MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9fddfcb0327b91e6382a8b4fd48ea55e751e4ba86fc21433c4b60d87b0b38464. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9fddfcb0327b91e6382a8b4fd48ea55e751e4ba86fc21433c4b60d87b0b38464
SHA3-384 hash: 8f8971ebbe1897394b2d4c0b67c39bb1c51f7e099f5995a341f9a8e44e63484123c2d3f938125e8cd77052e88fc9d43e
SHA1 hash: d6e5d5fbb83433f26e5db18a6647b20cbb6c1874
MD5 hash: dad7d242dd60041a1b75f9846ba08102
humanhash: december-lemon-alanine-bulldog
File name:9FDDFCB0327B91E6382A8B4FD48EA55E751E4BA86FC21433C4B60D87B0B38464.exe
Download: download sample
File size:299'008 bytes
First seen:2022-06-26 10:36:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6014142819fba98a342e1380fa84c0b2
ssdeep 3072:W9m6ZwUD8PEXRtL/aoZKZZWCAjWm0UFeqzj61yuDp4VEV3zD6t71ZKJjbScGxJEU:W9mEYPI4oZQW5qm03PA7ZyH1Gi
Threatray 1 similar samples on MalwareBazaar
TLSH T173549E21B6E0C8B2D59241324DDB9BBBF6BCA6244E3386877394CF1DACB14A19536631
TrID 33.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
17.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
14.0% (.SCR) Windows screen saver (13101/52/3)
11.2% (.EXE) Win64 Executable (generic) (10523/12/4)
7.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon 747676cfc9f1fddc
Reporter obfusor
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
231
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
9fddfcb0327b91e6382a8b4fd48ea55e751e4ba86fc21433c4b60d87b0b38464
Verdict:
Suspicious activity
Analysis date:
2022-06-26 09:08:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ca39f341-6005-42f8-9e31-9a95f8018036

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/283319/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a window
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware keylogger shell32.dll
Link:
https://www.filescan.io/uploads/62b8370b62d792dc57472292/reports/78fb1ae1-8376-484e-8d3e-597ec899d146/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/89c83ca2-84f6-484f-b5a2-366eec44ad6a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1019936
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9fddfcb0327b91e6382a8b4fd48ea55e751e4ba86fc21433c4b60d87b0b38464/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-06-20 10:33:29 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
9 of 26 (34.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t7o7zmbspoi6mobkrnh5jdvflz2r4s5in7bbim6ewygypmftqrsa._file
Verdict:
unknown
Similar samples:
669c73d43ee10805a49260331dc5c2f278a84191b96c32ffe0ffc46365722b70
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220626-mnsp1acfa5/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
9fddfcb0327b91e6382a8b4fd48ea55e751e4ba86fc21433c4b60d87b0b38464
MD5 hash:
dad7d242dd60041a1b75f9846ba08102
SHA1 hash:
d6e5d5fbb83433f26e5db18a6647b20cbb6c1874
Link:
https://www.unpac.me/results/72bff231-335b-4dc4-9b94-5b16c0891d3d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9fddfcb0327b91e6382a8b4fd48ea55e751e4ba86fc21433c4b60d87b0b38464

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/283319/

Comments