MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82c49c1a451787e5547401ecaf5d3331c78735b4b7f95acdde236962245d48b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82c49c1a451787e5547401ecaf5d3331c78735b4b7f95acdde236962245d48b5
SHA3-384 hash: 35f50fbb4a1fac3cacc11f2277238f83425bac7dd1f4e98a4125f3d9e206f439161bfd0696a857089494d3a5675ebdf8
SHA1 hash: dff6d5e9ac7a1334cf282fa77e5c2fde85bbcc23
MD5 hash: d6b8199bb7de754ac2c37010f30c0d81
humanhash: virginia-eleven-blue-king
File name:jvm.dll
Download: download sample
File size:10'724'352 bytes
First seen:2022-04-09 09:52:19 UTC
Last seen:2022-04-09 10:56:55 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash eec530983d275ba1007531bdd74b35fe
ssdeep 196608:flpObUUXoRv4835j4imE7Dm7CYg/ai+DEslx+CuZ9BeB5eu9r/tBuowkn:XObURvd3t4imfgGEslx+99BeBpZq8n
Threatray 982 similar samples on MalwareBazaar
TLSH T174B63373A3671197D4F6CC3D5732BDB231FA132AC6829473AF5A7BC024535A99213A23
Reporter Anonymous
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
247
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/262299/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.28537.21939.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug greyware packed
Link:
https://www.filescan.io/uploads/6251578004b81dabe2654021/reports/6f7ca136-6be5-4103-92f9-4d2122e1af62/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/cd3bf75b-9f6f-457d-a643-6e10ed80b723
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/973731
Signature
Hides threads from debuggers
Machine Learning detection for sample
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sigma detected: Suspicious Call by Ordinal
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 606218 Sample: jvm.dll Startdate: 09/04/2022 Architecture: WINDOWS Score: 76 40 Machine Learning detection for sample 2->40 42 PE file contains section with special chars 2->42 44 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->44 46 Sigma detected: Suspicious Call by Ordinal 2->46 8 loaddll32.exe 1 2->8         started        process3 signatures4 48 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 8->48 50 Query firmware table information (likely to detect VMs) 8->50 52 Tries to evade analysis by execution special instruction (VM detection) 8->52 54 2 other signatures 8->54 11 rundll32.exe 8->11         started        14 rundll32.exe 8->14         started        16 cmd.exe 1 8->16         started        18 6 other processes 8->18 process5 signatures6 60 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 11->60 62 Tries to detect virtualization through RDTSC time measurements 11->62 64 Hides threads from debuggers 11->64 20 WerFault.exe 4 9 11->20         started        22 WerFault.exe 9 14->22         started        25 rundll32.exe 16->25         started        28 WerFault.exe 9 18->28         started        30 WerFault.exe 9 18->30         started        32 WerFault.exe 9 18->32         started        34 3 other processes 18->34 process7 dnsIp8 38 192.168.2.1 unknown unknown 22->38 56 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 25->56 58 Hides threads from debuggers 25->58 36 WerFault.exe 21 9 25->36         started        signatures9 process10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/82c49c1a451787e5547401ecaf5d3331c78735b4b7f95acdde236962245d48b5/
Verdict:
unknown
Similar samples:
6c2ad98af84288aff6f49ae92f9f71befbfaa4ac35d1a05b1441f1ce15124ee0
7787774b21d3b72695f6a10f34cb3e589ebdbc9ce1b6dd2ee80d0244385065e3
914644da1b2f5c041a3199411b353f3c8e5b7e965399ac015bbc6c5286da7a7e
977c68b28f92df1f9cb32d67323dc5c13ee2da192f8007dbf893338529bd88e2
a9eb984c9de2d2d061babaaec8c15a04895af2cc0653d044f7092ba73013da5b
aea2cbc32b7925ab28e619b8deb5c540ea8e61ad631b02e348be04b87f44627a
be79e9e636884e314d9f302c161d615348cf81d5e6020c988c37e0a541b85236
+ 972 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/220409-lwmchsddbm/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
b578e52e45eee6bf1d13cefd71b6194cd3cf75a9d2a109fe65e1341e67a53558
MD5 hash:
026169f7396264036f19b5405b4ed409
SHA1 hash:
2410477528760ce7800b05ae2c12f62c19b85f4d
Link:
https://www.unpac.me/results/4b84370f-9a17-4052-a7fd-93335a80d044/
SH256 hash:
82c49c1a451787e5547401ecaf5d3331c78735b4b7f95acdde236962245d48b5
MD5 hash:
d6b8199bb7de754ac2c37010f30c0d81
SHA1 hash:
dff6d5e9ac7a1334cf282fa77e5c2fde85bbcc23
Link:
https://www.unpac.me/results/4b84370f-9a17-4052-a7fd-93335a80d044/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/82c49c1a451787e5547401ecaf5d3331c78735b4b7f95acdde236962245d48b5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/262299/

Comments