MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94fff127753ed1d704c781b5c391f5e62f4a907b67f7e1d51c3c84addd5851ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash: 94fff127753ed1d704c781b5c391f5e62f4a907b67f7e1d51c3c84addd5851ab
SHA3-384 hash: a9893fc9e6fd9002f093528567301b5a6e4b2c8ae4a15356dc4cb614d5c3c9f0e95fc79876497101237e67d21b6cbc87
SHA1 hash: 6684d0ffde174052a03931981262dc0a7cb9891c
MD5 hash: 039ce25d495fa555ae1c210592b564d0
humanhash: virginia-queen-colorado-lamp
File name:94fff127753ed1d704c781b5c391f5e62f4a907b67f7e1d51c3c84addd5851ab
Download: download sample
Signature n/a
File size:202'240 bytes
First seen:2021-01-31 14:47:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 976c9384d1a3c367e491662f20af4316
ssdeep 3072:RD9PfpJ/v2bIfdjba+htCsw0qv2AYjGX9E7e+q8EOADhpsWgXDeet78Bx/rUyMHL:RXJWbUTwsTqvdMO9nnSmphgTeE4B+8U
Threatray 7 similar samples on MalwareBazaar
TLSH F514128AB5AE3D32EDCB4B3D1490310597F8746236A64ADB1E62313AFB709C3B751709
Reporter @tildedennis
Tags:unnamed 3


Twitter
@tildedennis
unnamed 3 version 3.0.1.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
110
Origin country :
FR FR
Mail intelligence
Gathering data
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
94fff127753ed1d704c781b5c391f5e62f4a907b67f7e1d51c3c84addd5851ab
Verdict:
Malicious activity
Analysis date:
2021-01-31 14:49:01 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2011-11-02 20:15:00 UTC
AV detection:
25 of 25 (100.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence upx
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Adds Run key to start application
Maps connected drives based on registry
Deletes itself
Loads dropped DLL
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
a389f8fcc77cd0e1721ee86e7c82d9a5b4555927ddeed3622a84a66cbc6dff9f
MD5 hash:
1c1af96545df4d13f7521638eb900c99
SHA1 hash:
fc12415976349a3e52485a080f922f9519bdd7d4
SH256 hash:
eb5614009f1663bb4e1d8f9365edc425a24319ea4920b58e03a79acfe910ac1b
MD5 hash:
1c456bfd7b7809d0d2436b189e992fea
SHA1 hash:
1840e6675301c02e701b501eef282e2c367b6561
SH256 hash:
94fff127753ed1d704c781b5c391f5e62f4a907b67f7e1d51c3c84addd5851ab
MD5 hash:
039ce25d495fa555ae1c210592b564d0
SHA1 hash:
6684d0ffde174052a03931981262dc0a7cb9891c

YARA Signatures


MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:suspicious_packer_section
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments