MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d6ffdb9c2284b339103a293a94b37be7d7dc114e022fbcb101527b1bd7e7b8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	4d6ffdb9c2284b339103a293a94b37be7d7dc114e022fbcb101527b1bd7e7b8a
SHA3-384 hash:	f514c5141364a746912dab2a179d5db2611dd037dab42b7cea31d530a328f72a9d6fde2ea2c5da625b580794525233a8
SHA1 hash:	e9dafd8bc1c18a05a70877c1571f83fb726da23f
MD5 hash:	1a05562fe6dff22069e27733d6046a6b
humanhash:	white-six-coffee-october
File name:	08400899.exe
Download:	download sample
File size:	8'704 bytes
First seen:	2023-06-09 06:58:21 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0c3803208d2e42d5a9cb2491fd520ab6
ssdeep	192:nBIx8diYKE9tUCKJ0eiMulXzhgjsl/nQVZNy+:BAEnKJ7itlXVH/QLs
Threatray	403 similar samples on MalwareBazaar
TLSH	T1B7027EDBB735C1E2C5A3C2F411B6FAABA6DC79F222FC1993099A416251C129584891CD
TrID	63.5% (.EXE) UPX - NRV compressed Win32 Executable (123569/9/15) 13.9% (.EXE) UPX compressed Win32 Executable (27066/9/6) 13.6% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4) 3.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 2.3% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	Neiki

Intelligence

File Origin

# of uploads :

1

# of downloads :

84

Origin country :

DE

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

Joke.Win32.exe

Verdict:

Suspicious activity

Analysis date:

2022-07-05 08:27:34 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/0a9f9128-ae0f-455e-ae40-e8ef525e25a8

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/397180/

Detection(s):

Win.Joke.Joke-6133798-0

Win.Joke.Train-8

Result

Verdict:

Malware

Maliciousness:

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware lolbin packed revolution rundll32.exe virus

Link:

https://www.filescan.io/uploads/6482cdb7d9c56cc8fb433008/reports/f9c6d38b-b8c2-4f8c-a812-357be9f80234/overview

Verdict:

Malicious

Labled as:

Train joke

Link:

https://www.hybrid-analysis.com/sample/4d6ffdb9c2284b339103a293a94b37be7d7dc114e022fbcb101527b1bd7e7b8a

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/832cfdee-d1e4-4b43-a3fa-e62ed88979ea

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1251728

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4d6ffdb9c2284b339103a293a94b37be7d7dc114e022fbcb101527b1bd7e7b8a/

Threat name:

Win32.PUA.IconScroll

Status:

Malicious

First seen:

2011-06-22 21:14:00 UTC

File Type:

PE (Exe)

Extracted files:

1

AV detection:

32 of 37 (86.49%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jvx73oocfbftheidukj2sszxxz6x3qiu4arpxsyqcut3dpl6pofa._file

Verdict:

malicious

Similar samples:

3ec24235db92db96f37d5afed64ae370a92fe0d96ddcf396f907b4a48ffc96b9

7eed0a7abb529f2d7208babe7ab96ea673878fad3fcd7779340b4d6dc3d8468e

9ed20e145000de987d91695be5537f6b3cadec06e47254d768e158c3a7582bb7

a724bc0aa0fe8122c3ff1d2d8c90e717c506f3aaea8060f89559250d4fe89ed1

a9503a3d998e705c37d3bec7fea0ff188bcf7e753833c8b4b195e590c4ed9625

d2203b6d272d44b7abc66e290c3b79767428168b077a16ded1db0babbe34f333

dca84ac7fbc6543a8ff0d1bca89362221b2eb91a3004c6feda2f1a50a85d19d0

ee0b391207e7683b26991bc7e5c65c26bb5eeb4460676ec8c7cdfb636fa399e7

f2d15ae071e44f720e0351ff7aec9772adeefe7243d0804997f3b85fceb1dbff

+ 393 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

upx

Link:

https://tria.ge/reports/230609-hr3l6abc45/

Behaviour

UPX packed file

Unpacked files

SH256 hash:

96b5ee75a33f3bc85d375d9553d10d3fa2e83dea1e3b51fdd3b880522b31819a

MD5 hash:

389128ccb34c42db3be5ac133bddb3e9

SHA1 hash:

a6703ab2966a3fa823efc8212e5baa8593b153d5

Link:

https://www.unpac.me/results/651b6ee1-c180-4441-b36c-1a438327d4bb/

SH256 hash:

4d6ffdb9c2284b339103a293a94b37be7d7dc114e022fbcb101527b1bd7e7b8a

MD5 hash:

1a05562fe6dff22069e27733d6046a6b

SHA1 hash:

e9dafd8bc1c18a05a70877c1571f83fb726da23f

Link:

https://www.unpac.me/results/651b6ee1-c180-4441-b36c-1a438327d4bb/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Train

Score:

0.40

Link:

https://yomi.yoroi.company/submissions/4d6ffdb9c2284b339103a293a94b37be7d7dc114e022fbcb101527b1bd7e7b8a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/397180/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample