MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96d1a194f5dc6fbecb472b5b39c1c5fddcbe7b8d6f5a879d106f8a5c28aa1334. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Adware.Generic

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	96d1a194f5dc6fbecb472b5b39c1c5fddcbe7b8d6f5a879d106f8a5c28aa1334
SHA3-384 hash:	500628e68f66a122fc813350adcae2f9820276b5675aca81f156bac1803459d09a5c5261c28b1b9393207f5d541d94cf
SHA1 hash:	f1ee353477b751da3e8a039a955db5c24efc936c
MD5 hash:	2e8dc08fbd25401117f6cbcc0319f33b
humanhash:	mike-eighteen-robin-aspen
File name:	orbi-valorant-injector.exe
Download:	download sample
Signature	Adware.Generic Create hunting rule
File size:	3'176'424 bytes
First seen:	2021-06-18 02:06:23 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e00de6e48b9b06aceb12a81e7bf494c9 (20 x Adware.Generic, 1 x CoinMiner)
ssdeep	98304:bG5QgxEwE6X/foVF2OjVvgxyJWiD+aS2OSrT4:bG5pjq2c8yYiD++fg
Threatray	9 similar samples on MalwareBazaar
TLSH	3CE533123CF54177FAC14872A8646ED4E0F8E6280FB14DE7375E8A2D7F3925192287E9
Reporter	ShinigamiOwl
Tags:	Adware Adware.Generic exe

Intelligence

File Origin

# of uploads :

# of downloads :

329

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

orbi-valorant-injector.exe

Verdict:

No threats detected

Analysis date:

2021-06-18 02:09:16 UTC

Tags:

installer

Link:

https://app.any.run/tasks/57b8c1be-53f7-4d74-aecb-17640b0ea7ec

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/166705/

Detection(s):

SecuriteInfo.com.Trojan.Vittalia.18899.7239.14908.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.16315.17849.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.23765.15295.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.15897.124.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.5845.5582.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.9725.1671.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.11186.29307.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.432.23540.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.30820.8518.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.11984.4138.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.4290.27069.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.8813.22807.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.942.18291.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.9011.5167.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.4256.12487.UNOFFICIAL

SecuriteInfo.com.Trojan.Vittalia.18899.6079.12975.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/e93710c4-3ef4-4040-98d2-fba297b92694

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/804058

Signature

Multi AV Scanner detection for submitted file

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/96d1a194f5dc6fbecb472b5b39c1c5fddcbe7b8d6f5a879d106f8a5c28aa1334/

Threat name:

Win32.PUA.Presenoker

Status:

Malicious

First seen:

2021-06-18 02:07:10 UTC

AV detection:

16 of 46 (34.78%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=s3i2dfhv3rx35s2hfnnttqof7xol464nn5niphiqn6ffykfkcm2a._file

Verdict:

suspicious

Adware.Generic

45ccf8e379c900f0c7496e4debe1ad4550256f6162383baba5f1344e5d9ca250

Adware.Generic

5199bcc83cf3eb34e56478868237b872fe3795b3ee5b04395ac805a98425801d

Adware.Generic

6709a2d7925248fe172e9bc5495f45b9bb74060c43e1c58e671f0e6c434fd82b

Adware.Generic

7ff82a6621e0dd7c29c2e6bcd63920f9b58bc254df9479618b912a1e788ff18b

Adware.Generic

a751b1f39e0eb2ab9a6246ad1597c6df78ccacde11c723c710498f01146739d1

Adware.Generic

ce7fab69a6c10146ac89e121fbe204ca424cd886c4763674eb2e9260b2f6b722

Adware.Generic

d27db19db72691d403d38243719346bca79efb3f81b6c44d9fd3cd9dfff83b9d

Adware.Generic

dc4e1c802da2d466553edf5214995a10c49306b9dd9d87a90385c7f20f29adca

Adware.Generic

Result

Malware family:

n/a

Score:

8/10

Tags:

discovery

Link:

https://tria.ge/reports/210618-peen5s3vwe/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks for any installed AV software in registry

Checks installed software on the system

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

82fec7aed6040d6d74c666e720bdee7eabd90e665e4fdc60025c191cec09e254

MD5 hash:

c21e7f55073112f7c19a7a351f128d14

SHA1 hash:

f9b80013409033089eca366cb2a02ab70d9bd5d7

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

SH256 hash:

ce735cfac1095f959224b676727c0a0481979e371015b241471a47ed975dfb02

MD5 hash:

6d31668ba88d03253b38a85bed3c9dee

SHA1 hash:

7b62340c57aa81948fa62d217c4abd23bc62fd97

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

SH256 hash:

c5f7946752a5eb082c712bc96bc975460c83aa07d9362440acee47c247f509e1

MD5 hash:

080c9fa736f1843439518abd9f9cd96a

SHA1 hash:

60b2aed31677ea5d804daa9964e015938be86499

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

SH256 hash:

cb920dbaa7a09c613867c1639aed296673c0c55c6b6ee323e881e05fc0e653fc

MD5 hash:

b2bea02f855fb6786c050a510bca09c8

SHA1 hash:

3bbc834ff16cfa6821488d7ac00496f1fadba91b

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

SH256 hash:

e544ba45004d688628f70436ff69cfd7540679346b62133dde2c4c9a5e0e66fb

MD5 hash:

7cd0653a0cbe058b8335c520a35c8ca6

SHA1 hash:

2f0bfad530dc671d4fc3ad1910a3bcd06f41df33

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

SH256 hash:

042fb25cf5b11d72bc73b3930e39988f720658073ab112b93bcac998c3e58f34

MD5 hash:

f2d7c2af33cc59053218f784ce28a1f8

SHA1 hash:

0e1bc9cf0e3628b84473a49ee598eba9521074e9

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

SH256 hash:

186540a55383c43f2c2bf248e917de72a785c6a4df2ad08637b3abc5ba8e2525

MD5 hash:

d27a568738668ccd506a7c2d6cc53006

SHA1 hash:

0b207f04acd7a9d8098645f6e8d622e5fc20b267

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

SH256 hash:

03080498d08c219afcee9c05652e10a94c28541e954fe192d460ea57407b59ea

MD5 hash:

8666996ba399eefa9987b593d16da7dc

SHA1 hash:

f8444b7f495892fd902f7714df809e9cc723fe3a

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

SH256 hash:

5bffd2a67b2d2fa197faa26198ab5332d1f82e74ed7cc13220af109ef53aedba

MD5 hash:

daea4e9e789130cdb3b201d90ac806f7

SHA1 hash:

bd8e06531dcd0b75042bcad89929b709afa396aa

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

SH256 hash:

54cece311f140a4804c276e81e2b4ea184670748b08b14e690f6c385051bbdf2

MD5 hash:

24aa32bbaa182195715a2fc565531cf4

SHA1 hash:

a32b373da158922b767f4c899ef942996bec49ad

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

SH256 hash:

864e7b321fa66ad14de3334687c23e07b06d76165620da83ffcf563c072bd12f

MD5 hash:

58476d7521e18ba02a082484a2e7a327

SHA1 hash:

a1010ad05b74b551f34b9814534bf1c82a4f953f

Detections:

win_karkoff_auto

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

Parent samples :

7ff82a6621e0dd7c29c2e6bcd63920f9b58bc254df9479618b912a1e788ff18b
96d1a194f5dc6fbecb472b5b39c1c5fddcbe7b8d6f5a879d106f8a5c28aa1334
fdc92c2f55c2d75500a2fd3c428f8ffc0b3f060240a70e51c31ed33f5912e611
9eb235579cedafa21ced3c3fd2c1f2e43adac5e85b6a5553499742b23af32656
63e7fff26714fad07cb3f12293684a40e25c7b2bf2be5f5e5a94c9935a8fc5cd
d648e8e94c0674e6b1bd537936a33a39c33d3429d34fb70b97ff7f60904c9c84

SH256 hash:

31cfefe9e5c7e7188e86a926a4b45a97be998fed46b5dd67cdf4c294d9d74db8

MD5 hash:

ad0cccb87e9e9530a1c5246181d5a11b

SHA1 hash:

8e1e2a8e3e46520a04e55e48595f28232fa93616

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

SH256 hash:

e2e640864e9ff6415d401fa1a7ad1712cf14804e5f32d024cfe53c3e5a1fbc3a

MD5 hash:

58656d65002c7ba0f38715c1dc36dee4

SHA1 hash:

2202e897058e3a5e3acd98180f854cc161b2476e

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

SH256 hash:

f450a6eb9e20457fac98008583bcc0f01b72371bea091006353b5b3880d6cac1

MD5 hash:

ae0b67b8260d92faaf9d2036d957616b

SHA1 hash:

324a30da91bc775c35e6d905b4a05db7c653b142

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

SH256 hash:

96d1a194f5dc6fbecb472b5b39c1c5fddcbe7b8d6f5a879d106f8a5c28aa1334

MD5 hash:

2e8dc08fbd25401117f6cbcc0319f33b

SHA1 hash:

f1ee353477b751da3e8a039a955db5c24efc936c

Link:

https://www.unpac.me/results/8d27cb27-eb22-41cf-bdce-a3e4341e5038/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/96d1a194f5dc6fbecb472b5b39c1c5fddcbe7b8d6f5a879d106f8a5c28aa1334

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/166705/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample