MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d791f4e9af710f39f7f42df9db2945ad95d88d233297eae85363a7bf3e01ca6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA 1 File information Comments

SHA256 hash:	4d791f4e9af710f39f7f42df9db2945ad95d88d233297eae85363a7bf3e01ca6
SHA3-384 hash:	795d2a8004d38d0f33f8ab256fcf8fe87eb79af192c340ae32273505f0739faabb653799d0fc7c4a988dcaad4afac356
SHA1 hash:	ca0be3a875e8841a2d1f08e3c6ff11b654a7327d
MD5 hash:	89385a136e7f91b749eed1a6a56837b2
humanhash:	venus-nineteen-berlin-hawaii
File name:	4d791f4e9af710f39f7f42df9db2945ad95d88d233297eae85363a7bf3e01ca6
Download:	download sample
File size:	13'927'224 bytes
First seen:	2020-11-10 10:52:38 UTC
Last seen:	2024-07-24 14:05:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f3067a98da30d07f0e34d9dc98fd5c19
ssdeep	393216:nzqPGIRwNKHqayj6FWBScBqG1Iqc3Bvg9R3e+cNFZC:euIRwMqE4XV1IX6DObnZC
TLSH	51E6334196D20BA3E280AEBDF3637AA50673485783430A014447BB1EE9BD545BDD3FFA
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Clean

Maliciousness:

Behaviour

Launching the default Windows debugger (dwwin.exe)

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4d791f4e9af710f39f7f42df9db2945ad95d88d233297eae85363a7bf3e01ca6/

Threat name:

Win32.Trojan.GenCBL

Status:

Malicious

First seen:

2020-11-10 10:55:25 UTC

AV detection:

19 of 29 (65.52%)

Threat level:

5/5

Verdict:

unknown

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/201110-aa1g2cfmns/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

4d791f4e9af710f39f7f42df9db2945ad95d88d233297eae85363a7bf3e01ca6

MD5 hash:

89385a136e7f91b749eed1a6a56837b2

SHA1 hash:

ca0be3a875e8841a2d1f08e3c6ff11b654a7327d

Link:

https://www.unpac.me/results/9ec98490-7c88-4e90-a4a7-ad49d95dc26b/

SH256 hash:

dadca335ab25517609326de40001ea5aaeb0bfa1139f3458df26b07209dc121b

MD5 hash:

5f2a0d681844db68511822247258b551

SHA1 hash:

8fc493af235064349122c82d6bdfb010762734c3

Link:

https://www.unpac.me/results/9ec98490-7c88-4e90-a4a7-ad49d95dc26b/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	cert_blocklist_5f78149eb4f75eb17404a8143aaeaed7 Create hunting rule
Author:	ReversingLabs
Description:	Certificate used for digitally signing malware.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample