MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a78e1a7efed4513d629e7b4d95157fee4f8ecf65e9eaa39bbb109d36164a0bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a78e1a7efed4513d629e7b4d95157fee4f8ecf65e9eaa39bbb109d36164a0bd
SHA3-384 hash: 28c06c342a1ae3376e3076caad50cd26ddc38d70cbef7d892d6728cef5196528817e1225aebd9c0acacf7736970ddba3
SHA1 hash: db512f17f24acb137b7287f9d8d813d1844cbccd
MD5 hash: cde346d109ae1589c28fff832d46af90
humanhash: bacon-mississippi-golf-six
File name:!Family Guy Social Credit Test.exe
Download: download sample
File size:2'771'079 bytes
First seen:2025-04-21 15:27:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ccc0e829fe1206cd39d147ca374725d4
ssdeep 49152:UIlZPiYn8IVEmyMnrNBe0xHlvFIsFSlxbWTSBbnfr6/Vrm/q87Sk3gafkPsVxiTS:Zae8IemLrNBe0x/IQSjyTSVSrmS87L3d
TLSH T158D533411FE240B3E479053078AC5B7EF07CFA79F636E01B939A4A391DB53A19501BAB
TrID 89.7% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.5% (.EXE) Win64 Executable (generic) (10522/11/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.5% (.EXE) Win32 Executable (generic) (4504/4/1)
0.9% (.EXE) Win32 Executable Watcom C++ (generic) (2661/121)
Magika pebin
dhash icon cdabae6fe6e7eaec (20 x Amadey, 9 x AurotunStealer, 8 x CoinMiner)
Reporter FelloBoiYuuka
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
423
Origin country :
CA CA
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
FamilyGuySocialCreditTest.exe
Verdict:
Malicious activity
Analysis date:
2023-12-24 02:37:56 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7258331b-5ea6-4a8c-b6cc-6b81b2e69013

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/3256/
Detection(s):
PUA.Win.Packer.RarSfx-1
Create hunting rule

PUA.Win.Packer.RarSfxModificat-1
Create hunting rule

Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=680664e22203b3e10cd24996
Tags:
infosteal autorun
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context borland_c expired-cert fingerprint fingerprint installer keylogger masquerade overlay overlay packed packer_detected sfx
Link:
https://www.filescan.io/uploads/6806640790767142c3de0117/reports/6b1bbfba-8831-4232-96e0-ae7365c09340/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/7a78e1a7efed4513d629e7b4d95157fee4f8ecf65e9eaa39bbb109d36164a0bd
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/208ffe9a-475a-47c7-9528-7475f5cfc267
Result
Threat name:
n/a
Detection:
suspicious
Classification:
spyw
Score:
29 / 100
Link:
https://www.joesandbox.com/analysis/1670387
Signature
Contains functionality to register a low level keyboard hook
Behaviour
Behavior Graph:
Download SVG
Score:
53%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/7a78e1a7efed4513d629e7b4d95157fee4f8ecf65e9eaa39bbb109d36164a0bd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a78e1a7efed4513d629e7b4d95157fee4f8ecf65e9eaa39bbb109d36164a0bd/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pj4odj7p5vcrhvrj462nsukx73spr3hwl2pkuon3wee5gyleuc6q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/250421-swclms1ns7/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks computer location settings
Executes dropped EXE
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/5e08c088-d9f8-4423-ad62-0afdae33b6d5
Unpacked files
SH256 hash:
7a78e1a7efed4513d629e7b4d95157fee4f8ecf65e9eaa39bbb109d36164a0bd
MD5 hash:
cde346d109ae1589c28fff832d46af90
SHA1 hash:
db512f17f24acb137b7287f9d8d813d1844cbccd
Link:
https://www.unpac.me/results/d39ca0e1-726b-4bb8-bb56-cac5977936e6/
SH256 hash:
c3f41b5231cf23132615a43ca968518aef8d6914ece71b9a61854d5977bc3c10
MD5 hash:
58e698b9a2fad7d9ad466a256e683015
SHA1 hash:
e293f36ae05358f4caf5fafb5a75af2d999bdc4d
Link:
https://www.unpac.me/results/d39ca0e1-726b-4bb8-bb56-cac5977936e6/
SH256 hash:
17785211a87998a290a36e65562c60998f98d3c41dc2aded6c075108500c546a
MD5 hash:
e17f4056b15757ba2f73451d4e5e717f
SHA1 hash:
0d9f46f827db77f3dc51282eb95933a143466318
Link:
https://www.unpac.me/results/d39ca0e1-726b-4bb8-bb56-cac5977936e6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7a78e1a7efed4513d629e7b4d95157fee4f8ecf65e9eaa39bbb109d36164a0bd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/3256/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.DLL::SetFileSecurityA
COM_BASE_APICan Download & Execute componentsOLE32.DLL::CoCreateInstance
OLE32.DLL::CreateStreamOnHGlobal
SECURITY_BASE_APIUses Security Base APIADVAPI32.DLL::AdjustTokenPrivileges
ADVAPI32.DLL::SetFileSecurityW
SHELL_APIManipulates System ShellSHELL32.DLL::ShellExecuteExA
SHELL32.DLL::SHFileOperationA
SHELL32.DLL::SHGetFileInfoA
WIN32_PROCESS_APICan Create Process and ThreadsADVAPI32.DLL::OpenProcessToken
KERNEL32.DLL::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA
KERNEL32.DLL::GetCommandLineA
WIN_BASE_IO_APICan Create FilesKERNEL32.DLL::CreateDirectoryA
KERNEL32.DLL::CreateDirectoryW
KERNEL32.DLL::CreateFileA
KERNEL32.DLL::CreateFileW
KERNEL32.DLL::DeleteFileA
KERNEL32.DLL::DeleteFileW
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.DLL::LookupPrivilegeValueA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.DLL::RegCreateKeyExA
ADVAPI32.DLL::RegOpenKeyExA
ADVAPI32.DLL::RegQueryValueExA
ADVAPI32.DLL::RegSetValueExA
WIN_USER_APIPerforms GUI ActionsUSER32.DLL::FindWindowExA
USER32.DLL::PeekMessageA
USER32.DLL::CreateWindowExA

Comments