MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf
SHA3-384 hash: 0b89ddf95f84061faa10ba348b6feda8ad744f0432c87025259a8af546eccbff847b0629ac7595a1d66327783090e1be
SHA1 hash: 5ae5cd61058dd0979e2c898bda1b07d26d041f3f
MD5 hash: cb7540975a2d1643707fa30760b36c7b
humanhash: football-red-alpha-mockingbird
File name:SecuriteInfo.com.FileRepPup.18058.13095
Download: download sample
File size:300'920 bytes
First seen:2024-01-22 03:33:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 56a78d55f3f7af51443e58e0ce2fb5f6 (737 x GuLoader, 453 x Formbook, 295 x Loki)
ssdeep 3072:ZbG7N2kDTHUpoui3uy1RjwOkisGB+SWl912pU38BPtmWlUlZKAOg5FVFDs2EfyHo:ZbE/HUuuaEOBkR8B1m7rKAOg5jjsL
Threatray 114 similar samples on MalwareBazaar
TLSH T1FD549E57A060C221DA210E3AF4F151F69F787D06D7894D23B7247F2338F7A54AE4B92A
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon f0f0f0e8d4683192
Reporter SecuriteInfoCom
Tags:exe signed

Code Signing Certificate

Organisation:IT PRODUCT DEVELOPMENT LLC
Issuer:GlobalSign GCC R45 EV CodeSigning CA 2020
Algorithm:sha256WithRSAEncryption
Valid from:2022-08-10T07:53:25Z
Valid to:2023-09-10T07:53:25Z
Serial number: 4b3e8703cf0b709878614f58
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 9b90990d58e952d1cfa5a3c0779ed62ad696c95c673764f3ba4164c668198ecf
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
299
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=308&_=1700125704278&uid=be72f512f69b83df
Verdict:
Malicious activity
Analysis date:
2023-11-16 09:18:34 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2a87ce99-72e1-4342-879c-0d1bde416094

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/472145/
Detection(s):
SecuriteInfo.com.FileRepPup.18058.13095.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a file
Creating a window
DNS request
Sending an HTTP GET request
Gathering data
Verdict:
Malicious
Labled as:
Deceptor.SvfrntmHlpr
Link:
https://www.hybrid-analysis.com/sample/9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e3070083-c94d-4698-ba67-0a51f9f2c43b
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad.mine
Score:
44 / 100
Link:
https://www.joesandbox.com/analysis/1378472
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
Found strings related to Crypto-Mining
Maps a DLL or memory area into another process
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1378472 Sample: SecuriteInfo.com.FileRepPup... Startdate: 22/01/2024 Architecture: WINDOWS Score: 44 51 extensions-loader.azurewebsites.net 2->51 53 apphelper.pro 2->53 73 Antivirus detection for URL or domain 2->73 75 Antivirus detection for dropped file 2->75 77 Antivirus / Scanner detection for submitted sample 2->77 79 2 other signatures 2->79 9 SecuriteInfo.com.FileRepPup.18058.13095.exe 2 75 2->9         started        13 msedge.exe 2->13         started        signatures3 process4 dnsIp5 67 apphelper.pro 172.67.190.179, 443, 49732 CLOUDFLARENETUS United States 9->67 43 C:\Users\user\AppData\Local\...\INetC.dll, PE32 9->43 dropped 45 C:\Users\...\sf-helper-default-installer.exe, PE32 9->45 dropped 47 C:\Users\user\AppData\Local\...\AppHelper.exe, PE32 9->47 dropped 49 3 other files (1 malicious) 9->49 dropped 16 AppHelper.exe 2 9->16         started        18 AppHelper.exe 2 9->18         started        81 Found strings related to Crypto-Mining 13->81 83 Maps a DLL or memory area into another process 13->83 20 msedge.exe 13->20         started        23 WerFault.exe 13->23         started        25 msedge.exe 13->25         started        27 3 other processes 13->27 file6 signatures7 process8 dnsIp9 29 chrome.exe 1 16->29         started        32 conhost.exe 16->32         started        34 msedge.exe 15 18->34         started        36 conhost.exe 18->36         started        55 part-0012.t-0009.t-msedge.net 13.107.213.40, 443, 49874, 49882 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->55 57 13.107.213.41, 443, 49888 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->57 59 19 other IPs or domains 20->59 process10 dnsIp11 69 192.168.2.4, 138, 443, 49620 unknown unknown 29->69 71 239.255.255.250 unknown Reserved 29->71 38 chrome.exe 29->38         started        41 msedge.exe 34->41         started        process12 dnsIp13 61 clients.l.google.com 142.250.105.102, 443, 49736 GOOGLEUS United States 38->61 63 www.google.com 142.250.105.99, 443, 49743, 49755 GOOGLEUS United States 38->63 65 18 other IPs or domains 38->65
Score:
13%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf/
Threat name:
Win32.PUA.Superfluss
Create hunting rule
Status:
Malicious
First seen:
2023-06-09 14:14:24 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
11 of 23 (47.83%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=trcgmcudppvo2ev6xhfwe3xcrburblpp4bcpe2jebipc3mponw7q._file
Verdict:
unknown
Similar samples:
08350103990b4a2c500792ff535bbda6019c06dc00e3a2c8f7d42da234f94531
65a08bcf5f98500a3870786cbd0688e6dc5317b440648d10cfe8a80189f26198
686a9348e5412fe8d386b0e44723d8b7b538399e001741a628babf64d15d6a62
69a94b658bce41d361945a1594fdc801209d8719ae67df8d2d3df5056e9b0537
71cef667ed85ba48a999bd982d7a833bc6c2e10b8d896891b251fc7e38392e53
8f2c9d22d533b55ac0d31e3a435c8a9b27cf1eb28d5ae02ab95887df21737afa
9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf
a0761890c1f033fb333ff83551bd797bb0185eb9825327982ebe29b5383870f1
a6018683f3fd1a7590a653b96849165a3d5ff66bb58c6b2da2f8f5706c39f53d
+ 104 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/240122-d4rm7sfdgm/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Enumerates physical storage devices
Loads dropped DLL
Unpacked files
SH256 hash:
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
MD5 hash:
cff85c549d536f651d4fb8387f1976f2
SHA1 hash:
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
Link:
https://www.unpac.me/results/51c14a40-860c-45e9-9897-0f5515e468f3/
SH256 hash:
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
MD5 hash:
40d7eca32b2f4d29db98715dd45bfac5
SHA1 hash:
124df3f617f562e46095776454e1c0c7bb791cc7
Link:
https://www.unpac.me/results/51c14a40-860c-45e9-9897-0f5515e468f3/
SH256 hash:
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
MD5 hash:
6c3f8c94d0727894d706940a8a980543
SHA1 hash:
0d1bcad901be377f38d579aafc0c41c0ef8dcefd
Link:
https://www.unpac.me/results/51c14a40-860c-45e9-9897-0f5515e468f3/
SH256 hash:
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
MD5 hash:
675c4948e1efc929edcabfe67148eddd
SHA1 hash:
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
Link:
https://www.unpac.me/results/51c14a40-860c-45e9-9897-0f5515e468f3/
SH256 hash:
9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf
MD5 hash:
cb7540975a2d1643707fa30760b36c7b
SHA1 hash:
5ae5cd61058dd0979e2c898bda1b07d26d041f3f
Link:
https://www.unpac.me/results/51c14a40-860c-45e9-9897-0f5515e468f3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.96
Link:
https://yomi.yoroi.company/submissions/9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/472145/

Comments