MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60d6682a6d067cd0135e6219e37a6992ce33f285ba89f6e21b4ad690491dd364. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60d6682a6d067cd0135e6219e37a6992ce33f285ba89f6e21b4ad690491dd364
SHA3-384 hash: 18424aba19804920f44a6fb8de26d354b40c012c0a8514a7d9e39f165a1b61a592911390c587d38d1c97f083cb0e1655
SHA1 hash: c5bf15dc87162f0b93ed30626265252efddd7825
MD5 hash: 108ef7c9d6eed94dfab6e05ccc352483
humanhash: diet-glucose-pasta-white
File name:clothes.exe
Download: download sample
File size:1'712'128 bytes
First seen:2022-04-14 17:03:12 UTC
Last seen:2022-04-20 10:20:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 158937e581ddb26d2693d73dd7a03f47
ssdeep 24576:mT1mPmOUGMWlLenlc3NoNGBLejB6SKqZivOAg+JvVRtEQqjhcdNZyM8Fe+ranEt2:21yEm974ES0g0tdurtHA
TLSH T18B856C12A2A2543FC027173A492BE255AC3BBA103B66AC576FF4DC4C8F396413D3D667
TrID 61.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
15.5% (.EXE) Win64 Executable (generic) (10523/12/4)
6.6% (.EXE) Win32 Executable (generic) (4505/5/1)
4.4% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
3.0% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon 929280a2a280a280
Reporter adm1n_usa32
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
373
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
rundll32.exe
Verdict:
Suspicious activity
Analysis date:
2022-04-08 08:34:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/73fe4431-e4f2-4417-8e87-1f344bb5b8b6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/263832/
Detection(s):
PUA.Win.Malware.Speedingupmypc-6718419-0
Create hunting rule

PUA.Win.Packer.Exe-6
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Changing a file
Searching for the window
Creating a file
Sending a custom TCP request
Blocking the User Account Control
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
cmd.exe control.exe expand.exe greyware keylogger replace.exe update.exe
Link:
https://www.filescan.io/uploads/625853eaffe27d5119d06127/reports/22be2ca1-89a2-4b84-95d1-8d7772ede15f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f2672f00-7de9-4f91-9cc9-4d83532d74ab
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/977073
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Uses Windows timers to delay execution
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60d6682a6d067cd0135e6219e37a6992ce33f285ba89f6e21b4ad690491dd364/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-17 02:19:00 UTC
File Type:
PE (Exe)
Extracted files:
62
AV detection:
26 of 42 (61.90%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  6/10
Tags:
evasion trojan
Link:
https://tria.ge/reports/220414-vk87ksdchm/
Behaviour
Checks whether UAC is enabled
Unpacked files
SH256 hash:
60d6682a6d067cd0135e6219e37a6992ce33f285ba89f6e21b4ad690491dd364
MD5 hash:
108ef7c9d6eed94dfab6e05ccc352483
SHA1 hash:
c5bf15dc87162f0b93ed30626265252efddd7825
Link:
https://www.unpac.me/results/585c1618-30b9-493f-a4f5-9dc59bf6bdfd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/60d6682a6d067cd0135e6219e37a6992ce33f285ba89f6e21b4ad690491dd364

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/263832/

Comments