MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cf318151897b3c240807d584ce49fcf75e9d62312a30ceb0c189730f1d787ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Adware.Softcnapp

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	8cf318151897b3c240807d584ce49fcf75e9d62312a30ceb0c189730f1d787ce
SHA3-384 hash:	cfb111940cd0eeee9f35bbc74eae5cedee2efa453a4e97f2118efa36f4fb59bd91145a654fe68997585cb1fbb06cfcfd
SHA1 hash:	5a66bd97e433d722a775e13c4e0b7a2759df4603
MD5 hash:	9d5837e47adef4d5abc748b7f73a6785
humanhash:	mirror-butter-enemy-tennis
File name:	SecuriteInfo.com.Adware.Softcnapp.113.15627.10884
Download:	download sample
Signature	Adware.Softcnapp Create hunting rule
File size:	2'188'048 bytes
First seen:	2022-04-14 10:33:53 UTC
Last seen:	2022-04-20 10:21:38 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	230c7a135fe1b931100367aa5e17de95 (1 x Adware.Softcnapp)
ssdeep	24576:Dv+VnCubQ7eJCmmcXEuf7EDmrZ0vpiUbqJdYgFJiWf2tH/g5pxOoOdrlQTzJ9Cpi:KdWCEUCfKmPlQT19d4RZc3Jtyx9mebe
TLSH	T1BFA59D3479428133E6B20274E9E9AB27E829BD7527104CC7E3C53A1F45715C26A7AF2F
TrID	88.3% (.CPL) Windows Control Panel Item (generic) (197083/11/60) 4.7% (.EXE) Win64 Executable (generic) (10523/12/4) 2.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 2.0% (.EXE) Win32 Executable (generic) (4505/5/1) 0.9% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	9aacccccca80e0b8 (1 x Adware.Softcnapp)
Reporter	SecuriteInfoCom
Tags:	Adware.Softcnapp exe signed

Code Signing Certificate

Organisation:	浙江自贸区耀光网络科技有限公司
Issuer:	DigiCert Assured ID Code Signing CA-1
Algorithm:	sha1WithRSAEncryption
Valid from:	2019-06-24T00:00:00Z
Valid to:	2020-07-01T12:00:00Z
Serial number:	0b61992610a9fe059d458ba79f907c38
Thumbprint Algorithm:	SHA256
Thumbprint:	9175811c22c76f70de6f2c2706acec554914749447ae2bb83016edfa0c83ef3a
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

322

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Adware.Softcnapp.113.15627.10884

Verdict:

Malicious activity

Analysis date:

2022-04-14 10:56:53 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/628136d9-8889-415b-9bbf-3f72acddadac

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/263651/

Detection(s):

SecuriteInfo.com.Adware.Softcnapp.113.15627.10884.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a file

DNS request

Connecting to a non-recommended domain

Sending an HTTP GET request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/13837/overview

Behaviour

MalwareBazaar

MeasuringTime

EvasionQueryPerformanceCounter

CheckCmdLine

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug explorer.exe fingerprint greyware hacktool overlay packed

Link:

https://www.filescan.io/uploads/6257f8aaeab80a7a6c12178d/reports/e943d4fd-4271-48c9-94d6-2ba13572fe77/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Softcnapp

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/c6f49564-e8c7-4bb8-9fcb-b7f13c59ac4d

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/976733

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to infect the boot sector

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8cf318151897b3c240807d584ce49fcf75e9d62312a30ceb0c189730f1d787ce/

Threat name:

Win32.Adware.Burden

Status:

Malicious

First seen:

2019-10-03 13:27:29 UTC

File Type:

PE (Exe)

Extracted files:

197

AV detection:

19 of 42 (45.24%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rtzrqfiys6z4eqeapvmezze7z526tvrdckrqz2ymdcltb4oxq7ha._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220414-ml4pgsbacn/

Behaviour

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Unpacked files

SH256 hash:

8cf318151897b3c240807d584ce49fcf75e9d62312a30ceb0c189730f1d787ce

MD5 hash:

9d5837e47adef4d5abc748b7f73a6785

SHA1 hash:

5a66bd97e433d722a775e13c4e0b7a2759df4603

Link:

https://www.unpac.me/results/ad0c21d6-5dee-4307-94d6-aeebf1648b06/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.59

Link:

https://yomi.yoroi.company/submissions/8cf318151897b3c240807d584ce49fcf75e9d62312a30ceb0c189730f1d787ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/263651/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample