MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6367425a2a76a759b2007ae18f0d6f22c6a07a67fbeae5b7f72fa2c588b4470b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6367425a2a76a759b2007ae18f0d6f22c6a07a67fbeae5b7f72fa2c588b4470b
SHA3-384 hash: cc6c334043979c259624558aabcd7c5bd904fb60567f2be67dc570ce50f7e21a06622e05f7c39117b91bebd22de42b53
SHA1 hash: 09ce7c574449405b555d6eb4d2a2d27bc487f0e9
MD5 hash: 972b63b6e7bce215d5ba181ae094fd0d
humanhash: sad-undress-east-south
File name:SecuriteInfo.com.TScope.Trojan.VB.11597.22465
Download: download sample
File size:102'400 bytes
First seen:2024-03-04 13:33:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 43edecf50b05ebdba2cdf111a4b80dcc
ssdeep 768:niyGUjs4OGrPPJVN9Q5qHo4RnhsrrSzFK/ihqJPJHnb4EfdfuZV8nRWGg5qHo4RM:iGsoPPJ3IN/ZByEfdfAV8UGVfJK
Threatray 17 similar samples on MalwareBazaar
TLSH T1B2A3080A6A24A449D941C2B209644133ED1B7C7180D2AF2B75FAFF171A762C3E6F176F
TrID 81.0% (.EXE) Win32 Executable Microsoft Visual Basic 6 (82067/2/8)
6.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.4% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
2.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon a674f8d4ec66606a
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
290
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Google URL Extractor Version 1.1.exe
Verdict:
Malicious activity
Analysis date:
2023-02-27 15:52:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9af46971-b796-4f13-a15e-8aeb159d3b53

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.TScope.Trojan.VB.11597.22465.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/65e5cdd3f4f4cdd404ead774/reports/c9245936-54b0-42cb-882d-3b409b3c3a41/overview
Verdict:
Malicious
Labled as:
TScope.Trojan
Link:
https://www.hybrid-analysis.com/sample/6367425a2a76a759b2007ae18f0d6f22c6a07a67fbeae5b7f72fa2c588b4470b
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ef5bb654-0fdf-48d1-bb67-eafee0c748ea
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
3 / 100
Link:
https://www.joesandbox.com/analysis/1402737
Behaviour
Behavior Graph:
n/a
Score:
3%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/6367425a2a76a759b2007ae18f0d6f22c6a07a67fbeae5b7f72fa2c588b4470b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6367425a2a76a759b2007ae18f0d6f22c6a07a67fbeae5b7f72fa2c588b4470b/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mntuewrko2tvtmqaplqy6dlpeldka6th7pvoln7xf6rmlcfui4fq._file
Verdict:
unknown
Similar samples:
09caf68ad8cb1a459675913732e7191285d03e7b83e244b5ddce69e0b97c1fc5
0fc579b9a570f408f3ce2b6c3d580f580027bd315daddcf8aafeb3c452ca4d58
4138d92e4af5e1c1b49d654c8a55c5c759261e2d4108c6ef6b4308f9ba8b0355
52de83987941b92875cecdd1661cc2757eae4f02ef564fd2e147d06eb9d8ab44
537c39897b958509621a74ab5054dad32c098a3eb3b781bf3d6bd3ff7b79f2c1
5fffca6c293a697890e7851f0d667cc44f37176e41ed1e7455aa7034f731b6f1
94e024435cc8cafb2705bf98e9551feaa5d2ab426fcbcef9efde59fe9ccb9e53
9f6de85e6ac6ca0e2a0e1912f3d950c3765425d076e87627c9a58b033747c5af
b7772e6959c773d04203373a3adcff3bc81b667726cf4f7155c9135331b21760
e3de56743984f479773ffddf63214d7e202421ee8f23f05e9bb76aad2c77e20a
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240304-qt4k8sbd51/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
6367425a2a76a759b2007ae18f0d6f22c6a07a67fbeae5b7f72fa2c588b4470b
MD5 hash:
972b63b6e7bce215d5ba181ae094fd0d
SHA1 hash:
09ce7c574449405b555d6eb4d2a2d27bc487f0e9
Link:
https://www.unpac.me/results/4e50abb4-4a8d-4dce-8f69-7d84c374c94e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6367425a2a76a759b2007ae18f0d6f22c6a07a67fbeae5b7f72fa2c588b4470b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SEH__vba
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen
MSVBVM60.DLL::__vbaErrorOverflow

Comments