MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 571ec740451764b370c61813124b876d6bf8f0c2add56e57e7e8c00f494bc46e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 5
| SHA256 hash: | 571ec740451764b370c61813124b876d6bf8f0c2add56e57e7e8c00f494bc46e |
|---|---|
| SHA3-384 hash: | de41b3b19bf40fbc2bd7b9f26ca298a2741b2607f4e5b9d84502622678a0073722b3928c530eead5b249c2e7f495cf35 |
| SHA1 hash: | 395208d4923c89e50112d392ae5bb9a292a2f49f |
| MD5 hash: | 21fcac9ed486480296334a4f4b1c4e84 |
| humanhash: | football-autumn-timing-item |
| File name: | ___________protected.bin |
| Download: | download sample |
| File size: | 1'146'368 bytes |
| First seen: | 2020-08-30 07:31:35 UTC |
| Last seen: | 2020-08-30 08:40:38 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 10fd8f1bf6529112ff51e9a47ccf8bdf (1 x ModiLoader) |
| ssdeep | 24576:4sQ/EQk9cjaeyXdmQKnFH/PXxyUNOZ/xCkvLyYrZXezD8eOb3:4sV0aeyujABxlWAZXCD |
| Threatray | 22 similar samples on MalwareBazaar |
| TLSH | D4352309DBF445D5FAF30EB824B8317861ADB4AC4834C586863DEB025C56AE9DB7D323 |
| Reporter |  JAMESWT_WT |
Intelligence
File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Enabling the 'hidden' option for analyzed file
Launching a process
Searching for the window
Forced system process termination
Sending a UDP request
Changing a file
DNS request
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Forced shutdown of a system process
Unauthorized injection to a system process
Enabling a "Do not show hidden files" option
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Signature
Antivirus / Scanner detection for submitted sample
Deletes keys related to Windows Defender
Deletes keys which are related to windows safe boot (disables safe mode boot)
Hides threads from debuggers
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Behaviour
Behavior Graph:
Threat name:
Win32.Ransomware.WeenLoc
Status:
Malicious
First seen:
2020-05-02 23:55:57 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
34 of 48 (70.83%)
Threat level:
5/5
Verdict:
suspicious
Similar samples:
+ 12 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
6/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Drops file in Windows directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Wlock
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.