MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 4b65d2994a5df65ac893bfc03f1d052623ec387f974798654e593db284d4dfe4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Adware.Generic
Vendor detections: 10
| SHA256 hash: | 4b65d2994a5df65ac893bfc03f1d052623ec387f974798654e593db284d4dfe4 |
|---|---|
| SHA3-384 hash: | f3b4781372d16118512fb3587139c2379a77bbb6a8a9bece0f0073fbf58d152e5ce007133317f3e6f55441c0695be2c6 |
| SHA1 hash: | 68221513bb666ea948e15b8cc7b301ca9bab0c13 |
| MD5 hash: | 8043aaa7e52aa679354252db31fae9b8 |
| humanhash: | thirteen-charlie-orange-whiskey |
| File name: | script_hack_412.exe.exe |
| Download: | download sample |
| Signature | Adware.Generic |
| File size: | 2'921'144 bytes |
| First seen: | 2021-10-18 21:17:22 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | e00de6e48b9b06aceb12a81e7bf494c9 (20 x Adware.Generic, 1 x CoinMiner) |
| ssdeep | 49152:GG5UfgBTFurx12F+zAaSHV2wopAma07VDWktrGuDUlv/9TNU0LXeRINBNn:GG5QgC1lEBHVDoVa0R6mBUl9u0KRkn |
| Threatray | 72 similar samples on MalwareBazaar |
| TLSH | T1C9D533013EF584BAF4921972BEA97F96E096E39CDC9288933344832C1BBAF55C33515D |
| File icon (PE): |  |
| dhash icon | 92e0b496a2cada72 (11 x Adware.Generic, 5 x Adware.InstalleRex, 2 x Adware.Yantai) |
| Reporter |  JaffaCakes118 |
| Tags: | Adware.Generic exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
322
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
script_hack_412.exe.exe
Verdict:
Malicious activity
Analysis date:
2021-10-18 21:17:11 UTC
Tags:
installer
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Using the Windows Management Instrumentation requests
Creating a file
Moving a recently created file
Launching a process
Delayed writing of the file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
42 / 100
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.PUA.InstallCore
Status:
Suspicious
First seen:
2021-10-18 21:18:05 UTC
AV detection:
16 of 45 (35.56%)
Threat level:
1/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 62 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
8/10
Tags:
discovery
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks for any installed AV software in registry
Checks installed software on the system
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
ca4122fb9489feb7ee19fed8a7c193d991cb6582534590256b31aaafb6648e5f
MD5 hash:
4e443a02d2cec64df38547017bbe08cf
SHA1 hash:
dbca58c34a1977129b9ebd7adedecb530efe8c7b
SH256 hash:
497cfe8bbac5558e8358126bbc0c389d3924083b5f952ea7e178e25d56e10134
MD5 hash:
25c9b89b3dbf410fb648ff59f94b0727
SHA1 hash:
95dbced9504b8861d6662840dce2649c9502a6b0
SH256 hash:
08ff93f23f39f60c572018094ec340ae8263f86d6f20d43c372afe58732d6284
MD5 hash:
d13b63aca8ccc553207db88a4203646c
SHA1 hash:
88fbd2a7dbe84bdad383eda1d2d21f13540561cb
SH256 hash:
1e95cc4acb907b3af3f1c156ec77bacea10182c00b36be2cb4558df098a6c162
MD5 hash:
faa41bc93d94ee03633dd70ffd068406
SHA1 hash:
5af019e5ee309ef6cde2c44f68b8282690840adf
SH256 hash:
0e9d1a74b975bdcccc6f5c585555f233cd03755045388246fe093d0fbafc9c37
MD5 hash:
c60f67ceae69c400f3b306ac81537d9d
SHA1 hash:
d26a815897dbba525a5922845cb711a121fb4be1
Detections:
win_karkoff_auto
SH256 hash:
4748181279feb267a57b502900a846719206524fb6c7b110e053f77781e827a8
MD5 hash:
77820ac06269afac2a5afb83ba22de4a
SHA1 hash:
b8f7221e140d7b2a648f0c354ffe9b70306e164b
SH256 hash:
54f110e52738a5b3a9e425924828cef3c071bec32f804b5f078613a3ad30ef29
MD5 hash:
c775693bc6cd965a62333abe5948885b
SHA1 hash:
8cfeab669f8d9232ee11e897c49c3dcc1e7eea31
SH256 hash:
840387e7e2e86360ae62a1509002ce79eeaac1c9b4f6afffd579df1a68069603
MD5 hash:
b2152756c2a2cdf4ee53f0398b4b86b9
SHA1 hash:
6a9d1626c1428e76afeeb0331cd3eb7160f82553
SH256 hash:
a9099abdbb02d2ba008b2e185855cec2033cee2b0436bea806c5285201400adb
MD5 hash:
b8f3284430900b15315cba038db77c94
SHA1 hash:
27424dd7bc3a135e26246fdb1dc3c2c8077017f0
SH256 hash:
4b65d2994a5df65ac893bfc03f1d052623ec387f974798654e593db284d4dfe4
MD5 hash:
8043aaa7e52aa679354252db31fae9b8
SHA1 hash:
68221513bb666ea948e15b8cc7b301ca9bab0c13
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.67
YARA Signatures
MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.
| Rule name: | INDICATOR_KB_CERT_1e508bb2398808bc420a5a1f67ba5d0b |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables signed with stolen, revoked or invalid certificates |
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.