MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88cccaca80ef790f867c988dfe8ed74cedf55bf83cf776498ce2a43df69d8e17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88cccaca80ef790f867c988dfe8ed74cedf55bf83cf776498ce2a43df69d8e17
SHA3-384 hash: dce9cd80e5450fdf6fa44c69747a795533fc0b5a0d98959313b34fcee608136a1500f1c6c6f54ff1f72dced9e2422c0b
SHA1 hash: b9ed60f0b267c8a56c904752c03abeb4fc76cb92
MD5 hash: 3064aef872e09fa434ff61d66c2db930
humanhash: high-alpha-freddie-angel
File name:3064aef872e09fa434ff61d66c2db930.bin
Download: download sample
File size:44'544 bytes
First seen:2024-05-26 00:31:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 768:vY+OvuxEi74MUs8bC6IVl4fyTLhPxUUhjAR9gXFfKEVxX4V4bsg9ovN:vYnvuuzMULJLfyTV5WrAN4V4bDoV
TLSH T118137B8777D1A8F3DD5000722379B76A6BAEDD335024A987C7A84DC120725E3963BE1B
TrID 47.2% (.EXE) Win32 Executable (generic) (4504/4/1)
21.0% (.EXE) Generic Win/DOS Executable (2002/3)
20.9% (.EXE) DOS Executable Generic (2000/1)
10.5% (.SCORE) Music Craft Score (1007/6)
0.1% (.DBF) Sybase iAnywhere database files (19/3)
Reporter tildedennis
Tags:exe prg


Avatar
tildedennis
prg version 1.0.6.18

Intelligence

File Origin
# of uploads :
1
# of downloads :
304
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
88cccaca80ef790f867c988dfe8ed74cedf55bf83cf776498ce2a43df69d8e17.exe
Verdict:
Malicious activity
Analysis date:
2024-05-26 00:33:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cd89faac-6b43-4148-b75d-9215b300215e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Malware.Zbot-9756745-0
Create hunting rule

Win.Malware.Zbot-9951823-0
Create hunting rule

Win.Malware.Zbot-9969502-0
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=665282ef45e4ae477039015cwin7simulatehigh_evasion
Tags:
Xpack
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade packed xpack
Link:
https://www.filescan.io/uploads/665282ca9c0b71aaf52672fe/reports/f16bf9e8-22d8-454b-8d3f-a0a346d9dc8d/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/88cccaca80ef790f867c988dfe8ed74cedf55bf83cf776498ce2a43df69d8e17
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/b8f9151a-12c8-4919-8079-a91bb8b9652d
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1447599
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/88cccaca80ef790f867c988dfe8ed74cedf55bf83cf776498ce2a43df69d8e17
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88cccaca80ef790f867c988dfe8ed74cedf55bf83cf776498ce2a43df69d8e17/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2024-05-20 23:38:00 UTC
File Type:
PE (Exe)
AV detection:
35 of 38 (92.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rdgmvsua554q7bt4tcg75dwxjtw7kw7yht3xmsmm4ksd35u5rylq._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240526-at25eagg75/
Behaviour
Program crash
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/ef250cb6-83af-45b6-8c4c-02f52ab1ce26
Unpacked files
SH256 hash:
88cccaca80ef790f867c988dfe8ed74cedf55bf83cf776498ce2a43df69d8e17
MD5 hash:
3064aef872e09fa434ff61d66c2db930
SHA1 hash:
b9ed60f0b267c8a56c904752c03abeb4fc76cb92
Link:
https://www.unpac.me/results/1cf0eba5-a168-4c24-94f1-857e852c7bfa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.24
Link:
https://yomi.yoroi.company/submissions/88cccaca80ef790f867c988dfe8ed74cedf55bf83cf776498ce2a43df69d8e17

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:zbot
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/prg/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments