MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 896bc923098c0e59a04d004c83812e487870c370ae1bd19e1841afeb6f204366. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.Generic


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 896bc923098c0e59a04d004c83812e487870c370ae1bd19e1841afeb6f204366
SHA3-384 hash: 2ef3a8830e71c868ba0ff4fa7d94d3d0dd3051d7c342c199a7307b14e368dd9b98cb2bd265dda8577f6b3fd5593dc756
SHA1 hash: 5acade5bbf96d43cd212e2379ecbd4923d0dd44e
MD5 hash: 5e312d3b677e7e8c699b1d724f8cadfa
humanhash: ten-sierra-failed-lemon
File name:SecuriteInfo.com.Trojan.Siggen18.24073.25338.14836
Download: download sample
Signature Adware.Generic
Create hunting rule
File size:3'844'243 bytes
First seen:2024-03-03 22:27:50 UTC
Last seen:2024-03-03 23:22:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e569e6f445d32ba23766ad67d1e3787f (262 x Adware.Generic, 41 x RecordBreaker, 24 x RedLineStealer)
ssdeep 98304:8kLZGLloT7QYTRRx5yNUjlMJ2KWd+8BprX:7ZmloTbTRRny4KWvBprX
Threatray 503 similar samples on MalwareBazaar
TLSH T1B906F13BB658253ED9AE063246735750DD77B6A1B4268C2A1BF40C0FFF265300E3B666
TrID 46.7% (.EXE) Inno Setup installer (107240/4/30)
25.0% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
18.1% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
4.5% (.EXE) Win64 Executable (generic) (10523/12/4)
1.9% (.EXE) Win32 Executable (generic) (4504/4/1)
File icon (PE):PE icon
dhash icon eedef8f8b3f6f8f1 (1 x Adware.Generic)
Reporter SecuriteInfoCom
Tags:Adware.Generic exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
330
Origin country :
FR FR
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen18.24073.25338.14836.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
fingerprint installer lolbin overlay packed setupapi shell32
Link:
https://www.filescan.io/uploads/65e4f9747ce606140b1b95dc/reports/c87a1d3d-7abc-4306-aace-747558327f34/overview
Verdict:
Malicious
Labled as:
Malware/Generic
Link:
https://www.hybrid-analysis.com/sample/896bc923098c0e59a04d004c83812e487870c370ae1bd19e1841afeb6f204366
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/badf302f-381e-4bcd-8a14-33f63593c501
Result
Threat name:
n/a
Detection:
suspicious
Classification:
n/a
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/1402241
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
85%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/896bc923098c0e59a04d004c83812e487870c370ae1bd19e1841afeb6f204366
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/896bc923098c0e59a04d004c83812e487870c370ae1bd19e1841afeb6f204366/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rfv4siyjrqhfticnabgihajojb4hbq3qvyn5dhqyigx6w3zainta._file
Verdict:
unknown
Similar samples:
10abc7e98ee0c33b37460e25d8bc0b4f73670956feda2c1f4ca5551ee5c81ec5
Adware.Generic
1787a87f208cd0898943bd70e7e76a2c8b1b39679b20a6ac57d13ff98fd72aa4
Adware.Generic
2794a389b698f1b7454748669384233ae51c74972087c6031e9c82d9bc68c50f
Adware.Generic
3c68021a0cfd53b56a90a6e956750b4554d25c184d2e12239a8c47b4363cd50d
Adware.Generic
9f501e75fa1f86aca08cecdd4b3fe11676a0aebac9f34cbbbfb12f43a2a075ec
Adware.Generic
ad1795113e302772c08f24c6c1947da43b2b9c82c77c9c906ec616fb39214f8b
Adware.Generic
b4a43d415fd5a2c769303c37e6b0f67eb92b317b71e8c5b064dbbed04338eb33
Adware.Generic
ccc6693d703b68b3bd0e697cbff8f1f59cb4b5aed29da770d8000f3dc61917c1
Adware.Generic
fc0eaa455a3b09a26def63c96b08b5bd855576634a91778fdcef6e3f91099199
Adware.Generic
+ 493 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/240303-2dmtbsaa2w/
Behaviour
Modifies system certificate store
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
290aecc9e42740188ede5fd23bb8aed2d17ade970326f04372c5a3556e7c8fd0
MD5 hash:
7f322055abdf1f4f6423cea808ed0bb6
SHA1 hash:
094ce280203b08da304ecf6e6494fb8a2a391e9f
Link:
https://www.unpac.me/results/47a31cee-e061-42f8-889c-75a9ffcfb7af/
SH256 hash:
e0c4886191bdc9c6f90417fa603d2660924ad44478337af4254168bf0664bc46
MD5 hash:
7325251f445a86a47f444d9961ae489d
SHA1 hash:
70b27129d3c569673d66a8214a07214c53f94a36
Link:
https://www.unpac.me/results/47a31cee-e061-42f8-889c-75a9ffcfb7af/
SH256 hash:
8186752cb0ded28f933db01b2286a7586b6fd4c90c916fb097a3e435d6e98647
MD5 hash:
4bfc725db899101124199a79b1b9c952
SHA1 hash:
1703e80e991da109c0b51179b98bb1d0b68412ca
Link:
https://www.unpac.me/results/47a31cee-e061-42f8-889c-75a9ffcfb7af/
SH256 hash:
896bc923098c0e59a04d004c83812e487870c370ae1bd19e1841afeb6f204366
MD5 hash:
5e312d3b677e7e8c699b1d724f8cadfa
SHA1 hash:
5acade5bbf96d43cd212e2379ecbd4923d0dd44e
Link:
https://www.unpac.me/results/47a31cee-e061-42f8-889c-75a9ffcfb7af/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User Authorizationadvapi32.dll::ConvertSidToStringSidW
advapi32.dll::ConvertStringSecurityDescriptorToSecurityDescriptorW
SECURITY_BASE_APIUses Security Base APIadvapi32.dll::AdjustTokenPrivileges
advapi32.dll::GetTokenInformation
WIN32_PROCESS_APICan Create Process and Threadskernel32.dll::CreateProcessW
advapi32.dll::OpenProcessToken
kernel32.dll::CloseHandle
kernel32.dll::CreateThread
WIN_BASE_APIUses Win Base APIkernel32.dll::LoadLibraryA
kernel32.dll::LoadLibraryExW
kernel32.dll::LoadLibraryW
kernel32.dll::GetSystemInfo
kernel32.dll::GetStartupInfoW
kernel32.dll::GetDiskFreeSpaceW
WIN_BASE_IO_APICan Create Fileskernel32.dll::CreateDirectoryW
kernel32.dll::CreateFileW
kernel32.dll::DeleteFileW
kernel32.dll::GetWindowsDirectoryW
kernel32.dll::GetSystemDirectoryW
kernel32.dll::GetFileAttributesW
WIN_BASE_USER_APIRetrieves Account Informationadvapi32.dll::LookupPrivilegeValueW
WIN_REG_APICan Manipulate Windows Registryadvapi32.dll::RegOpenKeyExW
advapi32.dll::RegQueryValueExW
WIN_USER_APIPerforms GUI Actionsuser32.dll::PeekMessageW
user32.dll::CreateWindowExW

Comments