MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 938737343419255ebcf31b29a33e9af083535c0b12f72ab7eeafc6d63dd6ab8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA 3 File information Comments

SHA256 hash:	938737343419255ebcf31b29a33e9af083535c0b12f72ab7eeafc6d63dd6ab8b
SHA3-384 hash:	e479b42a34d0f2383370cbe81985be492c011c85acf160c11732d32d88180551295d88f3b357d7c883abeef7e4aa5d31
SHA1 hash:	1147d3e95752a48e5d9c48fb9f2da818acbe93a5
MD5 hash:	2f4e8e112f4ba3a590b7d82ae1560408
humanhash:	failed-mike-zulu-nevada
File name:	SecuriteInfo.com.Win64.Malware-gen.23735.30157
Download:	download sample
File size:	25'552 bytes
First seen:	2025-07-17 19:29:02 UTC
Last seen:	2025-07-17 20:20:09 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	df552bc149e9cfef3db42fe67d0113d2
ssdeep	384:HztVRdFf06hAAq5/7kR5r72Wb/wfT3iEx7bLDUNXP3:HzjRdtDr/i3iUbLDUNX/
TLSH	T182B25CE77B2038D7E96B843CE1944123E6B1F2D21B2106DF4A71C26A4F5B7F22B36549
TrID	56.5% (.EXE) Win64 Executable (generic) (10522/11/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe signed

Code Signing Certificate

Organisation:	Microsoft Windows Early Launch Anti-malware Publisher
Issuer:	DigiCert Inc.
Algorithm:	sha1WithRSAEncryption
Valid from:	2024-08-26T00:53:50Z
Valid to:	2054-08-26T00:53:50Z
Serial number:	-61de748e2acc1b44fb1767bb72fbc913
Thumbprint Algorithm:	SHA256
Thumbprint:	4829f616954b3cc92c91d1a3b22ea26d8a0859e3d60f57f55430b3861047d0f0
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Vision Free Temp (3).exe

Verdict:

Suspicious activity

Analysis date:

2025-03-11 00:03:27 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/c569e40a-ed1d-4474-89f3-9e6dca4e5a09

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/15107/

Detection(s):

SecuriteInfo.com.Win64.Malware-gen.23735.30157.UNOFFICIAL

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68794f102f623871a5ef381b

Tags:

injection obfusc virus

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

microsoft_visual_cc obfuscated overlay signed

Link:

https://www.filescan.io/uploads/68794f1519132d98488233ce/reports/aa965b05-bb40-4a9f-9bde-13cc639f48dc/overview

Verdict:

Malicious

Labled as:

Tedy.Generic

Link:

https://www.hybrid-analysis.com/sample/938737343419255ebcf31b29a33e9af083535c0b12f72ab7eeafc6d63dd6ab8b

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/c4257c1c-4b25-4a7e-8fec-c3fbd796cfdb

Score:

25%

Verdict:

Benign

File Type:

Link:

https://malprob.io/report/938737343419255ebcf31b29a33e9af083535c0b12f72ab7eeafc6d63dd6ab8b

Verdict:

inconclusive

YARA:

3 match(es)

Tags:

Executable PDB Path PE (Portable Executable) Win 64 Exe x64

Link:

https://app.malva.re/file/2f4e8e112f4ba3a590b7d82ae1560408

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/938737343419255ebcf31b29a33e9af083535c0b12f72ab7eeafc6d63dd6ab8b/

Verdict:

Malicious

Threat:

Win64.Trojan.Kepavll

Link:

https://tip.neiki.dev/file/938737343419255ebcf31b29a33e9af083535c0b12f72ab7eeafc6d63dd6ab8b

Threat name:

Win64.Trojan.Kepavll

Status:

Malicious

First seen:

2024-09-03 02:53:37 UTC

File Type:

PE+ (Sys)

AV detection:

18 of 36 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=sodtonbudesv5phtdmu2gpu26cbvgxalcl3svn7ov7dnmpowvofq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/250717-x7b7gaer9x/

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/fd56b1a5-be04-4d20-9fd6-1cd6cd350ea5

Unpacked files

SH256 hash:

938737343419255ebcf31b29a33e9af083535c0b12f72ab7eeafc6d63dd6ab8b

MD5 hash:

2f4e8e112f4ba3a590b7d82ae1560408

SHA1 hash:

1147d3e95752a48e5d9c48fb9f2da818acbe93a5

Link:

https://www.unpac.me/results/5f080e6d-334a-48fe-8c63-943fafc618d3/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/938737343419255ebcf31b29a33e9af083535c0b12f72ab7eeafc6d63dd6ab8b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	signed_sys_with_vulnerablity Create hunting rule
Author:	wonderkun
Description:	signed_sys_with_vulnerablity

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 938737343419255ebcf31b29a33e9af083535c0b12f72ab7eeafc6d63dd6ab8b

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3585011/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/15107/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (FORCE_INTEGRITY)	high

Reviews

ID	Capabilities	Evidence
KERNEL_API	Manipulates Windows Kernel & Drivers	ntoskrnl.exe::IoGetDeviceObjectPointer ntoskrnl.exe::RtlInitString ntoskrnl.exe::RtlInitUnicodeString

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample