MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a06dfd93378004551ed1e52e7318f0cee518369ea4a0f77d05ed6fdb43149083. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a06dfd93378004551ed1e52e7318f0cee518369ea4a0f77d05ed6fdb43149083
SHA3-384 hash: 782f6340a6d0ed25a82162d54d153f04e2860b10465c806f92bbc0ba705bdcc62331501ae852f49fc2ab97611737fda8
SHA1 hash: e45d3d65f2e3318969882c4a315d5b334f878efb
MD5 hash: 230743074bd3bd4565987f9742002a32
humanhash: finch-fruit-tennessee-blue
File name:GoogleTranslateDesktop.exe
Download: download sample
File size:1'166'096 bytes
First seen:2022-09-02 17:27:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 20dd26497880c05caed9305b3c8b9109 (31 x Adware.Auslogics, 5 x LummaStealer, 5 x Adware.Generic)
ssdeep 24576:pBW4EIYEsqKl8du7ALRKFyqsySapJKktFQRg:q4EIYD0dWQRKMbqVV
TLSH T15145F7997582D622D8D34DF25EC2C930E7BA3E9D54EB8005BCF97B9C80BDA411A1F163
TrID 35.1% (.EXE) Win32 Executable Delphi generic (14182/79/4)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
11.1% (.EXE) Win32 Executable (generic) (4505/5/1)
7.4% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
5.1% (.EXE) Win16/32 Executable Delphi generic (2072/23)
dhash icon 1a8d8c5a1c1d9280 (5 x AgentTesla, 2 x SnakeKeylogger)
Reporter Jagdtiger88mm
Tags:CoinMiner exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
474
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
GoogleTranslateDesktop.exe
Verdict:
Malicious activity
Analysis date:
2022-08-31 01:14:43 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8aa96ef0-94f2-41db-9c6b-e87da3eb527c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/307501/
Detection(s):
PUA.Win.Malware.Speedingupmypc-6718419-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/36448/overview
Behaviour
MalwareBazaar
CheckNumberOfProcessor
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
coinminer overlay packed setupapi.dll shell32.dll
Link:
https://www.filescan.io/uploads/63123d25e07da5f759b019a8/reports/50093cd1-95ab-4d83-8efa-0671ecfe6268/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/6016184e-7f07-4313-96bc-f8ba405c9655
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
40 / 100
Link:
https://www.joesandbox.com/analysis/1064287
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Obfuscated command line found
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 696813 Sample: GoogleTranslateDesktop.exe Startdate: 02/09/2022 Architecture: WINDOWS Score: 40 96 Multi AV Scanner detection for domain / URL 2->96 98 Antivirus detection for URL or domain 2->98 100 Multi AV Scanner detection for dropped file 2->100 102 Multi AV Scanner detection for submitted file 2->102 10 GoogleTranslateDesktop.exe 2 2->10         started        14 Update.exe 2 2->14         started        process3 file4 70 C:\Users\user\...behaviorgraphoogleTranslateDesktop.tmp, PE32 10->70 dropped 106 Obfuscated command line found 10->106 16 GoogleTranslateDesktop.tmp 3 20 10->16         started        72 C:\Windows\Temp\is-5LTSD.tmp\Update.tmp, PE32 14->72 dropped 108 Multi AV Scanner detection for dropped file 14->108 20 Update.tmp 14->20         started        signatures5 process6 dnsIp7 82 89.252.131.45 NETINTERNETNetinternetBilisimTeknolojileriASTR Turkey 16->82 84 8.8.8.8 GOOGLEUS United States 16->84 86 192.168.2.1 unknown unknown 16->86 54 C:\Users\user\AppData\Local\...\unrar.exe, PE32 16->54 dropped 56 C:\Users\user\AppData\Local\Temp\...\idp.dll, PE32 16->56 dropped 58 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 16->58 dropped 22 GoogleTranslateDesktop2.50.exe 2 16->22         started        26 unrar.exe 3 16->26         started        60 C:\Windows\Temp\is-1067K.tmp\...\_setup64.tmp, PE32+ 20->60 dropped file8 process9 file10 66 C:\Users\...behaviorgraphoogleTranslateDesktop2.50.tmp, PE32 22->66 dropped 104 Obfuscated command line found 22->104 28 GoogleTranslateDesktop2.50.tmp 29 99 22->28         started        68 C:\Users\...behaviorgraphoogleTranslateDesktop2.50.exe, PE32 26->68 dropped 31 conhost.exe 26->31         started        signatures11 process12 file13 74 C:\ProgramData74itrokod\Update.exe, PE32 28->74 dropped 76 C:\...behaviorgraphoogleTranslateDesktop.exe (copy), PE32 28->76 dropped 78 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 28->78 dropped 80 25 other files (none is malicious) 28->80 dropped 33 cmd.exe 1 28->33         started        36 GoogleTranslateDesktop.exe 14 44 28->36         started        process14 file15 94 Uses schtasks.exe or at.exe to add and modify task schedules 33->94 39 conhost.exe 33->39         started        41 schtasks.exe 1 33->41         started        43 schtasks.exe 1 33->43         started        62 C:\...\the-real-index (copy), COM 36->62 dropped 64 C:\Program Files (x86)\...\temp-index, COM 36->64 dropped 45 GoogleTranslateDesktop.exe 36->45         started        48 GoogleTranslateDesktop.exe 36->48         started        50 GoogleTranslateDesktop.exe 36->50         started        52 3 other processes 36->52 signatures16 process17 dnsIp18 88 142.250.203.99 GOOGLEUS United States 45->88 90 172.217.168.46 GOOGLEUS United States 45->90 92 2 other IPs or domains 45->92
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a06dfd93378004551ed1e52e7318f0cee518369ea4a0f77d05ed6fdb43149083/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ubw73ezxqacfkhwr4uxhgghqz3srqnu6usqpo7if5vx5wqyuscbq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220902-v1zm3shfej/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
a7e37f5314834b163fa21557e61c13c0f202fd64d3c0e46e6c90d2d02e033aec
MD5 hash:
6faec01bf7a3d7f5c5dee2e6e3143a58
SHA1 hash:
603a36f817cab5574e58ab279379e5c112e5fb37
Link:
https://www.unpac.me/results/4c981ece-840b-474e-bf02-2d7b5b777821/
SH256 hash:
ae009bbc629ca106700fee1b9c6ad07e3473350ce5f2fe281b2f500ef1c59128
MD5 hash:
82b1ed2aafad9aaef67c53c00f4e2fe5
SHA1 hash:
4b90a5ca9332bc8f3886f527327c3bcd2b37e6be
Link:
https://www.unpac.me/results/4c981ece-840b-474e-bf02-2d7b5b777821/
SH256 hash:
ad059c43e426dbe05cfa040958c5a0c75211c586d8a124de407be913ee82b560
MD5 hash:
924a295fd9917db9197010b0cf6206ea
SHA1 hash:
f8683c967555e226a0681c3780b9854862bb5706
Link:
https://www.unpac.me/results/4c981ece-840b-474e-bf02-2d7b5b777821/
SH256 hash:
44b8e6a310564338968158a1ed88c8535dece20acb06c5e22d87953c261dfed0
MD5 hash:
9c8886759e736d3f27674e0fff63d40a
SHA1 hash:
ceff6a7b106c3262d9e8496d2ab319821b100541
Link:
https://www.unpac.me/results/4c981ece-840b-474e-bf02-2d7b5b777821/
SH256 hash:
a06dfd93378004551ed1e52e7318f0cee518369ea4a0f77d05ed6fdb43149083
MD5 hash:
230743074bd3bd4565987f9742002a32
SHA1 hash:
e45d3d65f2e3318969882c4a315d5b334f878efb
Link:
https://www.unpac.me/results/4c981ece-840b-474e-bf02-2d7b5b777821/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a06dfd93378004551ed1e52e7318f0cee518369ea4a0f77d05ed6fdb43149083

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/307501/

Comments