MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55a47a47c9f85671ee4baa818b11be4da2f4f259254f6722d20270f263373b60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 12

Intelligence 12 IOCs YARA 8 File information Comments

SHA256 hash:	55a47a47c9f85671ee4baa818b11be4da2f4f259254f6722d20270f263373b60
SHA3-384 hash:	c91c8575cbbf6c46e67dcc6e9317dc85548399b7b37c01e8e2a06f4fe54c300c62ed0cca680be12bbc79f5f9247c1775
SHA1 hash:	9420283bdc61f2ca6852c501ad3b40fa4c54e852
MD5 hash:	ea3863514783af49c9d1cd39edb9a8c7
humanhash:	ten-uniform-spring-high
File name:	55a47a47c9f85671ee4baa818b11be4da2f4f259254f6722d20270f263373b60
Download:	download sample
File size:	944'624 bytes
First seen:	2025-05-28 07:28:26 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1cfc353a97c0a7b169e7623c99b4fc77
ssdeep	24576:Qfw0cU8o6BVuJt4iy50qev8e1xLhrhHpHgqgnmsF:a4xGJt4/wvj1xLhrhHpHgZn5
TLSH	T1F515AE45F19148F9C545653049ABA73BEB353A050B15CBCB63A8CE192F332F1AE3A376
TrID	38.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 20.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 13.0% (.EXE) Win64 Executable (generic) (10522/11/4) 8.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika	pebin
Reporter	JAMESWT_WT
Tags:	25-4-16-2 exe signed

Code Signing Certificate

Organisation:	MEDIATEK INC.
Issuer:	VeriSign Class 3 Code Signing 2010 CA
Algorithm:	sha1WithRSAEncryption
Valid from:	2014-05-26T00:00:00Z
Valid to:	2017-06-24T23:59:59Z
Serial number:	56f008e69a7c4c3feb389c66eaf58259
Intelligence:	17 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	322be21fe24713b9a5455f96f109c0621bea49279f498619759c48a1185ddee2
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

421

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

55a47a47c9f85671ee4baa818b11be4da2f4f259254f6722d20270f263373b60

Verdict:

Suspicious activity

Analysis date:

2025-05-28 07:39:12 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/db6f5712-a8b5-4d62-b479-0ba9f00d798d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/5980/

Detection(s):

Win.Malware.Fragtor-10040859-0

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6836bdfeacf88f5815e7d6d0

Tags:

flystudio injection dropper virus

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Creating a window

Creating a file in the system32 directory

Enabling the 'hidden' option for recently created files

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

adaptive-context expired-cert flystudio keylogger microsoft_visual_cc revoked-cert signed

Link:

https://www.filescan.io/uploads/6836bb63fd02ed5e058be709/reports/302c19a6-e039-4134-9b75-42695ee24ac8/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_70%

Link:

https://www.hybrid-analysis.com/sample/55a47a47c9f85671ee4baa818b11be4da2f4f259254f6722d20270f263373b60

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/5116e735-1fde-44f6-9c15-729e0acff105

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1700481

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/55a47a47c9f85671ee4baa818b11be4da2f4f259254f6722d20270f263373b60

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/55a47a47c9f85671ee4baa818b11be4da2f4f259254f6722d20270f263373b60/

Threat name:

Win32.Malware.Heuristic

Status:

Malicious

First seen:

2025-04-16 00:03:20 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

18 of 36 (50.00%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kwshur6j7blhd3slvkaywen6jwrpj4szevhwoiwsajypeyzxhnqa._file

Result

Malware family:

n/a

Score:

5/10

Tags:

discovery

Link:

https://tria.ge/reports/250528-jbnczacq81/

Behaviour

Suspicious use of SetWindowsHookEx

System Location Discovery: System Language Discovery

Drops file in System32 directory

Verdict:

Malicious

Tags:

Win.Malware.Fragtor-10040859-0

YARA:

n/a

Link:

https://app.threat.zone/submission/40138fd0-efb3-4a04-a715-3aa6d79d41e1

Unpacked files

SH256 hash:

55a47a47c9f85671ee4baa818b11be4da2f4f259254f6722d20270f263373b60

MD5 hash:

ea3863514783af49c9d1cd39edb9a8c7

SHA1 hash:

9420283bdc61f2ca6852c501ad3b40fa4c54e852

Link:

https://www.unpac.me/results/d3b1fb6f-72ce-42af-ac5c-61eda16ebd0e/

SH256 hash:

5dc08a0266005cda3a0bb07a4c764873b108650768bb56062c20d83aced8ee03

MD5 hash:

f11d015690870c69c2bff35b351bf365

SHA1 hash:

1a2e7ef6b9831cc758b169c813383da867c736e3

Link:

https://www.unpac.me/results/d3b1fb6f-72ce-42af-ac5c-61eda16ebd0e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/55a47a47c9f85671ee4baa818b11be4da2f4f259254f6722d20270f263373b60

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	cobalt_strike_tmp01925d3f Create hunting rule
Author:	The DFIR Report
Description:	files - file ~tmp01925d3f.exe
Reference:	https://thedfirreport.com

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	Hacktools_CN_Panda_andrew Create hunting rule
Author:	Florian Roth
Description:	Disclosed hacktool set - file andrew.exe - sethc.exe Debugger backdoor

Rule name:	INDICATOR_KB_CERT_56f008e69a7c4c3feb389c66eaf58259 Create hunting rule
Author:	ditekSHen
Description:	Detects executables signed with stolen, revoked or invalid certificates

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/5980/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample