MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 534912622718c6547f15e57ad07e903e10ffc801f7764d2e1f27b4fca693813a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SystemBC

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	534912622718c6547f15e57ad07e903e10ffc801f7764d2e1f27b4fca693813a
SHA3-384 hash:	c8b527fb0d2dae264d4dfd4fe5469241f4a54776e492ca6748951bf1ce4e44b1eec14d6b3e16164e5ed3f8bf4df13df2
SHA1 hash:	b324de482b279b36216960beedba9f022f910d40
MD5 hash:	abdbb707ddfe3b3d9c21b4aee5121e16
humanhash:	sink-william-shade-zebra
File name:	c5b32f1cdc2a48f1dd2b1623598c24a2635dc57fdab3b4328f1cb3b66f5079ba_dump.exe
Download:	download sample
Signature	SystemBC Create hunting rule
File size:	321'536 bytes
First seen:	2024-08-16 23:09:30 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
ssdeep	3072:oBhhiUWKJzPZNRntAXIRooDxmDyiD2DTDDDvDfzmJ4DTDrDFF9FJ:oDMUWITZznuADQDnD2DTDDDvD5DTDrDB
TLSH	T179643B645B588E12E36F87B5C0590909E7F4548272CBFF8FAD96E0F53C92352BD420AB
TrID	35.7% (.EXE) Win32 Executable (generic) (4504/4/1) 16.3% (.ICL) Windows Icons Library (generic) (2059/9) 16.1% (.EXE) OS/2 Executable (generic) (2029/13) 15.8% (.EXE) Generic Win/DOS Executable (2002/3) 15.8% (.EXE) DOS Executable Generic (2000/1)
Reporter	ukycircle
Tags:	dll SystemBC

Intelligence

File Origin

# of uploads :

# of downloads :

561

Origin country :

Vendor Threat Intelligence

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=66bfdc4daa5b40be0aa04eaa

Tags:

n/a

Verdict:

Unknown

Threat level:

10/10

Confidence:

100%

Tags:

masquerade packed

Link:

https://www.filescan.io/uploads/66bfdc4d32f6d05ff3ce62fc/reports/17b0ece0-f9b5-42c8-82a8-9bc60dd72815/overview

Verdict:

Suspicious

Link:

https://www.hybrid-analysis.com/sample/534912622718c6547f15e57ad07e903e10ffc801f7764d2e1f27b4fca693813a

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/3e123786-9282-4970-ac6c-e32df294befd

Result

Threat name:

n/a

Detection:

clean

Classification:

n/a

Score:

3 / 100

Link:

https://www.joesandbox.com/analysis/1494124

Behaviour

Behavior Graph:

n/a

Score:

94%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/534912622718c6547f15e57ad07e903e10ffc801f7764d2e1f27b4fca693813a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/534912622718c6547f15e57ad07e903e10ffc801f7764d2e1f27b4fca693813a/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=knereyrhdddfi7yv4v5na7uqhyip7sab653e2lq7e62pzjutqe5a._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/240816-25n6gashqb/

Behaviour

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Unpacked files

SH256 hash:

e283a0a51e5fea5d3b64a008e33d42b1e555b5702da9743fc79d744a1603513f

MD5 hash:

343578a6ef1ac36066ea2ec263cf5c78

SHA1 hash:

7c307503fd2ee3a297d2bd20f9e23574517d78ee

Detections:

SystemBC

win_systembc_auto

win_systembc_g1

Link:

https://www.unpac.me/results/0c669fed-1c11-488a-b16a-f192493dcbb2/

Parent samples :

e283a0a51e5fea5d3b64a008e33d42b1e555b5702da9743fc79d744a1603513f
534912622718c6547f15e57ad07e903e10ffc801f7764d2e1f27b4fca693813a
81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa
46e0bbdbdffa58d201e3aa377f77d4f85a7704a60042eaf13d5cedf70808e937
21aaa5319a6729df0581203a0782ead837b848387e44cd1844ca8e19882a50af

SH256 hash:

534912622718c6547f15e57ad07e903e10ffc801f7764d2e1f27b4fca693813a

MD5 hash:

abdbb707ddfe3b3d9c21b4aee5121e16

SHA1 hash:

b324de482b279b36216960beedba9f022f910d40

Link:

https://www.unpac.me/results/0c669fed-1c11-488a-b16a-f192493dcbb2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/534912622718c6547f15e57ad07e903e10ffc801f7764d2e1f27b4fca693813a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample