MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8773b41b659c9e21f3ed0440869ea4f8955e09171e89430af2b8945a69b03e94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8773b41b659c9e21f3ed0440869ea4f8955e09171e89430af2b8945a69b03e94
SHA3-384 hash: d2d2763e9b0e9854378eb6ff821a5b7fc9a7378b5e9b2f6cafe39eafb3a727892ffab749a969d6594a25b4a984b4d691
SHA1 hash: 4cb1329d93d9fb9d3a6a68556dc0e6d5aeccccd2
MD5 hash: 5c4c2ca52ae089ebe91070ed37f73c88
humanhash: butter-california-asparagus-winter
File name:CheatVimeWorld.dll
Download: download sample
File size:5'884'416 bytes
First seen:2020-12-03 08:50:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 780f92f7b329b9a21f631c56638955e7
ssdeep 98304:24TWmN7aW+vwY+oNNWoz9qGhQU6t+WviTuw/GWbYmJH6PcWn0C/JTnAHYhQURGy8:5qmNyw6J5OU6t+eSXuniH6PcAzhQDa2R
Threatray 22 similar samples on MalwareBazaar
TLSH D45623BD6288375CC01E80748533FC44B1F2565E5BE9D66DB2EBBBD07BAE420D602B46
Reporter Anonymous

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/106556/
Detection(s):
SecuriteInfo.com.Mal.VMProtBad-A.16110.9488.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/554451
Signature
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to detect debuggers by setting the trap flag for special instructions
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8773b41b659c9e21f3ed0440869ea4f8955e09171e89430af2b8945a69b03e94/
Threat name:
Win64.Trojan.Malrep
Create hunting rule
Status:
Suspicious
First seen:
2020-12-03 08:51:11 UTC
AV detection:
8 of 28 (28.57%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
095721924420baff3670898412fc911ff32540544e8fad5495d334cded931270
2ace0be70434934b6e140f679a0c1551dd589abedfb1f6abeb5ceffaf0a1b9d9
3e5bbf9fcae918011ec4eee75ac6402fddf20d09fef95b362d0e226d56b80f1d
44e717206bba160f62320de53005a05ba4a4f51063b81503747197e0497b17ce
530f50165d1fb4cafed8e7f61648c0924b225d5b7744a9ee6f2a86dbbb1c7c9b
586308277bf0f934777f113da1b684233d2cdfbf6b746eebc35d2f8dc8d1c585
6623d3bb74ec56148b4bfb75277142eba255f0613fb9f2eb510b27e985f1c7fd
a488990c82230074fdf4f22a014a8f05dbb2bdc055c096c4d4a28b3a8055a648
ac839669e7e0d6b42bf9517cc6f4db88c9eacc678df15c1c45be1771309cb020
e8cdc889ac43fb8a641ef365c17196f4600ea07688d0a627e1e6bff7255a4946
+ 12 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201203-b7ayh5g58s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Blacklisted process makes network request
Unpacked files
SH256 hash:
8773b41b659c9e21f3ed0440869ea4f8955e09171e89430af2b8945a69b03e94
MD5 hash:
5c4c2ca52ae089ebe91070ed37f73c88
SHA1 hash:
4cb1329d93d9fb9d3a6a68556dc0e6d5aeccccd2
Link:
https://www.unpac.me/results/9f1dfece-491c-47ec-bc84-ca236428d097/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8773b41b659c9e21f3ed0440869ea4f8955e09171e89430af2b8945a69b03e94

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/106556/

Comments