MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 4eba421dcb1114fb978da0b2387681db29daea8d9b16e29beec2e807a8c10d52. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 8
| SHA256 hash: | 4eba421dcb1114fb978da0b2387681db29daea8d9b16e29beec2e807a8c10d52 |
|---|---|
| SHA3-384 hash: | 9e0f6689dec59dbc6b7eaf69e34bc8f6b2d3b2e0ab7cdd7f7933dc7fa19a81e889a5bb9e6606c801b9453adc78f460ee |
| SHA1 hash: | 608d812c6956ffc783fbd4226c2018e68e5d796f |
| MD5 hash: | 3a1662a9941295dfff37e59a0cfc89c2 |
| humanhash: | north-burger-hydrogen-william |
| File name: | SecuriteInfo.com.Trojan.DownLoader29.60837.11964.9143 |
| Download: | download sample |
| File size: | 2'251'776 bytes |
| First seen: | 2022-04-21 15:13:05 UTC |
| Last seen: | Never |
| File type: | |
| MIME type: | application/x-dosexec |
| imphash | f7ac28d1b20db91e8844beffb4d4a24e |
| ssdeep | 24576:J+nQP/ebfxnM3WYQ7XPZGl2xZEgTnR3coBB9SDR2/lqaJX1JkGQ+:Mw/eZBnlpB3SDg/ZX1SGQ+ |
| Threatray | 26 similar samples on MalwareBazaar |
| TLSH | T114A55C13B784663FC4AB0A3B8567A654D83F6B616A16DC4F47F40C4C8F391452E3AA2F |
| TrID | 55.9% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9) 14.1% (.EXE) Win64 Executable (generic) (10523/12/4) 8.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.0% (.EXE) Win32 Executable (generic) (4505/5/1) 4.0% (.MZP) WinArchiver Mountable compressed Archive (3000/1) |
| Reporter | |
| Tags: | dll |
Intelligence
File Origin
# of uploads :
1
# of downloads :
208
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Sending a custom TCP request
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
clipbanker control.exe dealply expand.exe greyware keylogger replace.exe virus
Malware family:
SpyBanker
Verdict:
Malicious
Result
Threat name:
Deal Ply
Detection:
malicious
Classification:
evad
Score:
84 / 100
Signature
Antivirus / Scanner detection for submitted sample
Creates autostart registry keys with suspicious values (likely registry only malware)
Multi AV Scanner detection for submitted file
Rundll32 performs DNS lookup (likely malicious behavior)
Sigma detected: Suspicious Call by Ordinal
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Threat name:
Win32.Adware.DealPly
Status:
Malicious
First seen:
2019-08-08 03:50:22 UTC
File Type:
PE (Dll)
Extracted files:
15
AV detection:
19 of 42 (45.24%)
Threat level:
1/5
Verdict:
malicious
Similar samples:
+ 16 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
3/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
fdfb07b2bcddeff508967c147dd885b5801d988dc756e4b6a0e00be2779b6cc8
MD5 hash:
b0f9e8e798548ee68731d0431f384836
SHA1 hash:
d33624ce452f172619a5f9793914eb22c1b7aa54
SH256 hash:
4eba421dcb1114fb978da0b2387681db29daea8d9b16e29beec2e807a8c10d52
MD5 hash:
3a1662a9941295dfff37e59a0cfc89c2
SHA1 hash:
608d812c6956ffc783fbd4226c2018e68e5d796f
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.