d5684dfa04c328aef87f7bf86bb48ab4246de
SH256 hash:
858853c0a708768439277e08093ad097ae13594e39ef01e23170a4a6a459ca4d
MD5 hash:
5747a22d80a78b437829904f2444372e
SHA1 hash:
7f448db470a91bb012d5441d9682055b848b987b
SH256 hash:
c21715cfb2a83ce30784e3c8b5c68382c07d1f722b49fbadfee21479d38fed56
MD5 hash:
c90c5f4bf542d797c69b9a494f4f3534
SHA1 hash:
6f7291bc13ae12a05b9059360a9b1241bacbdacc
SH256 hash:
ae3b66d18616d9da116e55cbd02475e54bcfcaca7859edf5c8b1938f80bd680f
MD5 hash:
d1781a3828e2e848b3010148d2dee0c0
SHA1 hash:
69a8d32c7752f109550f9244d37be37da3f61e53
SH256 hash:
2d704bfaf295528f703401eafd41a49fe8d6965e9d33f22f6b7ce10340d56f37
MD5 hash:
60b2d9a5fcef9e5283eda9dc310e370d
SHA1 hash:
402868b608a068ddaecf6e2c63a10a7bccb024b7
SH256 hash:
6f52ec082ea85541c79e8ff11c38be5d9ea117253edaf50d295359b0f8328d15
MD5 hash:
80417d6253a5e3a9c30391b07597113e
SHA1 hash:
295e9a7245a8e9b99f3ecb53f958066b76c078f1
SH256 hash:
fa8be468f46ebbfd4b81455853dee1981d3779ca9bb193725d54891bcc36d22a
MD5 hash:
0061941431988c6bd8dbe840d82128cd
SHA1 hash:
29562dd81499656576cd591b7b4073a0cf84bd6c
SH256 hash:
f463b11c3fa004931fd54ae4a77ead0e991ca1b7cc4193b66c3c393cd1300e51
MD5 hash:
f27ad272823d3e8ceb5af3d27c397e2e
SHA1 hash:
27c8375847ee5d2114b6ce11484577a9b0373929
SH256 hash:
d5e2475fc6a9d563b3484d18a71535b958508aea289b79846f948febda14f089
MD5 hash:
c5144656dc7fcdbb98a2f4ebdcad6dae
SHA1 hash:
21564f5fe3324ba956f07ee7ecc20624fed07fb2
SH256 hash:
38bce497fb268bc746f43094305388fc454ec7a65d7813b1d5cd01b60a2016c9
MD5 hash:
24bb4bbb8ebd84733ef6bd9a33e418c9
SHA1 hash:
177fb9a130ec40d45207c2378ac789be0074d604
SH256 hash:
e0e1400ac6941279f40802554d57981d8bcfb5f0c825ea9adeb4ce14e01a6417
MD5 hash:
2aa4bad90826da7e08555028b6a8bc0f
SHA1 hash:
0a5d7c877eff100ae9da75cb0c0775c36f59118f
SH256 hash:
2a7c339a80a6b68d0ea88276d94fa28e96ee510f41f9e0a9b56020bdcd7a8fd6
MD5 hash:
b4a117d42d8c2a69bd305214386250d7
SHA1 hash:
059f74b7ce596d83ce4d8761785fb332d488f6fd
SH256 hash:
e425cd0c359cf44f8d3d215a44765cf2b6cb691232afa056850da8987e0be6a5
MD5 hash:
c0db63419d93701793441586e392df0f
SHA1 hash:
17b8c9524e4a044138c6c897ea40e0740dfd44cc
SH256 hash:
4a6ffa02ff7280e00cf722c4f2235f0e318e6cc8a2b9968639ba715f1a38c834
MD5 hash:
9365b81cc6201ded09a5e3c29bc4158f
SHA1 hash:
43fcebbd637cff9c277b923c6fc9667a08477093
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.