MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55660dccdc37f6d750552c1ea134aa190a13a5be74b4d887038de2616b930e06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55660dccdc37f6d750552c1ea134aa190a13a5be74b4d887038de2616b930e06
SHA3-384 hash: d1e1fa2e811adcc9f5f0b79a6b5be7d8d3d372e65fbfd83f06aeecef486aa9cf9183fe7c5e5c22032415f7d5dd7595bf
SHA1 hash: 1d8f7cb98e8600fd6bc933fe631aed57854a278d
MD5 hash: 20fd3b7a69769e101ac548eeae7b7313
humanhash: east-bakerloo-nitrogen-yellow
File name:a2fc693d0e06c1e7b0a87db6cc0a6518
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 16:03:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 3072:n0xGgzGnHOclq5i3I/tZA469mI5faFIptb4pLthEjQT6j:n0xEnHOccs3IHlimIxaFakEj1
Threatray 189 similar samples on MalwareBazaar
TLSH 96247C0172A08663E2674B728BF6D3B81D5DFE628B62A137A2D13FCD2DF25704C61761
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the Windows directory
Running batch commands
Creating a process with a hidden window
Creating a process from a recently created file
Creating a file in the Windows subdirectories
Launching the default Windows debugger (dwwin.exe)
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
adwa.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/540219
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Creates an autostart registry key pointing to binary in C:\Windows
Creates autostart registry keys with suspicious names
Creates multiple autostart registry keys
Drops executables to the windows directory (C:\Windows) and starts them
Drops PE files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 319208 Sample: a2fc693d0e06c1e7b0a87db6cc0... Startdate: 18/11/2020 Architecture: WINDOWS Score: 100 100 Antivirus detection for dropped file 2->100 102 Antivirus / Scanner detection for submitted sample 2->102 104 Multi AV Scanner detection for dropped file 2->104 106 4 other signatures 2->106 9 a2fc693d0e06c1e7b0a87db6cc0a6518.exe 2 15 2->9         started        13 NTOYVC.exe 2->13         started        process3 file4 68 C:\Windows\ZUTOH.exe, PE32 9->68 dropped 70 C:\Windows\System\FAAQHMI.exe, PE32 9->70 dropped 72 C:\Windows\SysWOW6472TOYVC.exe, PE32 9->72 dropped 74 11 other malicious files 9->74 dropped 110 Creates autostart registry keys with suspicious names 9->110 112 Creates multiple autostart registry keys 9->112 114 Drops PE files to the startup folder 9->114 15 cmd.exe 1 9->15         started        17 cmd.exe 1 9->17         started        19 cmd.exe 1 9->19         started        22 4 other processes 9->22 signatures5 process6 dnsIp7 25 IJW.exe 2 4 15->25         started        29 conhost.exe 15->29         started        31 NTOYVC.exe 2 4 17->31         started        33 conhost.exe 17->33         started        108 Drops executables to the windows directory (C:\Windows) and starts them 19->108 35 AZAN.exe 2 1 19->35         started        37 conhost.exe 19->37         started        98 192.168.2.1 unknown unknown 22->98 39 GFTYBI.exe 22->39         started        41 ZUTOH.exe 2 1 22->41         started        43 4 other processes 22->43 signatures8 process9 file10 76 C:\Windows\SysWOW64\SNPE.exe, PE32 25->76 dropped 92 2 other malicious files 25->92 dropped 116 Antivirus detection for dropped file 25->116 118 Machine Learning detection for dropped file 25->118 120 Creates autostart registry keys with suspicious names 25->120 45 cmd.exe 25->45         started        48 WerFault.exe 25->48         started        78 C:\Windows\System\DPVHFJ.exe, PE32 31->78 dropped 80 C:\Users\user\AppData\Roaming\...80TOYVC.exe, PE32 31->80 dropped 82 C:\Windows\System\DPVHFJ.exe.bat, ASCII 31->82 dropped 122 Creates multiple autostart registry keys 31->122 124 Drops executables to the windows directory (C:\Windows) and starts them 31->124 126 Drops PE files to the startup folder 31->126 128 Creates an autostart registry key pointing to binary in C:\Windows 31->128 50 cmd.exe 1 31->50         started        84 C:\Users\user\AppData\Roaming\...\AZAN.exe, PE32 35->84 dropped 52 WerFault.exe 35->52         started        86 C:\Users\user\AppData\Roaming\...behaviorgraphFTYBI.exe, PE32 39->86 dropped 88 C:\Users\user\AppData\Roaming\...\ZUTOH.exe, PE32 41->88 dropped 54 WerFault.exe 41->54         started        90 C:\Users\user\AppData\Roaming\...\FAAQHMI.exe, PE32 43->90 dropped 56 WerFault.exe 43->56         started        signatures11 process12 signatures13 58 SNPE.exe 45->58         started        62 conhost.exe 45->62         started        136 Drops executables to the windows directory (C:\Windows) and starts them 50->136 64 DPVHFJ.exe 50->64         started        66 conhost.exe 50->66         started        process14 file15 94 C:\Users\user\AppData\Roaming\...\SNPE.exe, PE32 58->94 dropped 96 C:\Users\user\AppData\Roaming\...\DPVHFJ.exe, PE32 64->96 dropped 130 Creates autostart registry keys with suspicious names 64->130 132 Creates multiple autostart registry keys 64->132 134 Drops PE files to the startup folder 64->134 signatures16
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55660dccdc37f6d750552c1ea134aa190a13a5be74b4d887038de2616b930e06/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 16:09:50 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
03a54d3b7cf0d1f321fcb5453df8a03ce9578f6c807611ba00ce0fa27711e2c6
0b942c73fa2018c9a8ae7679306606f38eaaa9e6f8e223ebc87c78ec71678a54
3fba18cd0da590c6e176aad69b89f3cec04f0f5dccf9a5d9788b5b9321269198
494e6ffe7fd77e2810a4edc7bef8717c32397466ef5fbf2639e8a16a76a4331a
743826d85a6d09cc72c7502f8b887fc1bcdc77428f057aadee0dd1afd5b8f392
8898ce01761e5d52855090f46470430143457d2ac26993dc1ccf60f68e5443ef
946c44fb38699cf220e56947c0cab59a5c37f443a0d2b519db6ec60108947e29
9dd41de95c73c14fe51a5ec3955d93809f7e30dc558bb5d1e47fa2e7ff4be8f9
bcacc8ff565ff1c5450dbcb891ddcec02e1106edcc2ac8af7c5dc880a3aaed5a
bd7209d63ac38aa235209d97015d12a13a5bb1141a8bc96079d5bcef62c1b6d9
+ 179 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
55660dccdc37f6d750552c1ea134aa190a13a5be74b4d887038de2616b930e06
MD5 hash:
20fd3b7a69769e101ac548eeae7b7313
SHA1 hash:
1d8f7cb98e8600fd6bc933fe631aed57854a278d
Link:
https://www.unpac.me/results/99c78c6d-39f0-40d9-ad07-c6207ad1818a/
SH256 hash:
f62a5ab9ecb72c021daac71354edb754503931ccbb84705436ffc888fd9579bb
MD5 hash:
52b054187c7fc7b8c96a2abc705c524a
SHA1 hash:
ea6929a2cc9331003fc5f0c086dbcaf3e246f834
Link:
https://www.unpac.me/results/99c78c6d-39f0-40d9-ad07-c6207ad1818a/
SH256 hash:
408cb02a02dd342baf5ce2e971e3116557e348b1973018eaebb3b3eebb4faa89
MD5 hash:
1f373ececb4a14974494c265631acdf2
SHA1 hash:
9d98a8b51b6a1cd1417f2faa8cc5bfdc587facf9
Link:
https://www.unpac.me/results/99c78c6d-39f0-40d9-ad07-c6207ad1818a/
SH256 hash:
feadc800771d780e2d421a886e365b425737340aadca40891d473aeb0f2343a3
MD5 hash:
97369b50c6abb8de0960a5b0ed16b4a4
SHA1 hash:
fecb2be49f75724439cf1a93774f00b6213f1e21
Link:
https://www.unpac.me/results/99c78c6d-39f0-40d9-ad07-c6207ad1818a/
SH256 hash:
c85c76f113d2001f0471e066eee3d28d001d01a431abbe3e431aa4cd0a50601e
MD5 hash:
9ec65afdde78a4e3432690858d290f61
SHA1 hash:
e7497e149a8b15b322be61daccd907d946a75b79
Link:
https://www.unpac.me/results/99c78c6d-39f0-40d9-ad07-c6207ad1818a/
SH256 hash:
f5e88a6718260b81d56a74cb75ff449a492be03bd593d8b90e09db82f8705ba6
MD5 hash:
d5bf6326f283a4e6eef4cdb200740a45
SHA1 hash:
fd769cef0d05439b99ae641f91e0c89046897028
Link:
https://www.unpac.me/results/99c78c6d-39f0-40d9-ad07-c6207ad1818a/
SH256 hash:
3cf22f4a58e140d74ca1cae835bf06dcba0107a7021c7812d4d9916ee314b967
MD5 hash:
2ad95a2280a18b4bd9235ba86ab77bf3
SHA1 hash:
5f90fa2a16ba9bb9e927ffaaa5e17cf828dd636b
Link:
https://www.unpac.me/results/99c78c6d-39f0-40d9-ad07-c6207ad1818a/
SH256 hash:
3d3fc65ce7cd2bb691e1a984a3a1cc850ab23415d8ab2ef33622182ebeb35826
MD5 hash:
a14d56b26f20a26a5ca72009a21e4c0d
SHA1 hash:
de4eb7cdc51975889184f48abcea06f0bc7280b0
Link:
https://www.unpac.me/results/99c78c6d-39f0-40d9-ad07-c6207ad1818a/
SH256 hash:
d6fdd7204ac3652f70b165dffbf55ca001978b5cb937a04a4d099446accb963f
MD5 hash:
71aada48295e67051276dd1d0fcc2e0c
SHA1 hash:
7a6284f08306006158744c92c3baa67a762ffdde
Link:
https://www.unpac.me/results/99c78c6d-39f0-40d9-ad07-c6207ad1818a/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments