MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6bdea6ef5b3764a68cf05a361624a222184ea9495c639d9c9b37dc91f2a3d745. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.Generic


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6bdea6ef5b3764a68cf05a361624a222184ea9495c639d9c9b37dc91f2a3d745
SHA3-384 hash: c3f10acc667023c11002e871678af927eec466179857bff10bb63fa2b3f58dd8adf1f5e3d876cea4f4cef28d06a4e76d
SHA1 hash: 4cad15cdf06f1f19913a902f00001d8ad8375764
MD5 hash: 3e8694561136ab4c87c591378ac8c1db
humanhash: gee-ohio-mexico-carpet
File name:setup-vlc.exe
Download: download sample
Signature Adware.Generic
Create hunting rule
File size:2'920'192 bytes
First seen:2021-08-28 23:22:36 UTC
Last seen:2021-08-29 10:38:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e00de6e48b9b06aceb12a81e7bf494c9 (20 x Adware.Generic, 1 x CoinMiner)
ssdeep 49152:LG5UfgLEPrxfau3beezAx+AkIo6qnBsDUCilzNdRqcFvyb3DfE6:LG5QgLEFCWbeeAkttBiUCilBn+E6
Threatray 51 similar samples on MalwareBazaar
TLSH T114D5332036E881BCC6151973DAD09FD2C2B6E7591F728C7773A8167C6F7DA868432B06
dhash icon 92e0b496a2cada72 (11 x Adware.Generic, 5 x Adware.InstalleRex, 2 x Adware.Yantai)
Reporter Anonymous
Tags:Adware.Generic exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
setup-vlc.exe
Verdict:
No threats detected
Analysis date:
2021-08-28 23:24:03 UTC
Tags:
installer
Link:
https://app.any.run/tasks/293b6362-1c5c-4852-9005-a153ab8e1113

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/183170/
Detection(s):
SecuriteInfo.com.Trojan.Vittalia.18899.21379.23546.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Using the Windows Management Instrumentation requests
DNS request
Connection attempt
Sending an HTTP GET request
Creating a file
Moving a recently created file
Connecting to a non-recommended domain
Sending a custom TCP request
Sending a UDP request
Unauthorized injection to a recently created process
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a2884652-4212-416f-ad01-a5c474f0841b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/840903
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6bdea6ef5b3764a68cf05a361624a222184ea9495c639d9c9b37dc91f2a3d745/
Threat name:
Win32.PUA.InstallCore
Create hunting rule
Status:
Malicious
First seen:
2021-08-28 23:23:13 UTC
AV detection:
7 of 26 (26.92%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nppkn323g5skndhqli3bmjfceime5kkjlrrz3he3g7ojd4vd25cq._file
Verdict:
unknown
Similar samples:
5199bcc83cf3eb34e56478868237b872fe3795b3ee5b04395ac805a98425801d
Adware.Generic
63e7fff26714fad07cb3f12293684a40e25c7b2bf2be5f5e5a94c9935a8fc5cd
Adware.Generic
7ff82a6621e0dd7c29c2e6bcd63920f9b58bc254df9479618b912a1e788ff18b
Adware.Generic
96d1a194f5dc6fbecb472b5b39c1c5fddcbe7b8d6f5a879d106f8a5c28aa1334
Adware.Generic
9eb235579cedafa21ced3c3fd2c1f2e43adac5e85b6a5553499742b23af32656
Adware.Generic
a751b1f39e0eb2ab9a6246ad1597c6df78ccacde11c723c710498f01146739d1
Adware.Generic
ce7fab69a6c10146ac89e121fbe204ca424cd886c4763674eb2e9260b2f6b722
Adware.Generic
d648e8e94c0674e6b1bd537936a33a39c33d3429d34fb70b97ff7f60904c9c84
Adware.Generic
dc4e1c802da2d466553edf5214995a10c49306b9dd9d87a90385c7f20f29adca
Adware.Generic
fdc92c2f55c2d75500a2fd3c428f8ffc0b3f060240a70e51c31ed33f5912e611
Adware.Generic
+ 41 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/210828-5ew69sfl7n/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks for any installed AV software in registry
Checks installed software on the system
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
8a8344500a944df4d51adb9807dddd2dc76f1eae1217e0bfbbaa100b38c212fe
MD5 hash:
b8e287c81a16b82f9426a617ebae3408
SHA1 hash:
33b80544749bf0b56c6bf1e5e5ef60989eeae913
Link:
https://www.unpac.me/results/0ae7ab06-67e8-4044-84e4-e721e33c656a/
SH256 hash:
497cfe8bbac5558e8358126bbc0c389d3924083b5f952ea7e178e25d56e10134
MD5 hash:
25c9b89b3dbf410fb648ff59f94b0727
SHA1 hash:
95dbced9504b8861d6662840dce2649c9502a6b0
Link:
https://www.unpac.me/results/0ae7ab06-67e8-4044-84e4-e721e33c656a/
SH256 hash:
1e95cc4acb907b3af3f1c156ec77bacea10182c00b36be2cb4558df098a6c162
MD5 hash:
faa41bc93d94ee03633dd70ffd068406
SHA1 hash:
5af019e5ee309ef6cde2c44f68b8282690840adf
Link:
https://www.unpac.me/results/0ae7ab06-67e8-4044-84e4-e721e33c656a/
SH256 hash:
449432d452b50d48ad1fd3543da64fff6b077f1254e7d20cbbacf01a8e409a3f
MD5 hash:
46674dd286243479dc3bf7544847e9b7
SHA1 hash:
315f533d05561888fc4cbc7aa9eaa34969989272
Link:
https://www.unpac.me/results/0ae7ab06-67e8-4044-84e4-e721e33c656a/
SH256 hash:
7297ad44d941329982f1ab06883219f34e5c5af565f8d8337e778904bde5a565
MD5 hash:
473efc7813ac7f2b699a907c13193520
SHA1 hash:
bde365ba24460d52d9776140d7bb2ebbde08c594
Link:
https://www.unpac.me/results/0ae7ab06-67e8-4044-84e4-e721e33c656a/
SH256 hash:
056fda1e8d5ae0a8de7ffb7a120912688fb9544cf2fb9651628d2a6806067c2c
MD5 hash:
1100ecf1cb30d795afd782571079244f
SHA1 hash:
8cbbc834109c010d3295da7c29e4795640f0fb03
Link:
https://www.unpac.me/results/0ae7ab06-67e8-4044-84e4-e721e33c656a/
SH256 hash:
47037cf4c023518010bc43c36672cdccb5fad12284f24e922ce96b396f8498c2
MD5 hash:
95992e844f7ee85381a32edd50d21196
SHA1 hash:
81b3d0702fd594126f24fec19e50d5e43937f3dd
Link:
https://www.unpac.me/results/0ae7ab06-67e8-4044-84e4-e721e33c656a/
SH256 hash:
b06578853ee97dd5bc7b6aa4b32429c78d3c9c3ccce00bad1cc1ae9c0a668110
MD5 hash:
35d051fe2fce2858911758469802ea82
SHA1 hash:
712d83e5819a7ad381988a387a88bd1d6069db60
Link:
https://www.unpac.me/results/0ae7ab06-67e8-4044-84e4-e721e33c656a/
SH256 hash:
0418b170c14d604212a5fe3ae6a3dd540cd0dd8668b719fab20e2e48cadd90a1
MD5 hash:
bf3cb98514463d2839505008247af1a2
SHA1 hash:
3d0e5f173ff6a09b72b555a98240035aa1e0a452
Detections:
win_karkoff_auto
Create hunting rule
Link:
https://www.unpac.me/results/0ae7ab06-67e8-4044-84e4-e721e33c656a/
SH256 hash:
6bdea6ef5b3764a68cf05a361624a222184ea9495c639d9c9b37dc91f2a3d745
MD5 hash:
3e8694561136ab4c87c591378ac8c1db
SHA1 hash:
4cad15cdf06f1f19913a902f00001d8ad8375764
Link:
https://www.unpac.me/results/0ae7ab06-67e8-4044-84e4-e721e33c656a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.67
Link:
https://yomi.yoroi.company/submissions/6bdea6ef5b3764a68cf05a361624a222184ea9495c639d9c9b37dc91f2a3d745

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_KB_CERT_1e508bb2398808bc420a5a1f67ba5d0b
Create hunting rule
Author:ditekSHen
Description:Detects executables signed with stolen, revoked or invalid certificates

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/183170/

Comments