MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a1ddb0d33956c9657da8e6272b58c589cfac04fce724a3f913451c8d1b09759. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.Generic


Vendor detections: 12


Intelligence 12 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a1ddb0d33956c9657da8e6272b58c589cfac04fce724a3f913451c8d1b09759
SHA3-384 hash: 912bd0c6eec5ca105df4255223a0e2c6bc60126091a8a697a08a21b2095abd613159d1075eb3a2f7174a4ca0ebbc23ae
SHA1 hash: 59465e5510c8bd0962e09e2ae1587831c129e6b4
MD5 hash: 22dac49b9d2f7db061fb0ad52f0a0c6d
humanhash: august-king-cardinal-moon
File name:cheat_hack_v7_2.exe
Download: download sample
Signature Adware.Generic
Create hunting rule
File size:3'309'600 bytes
First seen:2022-12-27 20:58:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e00de6e48b9b06aceb12a81e7bf494c9 (20 x Adware.Generic, 1 x CoinMiner)
ssdeep 49152:mG5UfgJF6rmQhlHWqyz6F3bkgHDmDkjBqTvw1BN1V3RsoihuafksZhvHi6lwhNi+:mG5QgJRwlgzSbH2TTvw1bmuBUCYwbi+
Threatray 1'514 similar samples on MalwareBazaar
TLSH T18DE533563EE1C87AD1A24C32D8E2BFDA96F6FE48062607233354573E7F361D18A1641E
TrID 34.2% (.EXE) InstallShield setup (43053/19/16)
24.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
13.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
8.3% (.EXE) Win64 Executable (generic) (10523/12/4)
5.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon 92e0b496a2cada72 (11 x Adware.Generic, 5 x Adware.InstalleRex, 2 x Adware.Yantai)
Reporter atomiczsec
Tags:Adware.Generic exe signed

Code Signing Certificate

Organisation:WakeNet AB
Issuer:Entrust Extended Validation Code Signing CA - EVCS1
Algorithm:sha256WithRSAEncryption
Valid from:2021-03-17T20:43:47Z
Valid to:2023-02-11T20:43:47Z
Serial number: 1e508bb2398808bc420a5a1f67ba5d0b
Intelligence: 4 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 5b712859d2b3e89e203f19e998f9ff081e180b8c490c1d0e380b04d730ecfcd1
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
243
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cheat_hack_v7_2.exe
Verdict:
Malicious activity
Analysis date:
2022-12-27 21:00:06 UTC
Tags:
installer
Link:
https://app.any.run/tasks/03645453-96e8-4d40-abb5-80a02a8af6ae

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.File.InstallCapital-9977249-0
Create hunting rule

Win.File.InstallCapital-9977250-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Connecting to a non-recommended domain
Creating a window
Searching for the window
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Using the Windows Management Instrumentation requests
DNS request
Sending an HTTP GET request
Creating a file
Moving a recently created file
Sending a custom TCP request
Unauthorized injection to a recently created process
Query of malicious DNS domain
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/63ab5c98dde391056ac08914/reports/8ea8110b-ea77-4925-9c9c-40397398effa/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f96f9bdf-81b0-42a8-9498-89f34d560a63
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1141776
Signature
Antivirus detection for dropped file
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a1ddb0d33956c9657da8e6272b58c589cfac04fce724a3f913451c8d1b09759/
Threat name:
Win32.Downloader.InstallCapital
Create hunting rule
Status:
Malicious
First seen:
2022-12-27 20:59:26 UTC
File Type:
PE (Exe)
Extracted files:
70
AV detection:
18 of 26 (69.23%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tio5wdjtsvwjmv62rzrhfnmmlcopvqcpzzzeup4rgri4runqs5mq._file
Verdict:
malicious
Similar samples:
0f9e47562665ef5a863f2b412455f66244c6614dff49a96006473e3604b0c6f8
Adware.Generic
111d1529eb5320465bc09a12146b321b0f4409372a8b73048b7798904082068c
Adware.Generic
5199bcc83cf3eb34e56478868237b872fe3795b3ee5b04395ac805a98425801d
Adware.Generic
59ba6167fe7a88131f9672cb5441e2ea0aa8f17e3dd80e0d43c9f14015373a36
Adware.Generic
63e7fff26714fad07cb3f12293684a40e25c7b2bf2be5f5e5a94c9935a8fc5cd
Adware.Generic
9eb235579cedafa21ced3c3fd2c1f2e43adac5e85b6a5553499742b23af32656
Adware.Generic
a751b1f39e0eb2ab9a6246ad1597c6df78ccacde11c723c710498f01146739d1
Adware.Generic
b56c9109fdb9e8d8853fa536f3cdea9528a8a53493d3f3dc9f49243e30ed6be5
Adware.Generic
ce7fab69a6c10146ac89e121fbe204ca424cd886c4763674eb2e9260b2f6b722
Adware.Generic
dc4e1c802da2d466553edf5214995a10c49306b9dd9d87a90385c7f20f29adca
Adware.Generic
+ 1'504 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/221227-zsqgnabe4t/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks for any installed AV software in registry
Checks installed software on the system
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
81f2c2efa59450fe1e7ce5ebf19f76bbd950931059bf1a6a06475b96923f4c31
MD5 hash:
f396b10b65b7a897affe533a094276b7
SHA1 hash:
c825f13175fe6ccbffcda0717562abda3b9d4d8a
Detections:
win_karkoff_auto
Create hunting rule
Link:
https://www.unpac.me/results/4aa74a3d-661c-47b3-a942-b136ae20ab92/
Parent samples :
85c6f9cc1d92580088ac090c6eeaba9169aa57290ee6568ef5278fc9170d11dc
e80d7de90473de5e1d9fb140d2537896872f7a7ca665e9342514426604f4f708
92d222fc274d0c981a595327cf103960535339a655ae240f9267a84aedba7f41
91326481061021101661bce6cd8cff3316ce41038bc2e25415a3e1055b185300
d710d3a9f98ccf3a406ddfc2fb1fe4b814766708f345b12fee5e029a6012f212
9a1ddb0d33956c9657da8e6272b58c589cfac04fce724a3f913451c8d1b09759
SH256 hash:
8ec5ad3a3f3b509900cd56da50cb961be354fe2c582396f165e90f839a7079a6
MD5 hash:
586eb11f5a6f24aa9f42b5ed254f0715
SHA1 hash:
bb46723b51613ac6b7c23bf45f35c5e939db6ea4
Link:
https://www.unpac.me/results/4aa74a3d-661c-47b3-a942-b136ae20ab92/
SH256 hash:
3475dd6f1612e984573276529d8147029d6bfa55d41bef2577b3aa601d2fbbe5
MD5 hash:
ce80365e2602b7cff0222e0db395428c
SHA1 hash:
50c9625eda1d156c9d7a672839e9faaea1dffdbd
Link:
https://www.unpac.me/results/4aa74a3d-661c-47b3-a942-b136ae20ab92/
SH256 hash:
d5cc2e501aaf7f87511c71c564714c1dceb9714c3c04d45eeb32e253086d8178
MD5 hash:
46354dc47b78e4f8e5f925098d9c83d4
SHA1 hash:
338dc92649a70a16469f24d840793de80b7e54cb
Link:
https://www.unpac.me/results/4aa74a3d-661c-47b3-a942-b136ae20ab92/
SH256 hash:
c6250da15c349033de9b910c3dc10a156e47d69ec7e2076ce9011af7f3d885d1
MD5 hash:
7874850410e21b5f48bfe34174fb318c
SHA1 hash:
19522b1b9d932aa89df580c73ef629007ec32b6f
Link:
https://www.unpac.me/results/4aa74a3d-661c-47b3-a942-b136ae20ab92/
SH256 hash:
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870
MD5 hash:
f931e960cc4ed0d2f392376525ff44db
SHA1 hash:
1895aaa8f5b8314d8a4c5938d1405775d3837109
Link:
https://www.unpac.me/results/4aa74a3d-661c-47b3-a942-b136ae20ab92/
SH256 hash:
a949211e920b6d3cbf8214f1e1663203ae37e9793b47ff007e6766ba50cf8658
MD5 hash:
ae6887f6bd7320d4ee3fdea77af4ce93
SHA1 hash:
7482df8a3c3447ba8db7871d7ccfe6f75b0a058f
Link:
https://www.unpac.me/results/4aa74a3d-661c-47b3-a942-b136ae20ab92/
SH256 hash:
51f4bc9123bcf517519d48dc5413b2f126e27c865def8733641acda0d54e72fa
MD5 hash:
db56ea5a1b791d995f29defeb7eb8dba
SHA1 hash:
7183af354fd7111a55d5d5412fb91c121a3391ed
Link:
https://www.unpac.me/results/4aa74a3d-661c-47b3-a942-b136ae20ab92/
SH256 hash:
5f2959d250a9457fa9ec0817aa42924adc8f7ecaaf810db0dcd4ac949a0cd1db
MD5 hash:
b2d34b5998de4b4ff454e19f34e0623f
SHA1 hash:
5a186b4a7a26776170dede9c24aca183d80705b3
Link:
https://www.unpac.me/results/4aa74a3d-661c-47b3-a942-b136ae20ab92/
SH256 hash:
9a1ddb0d33956c9657da8e6272b58c589cfac04fce724a3f913451c8d1b09759
MD5 hash:
22dac49b9d2f7db061fb0ad52f0a0c6d
SHA1 hash:
59465e5510c8bd0962e09e2ae1587831c129e6b4
Link:
https://www.unpac.me/results/4aa74a3d-661c-47b3-a942-b136ae20ab92/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.89
Link:
https://yomi.yoroi.company/submissions/9a1ddb0d33956c9657da8e6272b58c589cfac04fce724a3f913451c8d1b09759

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_KB_CERT_1e508bb2398808bc420a5a1f67ba5d0b
Create hunting rule
Author:ditekSHen
Description:Detects executables signed with stolen, revoked or invalid certificates

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments