MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94b85015bb3beb57e1810aec53712b8158fa10e3a970b0ee65484be34b3073cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA 3 File information Comments

SHA256 hash:	94b85015bb3beb57e1810aec53712b8158fa10e3a970b0ee65484be34b3073cd
SHA3-384 hash:	89ad8cef8d146687acece72bc574a753013444efd2753c5c1941863edb38dcb7a4b380cde0c8eac52cb3edce51a07975
SHA1 hash:	ecdd7b853231f56303094e5aa852a48b34c452f5
MD5 hash:	aa8321068fbffca382dab33462680344
humanhash:	golf-autumn-summer-equal
File name:	财神助手2.4.exe
Download:	download sample
File size:	5'227'384 bytes
First seen:	2021-03-27 14:19:21 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	154540bbdd214afb1c672e5274076423
ssdeep	49152:pD/L1frgGBD7mAadTATtsuiL3jTnIzdNqoTt1jVEgHztu+thX44ifGJtSqeQLgz9:1R1ZsfL3vnIzdNBhVzArOSqeDalc6di
Threatray	1 similar samples on MalwareBazaar
TLSH	CD36E012E64180B3D1153A7059B38B39AF709EA25D27C683D7D1FDB93F72A63E22610D
Reporter	vm001cn
Tags:	exe flystudio

Intelligence

File Origin

# of uploads :

# of downloads :

158

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

财神助手2.4.exe

Verdict:

Malicious activity

Analysis date:

2021-03-25 04:41:08 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/02522260-5831-4820-a326-37b57289befc

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/127265/

Detection(s):

Win.Malware.Generic-9820446-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the %temp% directory

DNS request

Sending a custom TCP request

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/853a0915-49c4-4ab5-8d6d-b142b7a0fb84

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/655862

Signature

Contains functionality to infect the boot sector

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/94b85015bb3beb57e1810aec53712b8158fa10e3a970b0ee65484be34b3073cd/

Threat name:

Win32.PUA.FlyStudio

Status:

Malicious

First seen:

2021-03-25 06:12:55 UTC

AV detection:

12 of 28 (42.86%)

Threat level:

1/5

Verdict:

malicious

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/210327-3vz4fy2je2/

Behaviour

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Loads dropped DLL

UPX packed file

Unpacked files

SH256 hash:

982a177924762f270b36fe34c7d6847392b48ae53151dc2011078dceef487a53

MD5 hash:

8b6c94bbdbfb213e94a5dcb4fac28ce3

SHA1 hash:

b56102ca4f03556f387f8b30e2b404efabe0cb65

Link:

https://www.unpac.me/results/2f485964-9b86-4719-a752-eba739e7023c/

SH256 hash:

28f3b0f65b1b46788bab40d8ab2c501d9f41de48de905e68f1d407cdd1434744

MD5 hash:

8ef5e7f7f69b1f7c5e0dd4307b759605

SHA1 hash:

82e554e1aa3810bf4d0c15239e607b792eaaaa58

Link:

https://www.unpac.me/results/2f485964-9b86-4719-a752-eba739e7023c/

SH256 hash:

f0f18dd524bffa64526249c038d5d035bafdb4ab8cb9232ef24b08e626eae267

MD5 hash:

bdedc2ac972908ac45443a85e8ec3e88

SHA1 hash:

46b5571e59de381f5243565947020f549f76019a

Link:

https://www.unpac.me/results/2f485964-9b86-4719-a752-eba739e7023c/

SH256 hash:

94b85015bb3beb57e1810aec53712b8158fa10e3a970b0ee65484be34b3073cd

MD5 hash:

aa8321068fbffca382dab33462680344

SHA1 hash:

ecdd7b853231f56303094e5aa852a48b34c452f5

Link:

https://www.unpac.me/results/2f485964-9b86-4719-a752-eba739e7023c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

FlyStudio

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/94b85015bb3beb57e1810aec53712b8158fa10e3a970b0ee65484be34b3073cd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Email_stealer_bin_mem Create hunting rule
Author:	James_inthe_box
Description:	Email in files like avemaria

Rule name:	IPPort_combo_mem Create hunting rule
Author:	James_inthe_box
Description:	IP and port combo

Rule name:	suspicious_packer_section Create hunting rule
Author:	@j0sm1
Description:	The packer/protector section names/keywords
Reference:	http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/127265/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample