MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0ce738eba1a792b2746c50081ebb84a4f7054ee5f3b1a9651d5d385615eb933. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	a0ce738eba1a792b2746c50081ebb84a4f7054ee5f3b1a9651d5d385615eb933
SHA3-384 hash:	bb99936b8995dc6198b636d870c8caf0c06ce7f21b1c5685268283eb2b92d68c0d792c406935f0782ce5d0e11a3fe9cd
SHA1 hash:	576abebb5becc95ed5a3c9f489c46ca89be6c070
MD5 hash:	cbff0f3a7e6c6cb12865f7a852bda257
humanhash:	idaho-eighteen-july-island
File name:	cbff0f3a_by_Libranalysis
Download:	download sample
File size:	2'497'420 bytes
First seen:	2021-05-05 10:04:33 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	19454d4d79fda363726cbad8bb86a260
ssdeep	49152:MkNlTGyQNMbzPCXwvJ/cMYsIcN/yKiZWjGBST1WzKiZR:vFGyQNMb+AvJ/cgN/yKOFOWzKOR
Threatray	96 similar samples on MalwareBazaar
TLSH	7DC5BE82F48280F5D61D013804BA7B37DB7A7A0E0A35DF87A355ED7A5D329819A3B11F
Reporter	Libranalysis

Libranalysis

Uploaded as part of the sample sharing project

Intelligence

File Origin

# of uploads :

1

# of downloads :

88

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/150296/

Detection(s):

SecuriteInfo.com.BackDoor.Agent.ALAM.dropper.UNOFFICIAL

Win.Malware.Onlinegames-6629257-0

Win.Malware.Zusy-6717397-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Creating a file

Creating a process from a recently created file

Launching the process to change network settings

Creating a process with a hidden window

Creating a file in the Windows subdirectories

Deleting a recently created file

Enabling autorun

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a0ce738eba1a792b2746c50081ebb84a4f7054ee5f3b1a9651d5d385615eb933/

Threat name:

Win32.PUA.FlyStudio

Status:

Malicious

First seen:

2020-05-03 08:18:11 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

1/5

Verdict:

malicious

Similar samples:

5fbcb0c1c673864e252c7aa3d92ba221af892684be1deec36c771e42561daf76

601ed58cee77d4c1b1471621e8fdc8cd7862c6831d9f373eb0b7f43f5e2ae7db

708de537afbd98b342a5e24cf14240ddbaea663bd288bc6fcf17dc2dee39b538

76b691202fbef6ff77ef70905b4795802839d92070c0c8a6b92a99b41ac7dd70

870d16eb412c190d404ea3239d9d21339918f55dd3bfa92fe072a92cdfd30144

bd0d884649509aece899372e0bea6f6dbe833b463e35206753dae69a0bc60632

bd668ef292ae01d2ed9a32b1ea054e2acb484f61e86481f306669637ba31ce82

d19b02a35003c637360cc342d5fcdae87dc7336fc7925f07f5c0636eae22ba37

d520063afebc52854b83afea9f5ff52414f443b875f1994053a02256fd2d0a50

dcb26a84a06716365e2ae58e6d7fed5a2f55b1c2ba041edf0518a75bdbd9b8c7

+ 86 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/210505-3p2bk5cvle/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Drops file in System32 directory

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

62ee6464f942431435d900027a637842eee2dad803805fe6ba4a5f4d681c8e11

MD5 hash:

046b7473a94aa5ab2cd10cf3b9ee7b63

SHA1 hash:

1a8fcc9b81eeed1df24d6a8429cc56251da584be

Link:

https://www.unpac.me/results/406e84f9-c871-4cbe-b03d-527cb7c5cbe6/

SH256 hash:

a0ce738eba1a792b2746c50081ebb84a4f7054ee5f3b1a9651d5d385615eb933

MD5 hash:

cbff0f3a7e6c6cb12865f7a852bda257

SHA1 hash:

576abebb5becc95ed5a3c9f489c46ca89be6c070

Link:

https://www.unpac.me/results/406e84f9-c871-4cbe-b03d-527cb7c5cbe6/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a0ce738eba1a792b2746c50081ebb84a4f7054ee5f3b1a9651d5d385615eb933

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/150296/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample