MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Socks5Systemz
Vendor detections: 12
| SHA256 hash: | 82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182 |
|---|---|
| SHA3-384 hash: | 39dfb0469003c263b528f646e1a0b2e23e55ebe253827f30cfef6b7068fd49c366a6a6a48aa6baf0f0e471d16364a0e2 |
| SHA1 hash: | d84b6650f40e210dcee6d9ea60b477fc5c9b417a |
| MD5 hash: | 85718b6f98eaf1259aa16aa128cb90be |
| humanhash: | glucose-xray-rugby-lemon |
| File name: | SecuriteInfo.com.Other.Malware-gen.8481.17771 |
| Download: | download sample |
| Signature | Socks5Systemz |
| File size: | 7'335'412 bytes |
| First seen: | 2023-12-16 11:16:37 UTC |
| Last seen: | Never |
| File type: | |
| MIME type: | application/x-dosexec |
| imphash | 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'564 x Socks5Systemz, 262 x RaccoonStealer) |
| ssdeep | 196608:CAb4Ov/Hirx7Tc8WfIpevtyEDj88cnEhIkmZszj:Chcirx7g4pq88aZszj |
| Threatray | 6'962 similar samples on MalwareBazaar |
| TLSH | T1F37633E1A220D4F2F81367B1582092500E353AC452F444CCB5FEAB9FDE7A48F9E56B57 |
| TrID | 76.2% (.EXE) Inno Setup installer (107240/4/30) 10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4) 4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.2% (.EXE) Win32 Executable (generic) (4505/5/1) 1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23) |
| File icon (PE): | |
| dhash icon | b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer) |
| Reporter | |
| Tags: | exe Socks5Systemz |
Intelligence
File Origin
# of uploads :
1
# of downloads :
290
Origin country :
FRVendor Threat Intelligence
Detection:
n/a
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a file
Creating a service
Sending a custom TCP request
Searching for the window
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Modifying a system file
Enabling autorun for a service
Verdict:
Suspicious
Threat level:
5/10
Confidence:
100%
Tags:
control installer lolbin overlay packed shell32
Verdict:
Suspicious
Labled as:
HEUR/AGEN.1332570
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Result
Threat name:
Petite Virus, Socks5Systemz
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
PE file has nameless sections
Snort IDS alert for network traffic
Yara detected Petite Virus
Yara detected Socks5Systemz
Behaviour
Behavior Graph:
Score:
75%
Verdict:
Malware
File Type:
PE
Threat name:
Win32.Trojan.Generic
Status:
Malicious
First seen:
2023-12-16 11:17:09 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
10 of 23 (43.48%)
Threat level:
2/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 6'952 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
7/10
Tags:
discovery
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Unpacked files
SH256 hash:
860ce6b152a3e12ca0336d114c24a7c266aa0b16e033a1388a69d11c21777fb9
MD5 hash:
0edd953d13c6dabd5abcf327e5f28a56
SHA1 hash:
aa419577cbaf4a85102fcbc72ddaa3396a3398b5
Detections:
INDICATOR_EXE_Packed_VMProtect
Parent samples :
e7c4b80592d5fdaa4598290ad94595aa1729ee3f21afd24b52d9eaf2a215d25e
aace929793e89d54fc77801417b9ebd301f51ab027f2b10475279b01aa48368c
19aaa18d707ab1a3cb98c4a257c1cd8e8e2594b697aaffc2687539583810a653
82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182
6de07b921c1697555b4ca043c5a1b8bd75356c92e23d6a472b30b46966476863
99f303475707b9d778b855f038c8b8c42104c753bd5fa26c168b25a7e552a0f9
22a14d248853472bf27c94cc3b506b524673f5c52823b7e6bd470e067c34a3e9
095d7b0323e51f4021e79bcce8d6baeb38174389157fa8d4bc2aac62d4062011
5c152b98e5ac68338e444fe2dc0edf6bf17d5d457798815e400950d8cba68452
aace929793e89d54fc77801417b9ebd301f51ab027f2b10475279b01aa48368c
19aaa18d707ab1a3cb98c4a257c1cd8e8e2594b697aaffc2687539583810a653
82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182
6de07b921c1697555b4ca043c5a1b8bd75356c92e23d6a472b30b46966476863
99f303475707b9d778b855f038c8b8c42104c753bd5fa26c168b25a7e552a0f9
22a14d248853472bf27c94cc3b506b524673f5c52823b7e6bd470e067c34a3e9
095d7b0323e51f4021e79bcce8d6baeb38174389157fa8d4bc2aac62d4062011
5c152b98e5ac68338e444fe2dc0edf6bf17d5d457798815e400950d8cba68452
SH256 hash:
bfe1ab607dfba71517a995a31be6628c8673dc723660804fd30f374d3989359c
MD5 hash:
e82f019ab3c2e83c05abd197c7912003
SHA1 hash:
a705c9f56bc7d7d0c6591d23337d89fdbabce756
SH256 hash:
b247ce830f7d47aad90da3a421fb313401784d5d6badaeb1fe7292d4cec97f30
MD5 hash:
485ead67d50861f5677b59409bb31f0d
SHA1 hash:
a059d44de1bf970fb4d3ffcfca49ba8995fe5096
SH256 hash:
d4f52b7d966c476dee40c677a9d9f224e55c592ee287660cd292e91eccd11848
MD5 hash:
9824254bb5cd741b93eec8e623580685
SHA1 hash:
0de975cd3955849f4c668eed5bb5f8b45f940d36
SH256 hash:
82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182
MD5 hash:
85718b6f98eaf1259aa16aa128cb90be
SHA1 hash:
d84b6650f40e210dcee6d9ea60b477fc5c9b417a
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.