MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b4337184880f3cacdc58db416278fb34dc7ca8f8f8292b5c7e14abadcb9ef5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 7b4337184880f3cacdc58db416278fb34dc7ca8f8f8292b5c7e14abadcb9ef5f
SHA3-384 hash: 6c38f1a72e0b0a594638a39e6d3c486fbcd255ccfd5d2f525c3b32641f3160e1a81e93225da52ea3c3d8d8d799646b41
SHA1 hash: 7c60785354c17dab9952716439dc009251ebbc9b
MD5 hash: bcebdd7668b10fafa8ecad1d335e97bf
humanhash: undress-eighteen-uncle-alaska
File name:unnamed 1_1.0.6.0.vir
Download: download sample
Signature n/a
File size:705'024 bytes
First seen:2020-07-19 19:45:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9466280a3e71c7337d763b6d348c9351
ssdeep 12288:DEWt8ouY0ojL58oRw7MO4ZAyAF6Q4OwAdxgX00UZRemM6U205K70gBKJN:DEWGijTAL4uyQPniUZAmM6U20540l
TLSH DEE41221B8D190E3C4E67E33E995F6224D786E334ABADF7B0745473A19742C09E27CA1
Reporter @tildedennis
Tags:unnamed 1


Twitter
@tildedennis
unnamed 1 version 1.0.6.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
30
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
92 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2019-02-12 03:59:31 UTC
AV detection:
24 of 31 (77.42%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Looks up external IP address via web service
Adds Run key to start application
Looks up external IP address via web service
Adds Run key to start application
Deletes itself
Deletes itself
Blacklisted process makes network request
Blacklisted process makes network request
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments