MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5882c3fc7e730d71674488934cb3503fe04ffcf76d19ae424227c23cc3357781. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5882c3fc7e730d71674488934cb3503fe04ffcf76d19ae424227c23cc3357781
SHA3-384 hash: b6f0e68361b75ee6e9bae1cd644e48f7c9bebe69940045447b1ade64706899fec99285b57cf7f211cfbde63f2168ac49
SHA1 hash: 66ecf609eb3b8ef3b825bf5c5cd032c79e932391
MD5 hash: 769a9476ad80b391b885ba1a35dc6316
humanhash: mountain-oscar-eighteen-nine
File name:769a9476ad80b391b885ba1a35dc6316.exe
Download: download sample
File size:6'066'408 bytes
First seen:2023-01-27 16:53:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1921920d716cb0fce5f510380dcd9626
ssdeep 98304:LZbhB+wK3lJZOHnISbFHPtcQI0Nraj+GQhY3pK5O+cwgfL7TL+DpAnXIvyhjGS0:LZbhI3Z65FtcQv8rHWk9f0pfqhaS0
TLSH T1CC5612137501C0F6C5151A3211A65736EDF94F417A74CA93BBA8FE2EAD36342A33B70A
TrID 23.2% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.1% (.EXE) UPX compressed Win32 Executable (27066/9/6)
19.8% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
12.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
7.8% (.EXE) Win64 Executable (generic) (10523/12/4)
File icon (PE):PE icon
dhash icon d09494bcac90b4ec
Reporter abuse_ch
Tags:exe signed

Code Signing Certificate

Organisation:仙游县灵云软件开发有限公司
Issuer:DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:sha256WithRSAEncryption
Valid from:2021-10-13T00:00:00Z
Valid to:2023-11-07T23:59:59Z
Serial number: 085179e37043d6bd87856b9002a5be9b
Intelligence: 4 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: f05a992eb56f445c11462ead2538682af231cce6a51a4543bfa9a8b899ff31d3
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
191
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
769a9476ad80b391b885ba1a35dc6316.exe
Verdict:
No threats detected
Analysis date:
2023-01-27 17:13:57 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f9762f8b-bb86-41e5-ab4b-05f5b5c793b6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/357538/
Detection(s):
Win.Malware.Trojanx-9951053-0
Create hunting rule

Win.Malware.Blackmoon-9951484-0
Create hunting rule

SecuriteInfo.com.Variant.Kazy.578104.23659.7166.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Searching for the Windows task manager window
Сreating synchronization primitives
Searching for synchronization primitives
DNS request
Sending a custom TCP request
Verdict:
No Threat
Threat level:
  2/10
Confidence:
80%
Tags:
fingerprint greyware keylogger overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/63d401ad2d4f6d560e234b5a/reports/adb70d21-48eb-4816-9df8-cf14ad6ec78c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/34329229-facf-468e-992b-92ac987e1bdf
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1160476
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5882c3fc7e730d71674488934cb3503fe04ffcf76d19ae424227c23cc3357781/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2023-01-27 16:54:16 UTC
File Type:
PE (Exe)
Extracted files:
498
AV detection:
19 of 39 (48.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lcbmh7d6omgxcz2ercjuzm2qh7qe77hxnum24qsce7bdzqzvo6aq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230127-vejdzacb89/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
64274a8bd89d7b99222b305ec5415a92a00c4a545b69a77b55bc7dd1caa03138
MD5 hash:
5e97c7c135848f300e32049d333d1d4c
SHA1 hash:
b8487f85228cb11c76006eb2a7f707bbb1c28238
Link:
https://www.unpac.me/results/9c3911c7-6d4b-4436-a693-a07c522221e2/
SH256 hash:
7c4ee104a463a15fd055a66e44c4e99719e004fd9e254aade5ae3c862942a942
MD5 hash:
ae450659d89295583b8069e3a6939fb9
SHA1 hash:
43927550970341d2b5f53f63b6f0cbe630fdbbfd
Link:
https://www.unpac.me/results/9c3911c7-6d4b-4436-a693-a07c522221e2/
SH256 hash:
7a5dfddb5e6284c3d520dc321310e1be5f223d78498ed1e95dac90d626c548a6
MD5 hash:
c552331ec1734ac969a82d2d0739dad5
SHA1 hash:
0b6285622ea41f75f1950a920410115d124def0d
Link:
https://www.unpac.me/results/9c3911c7-6d4b-4436-a693-a07c522221e2/
SH256 hash:
5882c3fc7e730d71674488934cb3503fe04ffcf76d19ae424227c23cc3357781
MD5 hash:
769a9476ad80b391b885ba1a35dc6316
SHA1 hash:
66ecf609eb3b8ef3b825bf5c5cd032c79e932391
Link:
https://www.unpac.me/results/9c3911c7-6d4b-4436-a693-a07c522221e2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5882c3fc7e730d71674488934cb3503fe04ffcf76d19ae424227c23cc3357781

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5882c3fc7e730d71674488934cb3503fe04ffcf76d19ae424227c23cc3357781

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2003317/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/357538/

Comments