MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 912c7862289ed0e63f8617f075c9479d90190e3dd1b5a173ae43cc58d95c5b56. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 912c7862289ed0e63f8617f075c9479d90190e3dd1b5a173ae43cc58d95c5b56
SHA3-384 hash: a95a20218c2e64a75aa226e3c20d1f3822222a473eeec81b11703f993c8dfb9718f992a8c003e178a8808635ae10885f
SHA1 hash: 18dd64d375aecf93b2a0fd5083ba92579a6bf086
MD5 hash: ee6fdcaafa7812341f8ffc774eb174df
humanhash: coffee-east-aspen-washington
File name:SecuriteInfo.com.Trojan.VbCrypt.96.16835.8046
Download: download sample
File size:27'652 bytes
First seen:2023-10-07 09:34:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 09d0478591d4f788cb3e5ea416c25237 (4 x Worm.Mofksys, 3 x Blackmoon, 2 x Gh0stRAT)
ssdeep 768:CR//5pzhAMbwBvF7QceDSjbjPoMU4Y2O6:A7FAM0LQqvPm4T9
TLSH T1A0C2BF3A539A02DCFEA46E7511D92DF35926F5624902928F32C00D1FCB776DCE98631E
TrID 49.9% (.EXE) Win32 EXE PECompact compressed (v2.x) (59069/9/14)
35.1% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
4.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
3.8% (.EXE) Win32 Executable (generic) (4505/5/1)
1.7% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):PE icon
dhash icon 30d5c060f0f0360e
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
314
Origin country :
FR FR
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.VbCrypt.96.16835.8046.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Gathering data
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
masquerade overlay packed packed packed pecompact
Link:
https://www.filescan.io/uploads/652126584d45a517a3436c94/reports/6539cfe3-4377-43a8-8675-57c50520da9a/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/912c7862289ed0e63f8617f075c9479d90190e3dd1b5a173ae43cc58d95c5b56
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/c2fd0618-1804-4556-96f6-78ab921447aa
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1321428
Signature
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/912c7862289ed0e63f8617f075c9479d90190e3dd1b5a173ae43cc58d95c5b56/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2011-06-02 05:35:00 UTC
File Type:
PE (Exe)
Extracted files:
9
AV detection:
11 of 38 (28.95%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sewhqyrit3iomp4gc7yhlskhtwibsdr52g22c45oipgfrwk4lnla._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/231007-lkgb5acg55/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
2c5dc1ee0673e3583ef9a0b5cb4e0596649791890dfff04a1625c97c945db05b
MD5 hash:
2d5d7fbbd88fcc171af08148fcfc6e02
SHA1 hash:
44088d0a1589ef7ddf043adabb0694a5268387e3
Link:
https://www.unpac.me/results/20ae106b-0c58-41c2-834a-4eedcc5bad0b/
SH256 hash:
912c7862289ed0e63f8617f075c9479d90190e3dd1b5a173ae43cc58d95c5b56
MD5 hash:
ee6fdcaafa7812341f8ffc774eb174df
SHA1 hash:
18dd64d375aecf93b2a0fd5083ba92579a6bf086
Link:
https://www.unpac.me/results/20ae106b-0c58-41c2-834a-4eedcc5bad0b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/912c7862289ed0e63f8617f075c9479d90190e3dd1b5a173ae43cc58d95c5b56

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pecompact2
Create hunting rule
Author:Kevin Falcoz
Description:PECompact
Rule name:PECompact2xxBitSumTechnologies
Create hunting rule
Author:malware-lu
Rule name:PECompactV2XBitsumTechnologies
Create hunting rule
Author:malware-lu
Rule name:PECompactv2xx
Create hunting rule
Author:malware-lu
Rule name:SEH__vba
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments