MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64b43d776557c66378ad0d99ac73cb3bad5bec9e83bf468cd3d5f15ec5d9db7a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 64b43d776557c66378ad0d99ac73cb3bad5bec9e83bf468cd3d5f15ec5d9db7a
SHA3-384 hash: acb87a9bcb3443505985bb823437e8f852af083a515f183ffa5d29d341812f35e24444fb92a4664468ecf663b02cf39c
SHA1 hash: a42e66f5de7b47c4ee35fe5a11b6d308ce67cd47
MD5 hash: ce55499012baa860dc4db82adf44cff0
humanhash: august-jupiter-king-berlin
File name:ce55499012baa860dc4db82adf44cff0.exe
Download: download sample
File size:791'946 bytes
First seen:2023-12-04 09:29:24 UTC
Last seen:2023-12-04 11:22:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 199aaa145bc54dbb0d29927d816ce83d (1 x Blackmoon)
ssdeep 12288:+hUPK8en44xWSgVmZUXzZcnf4U7ID9h+zeJm1eSku/hk:++5epxWSekf4U7xlIuk
Threatray 20 similar samples on MalwareBazaar
TLSH T1A9F4029306E82FEBD178943CD27065E94392FD325573EB8386D1B83864B2DD18B5F829
TrID 45.6% (.SCR) Windows screen saver (13097/50/3)
17.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.7% (.EXE) Win32 Executable (generic) (4505/5/1)
7.0% (.EXE) OS/2 Executable (generic) (2029/13)
6.9% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon b87a79796ac88190
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
292
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/462329/
Detection(s):
PUA.Win.Packer.AcprotectUltraprotect-1
Create hunting rule

PUA.Win.Packer.Anti-28
Create hunting rule

PUA.Win.Packer.Anti-29
Create hunting rule

PUA.Win.Packer.Nspack-26
Create hunting rule

PUA.Win.Packer.NPack-3
Create hunting rule

PUA.Win.Packer.Nspack-1
Create hunting rule

PUA.Win.Packer.Nspack-25
Create hunting rule

PUA.Win.Packer.Nspack-22
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Gathering data
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin nspack packed packed shell32
Link:
https://www.filescan.io/uploads/656d9c26fb92213b19d85547/reports/a8fa688e-4cee-4d45-a385-9ab8cbe33e4b/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/64b43d776557c66378ad0d99ac73cb3bad5bec9e83bf468cd3d5f15ec5d9db7a
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9e54796e-b94d-4d76-8edc-2b4fec17386b
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1353043
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to modify clipboard data
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/64b43d776557c66378ad0d99ac73cb3bad5bec9e83bf468cd3d5f15ec5d9db7a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/64b43d776557c66378ad0d99ac73cb3bad5bec9e83bf468cd3d5f15ec5d9db7a/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-12-04 09:36:49 UTC
AV detection:
20 of 35 (57.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ms2d253fk7dgg6fnbwm2y46lhowvx3e6qo7undgt2xyv5roz3n5a._file
Verdict:
malicious
Similar samples:
04ab255ffdb5bc9b8eeb86e4c6581b8637bb8995d457ae455ac8617f65a9743b
27789b8b1500aa3c9244e437a8c32a24c4021e76be18ce9960c5c849e31d9d1d
64b43d776557c66378ad0d99ac73cb3bad5bec9e83bf468cd3d5f15ec5d9db7a
788df2cfd4c197c811a9ec741ad14fe7475ca9b4d0d0b0a1b895ae51bec61806
db6edb488bdadbd506ec6d28710abb9c5cdd844fc394fa7e8293710f4afea8e9
e8d81e7b25128035e30e271708d66efaf12c490114042e1e493a0c816d374414
f158a9650580dcf9a875b153192a86e20798c7f01b4a458b668704661e2cc89c
fde687287ef8cd7e6a6ce655355eaca2fba25fd6c22cc1e4040281f73205ba90
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/231204-lggtgsac83/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
64b43d776557c66378ad0d99ac73cb3bad5bec9e83bf468cd3d5f15ec5d9db7a
MD5 hash:
ce55499012baa860dc4db82adf44cff0
SHA1 hash:
a42e66f5de7b47c4ee35fe5a11b6d308ce67cd47
Link:
https://www.unpac.me/results/912a7332-bfda-4cae-a732-c5ecced533e3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.44
Link:
https://yomi.yoroi.company/submissions/64b43d776557c66378ad0d99ac73cb3bad5bec9e83bf468cd3d5f15ec5d9db7a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:maldoc_getEIP_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:NsPacKV37LiuXingPing
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 64b43d776557c66378ad0d99ac73cb3bad5bec9e83bf468cd3d5f15ec5d9db7a

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/462329/
  
URLhaus
https://urlhaus.abuse.ch/url/2736607/
  
Delivery method
Distributed via web download

Comments