MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a64a6a0ae6521ef4dc140dcb3ea44f18c7cebe6ee6fee03c7b3ce1d125065aad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Adware.Generic

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	a64a6a0ae6521ef4dc140dcb3ea44f18c7cebe6ee6fee03c7b3ce1d125065aad
SHA3-384 hash:	d9ff2caea9654471852bc06340be1ab0135989679ab01bc840f616a72c06065dcfae2672e80db40fcf901f08575aef24
SHA1 hash:	7db0e6af04c83227a3553fd422a4c55833f6743c
MD5 hash:	b12a47d8c210538c98d0bae4c80e3673
humanhash:	spring-seventeen-butter-oklahoma
File name:	AWB-746262783-3.exe
Download:	download sample
Signature	Adware.Generic Create hunting rule
File size:	325'117 bytes
First seen:	2020-06-30 14:19:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7c2c71dfce9a27650634dc8b1ca03bf0 (160 x Loki, 58 x Formbook, 55 x Adware.Generic)
ssdeep	6144:3PCganNCn3A/rtHUgfUCN1hEGcKhyf6rcIIUbPLB3ZOd/sQLx:NanU3Ax0gsC7h3hySrcIRilLx
Threatray	643 similar samples on MalwareBazaar
TLSH	7F6412911768ECE7D96017F28C35D8243B5ADD8950A06B0F87B87B2535733C32A6F26E
Reporter	James_inthe_box
Tags:	Adware.Generic exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

102

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/17266/

Detection(s):

PUA.Win.Downloader.Soft32downloader-6691270-0

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a64a6a0ae6521ef4dc140dcb3ea44f18c7cebe6ee6fee03c7b3ce1d125065aad/

Threat name:

Win32.Trojan.Swotter

Status:

Malicious

First seen:

2020-06-30 13:56:12 UTC

File Type:

PE (Exe)

Extracted files:

10

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uzfgucxgkippjxaubxft5jcpddd45pto437oapd3htq5cjiglkwq._file

Verdict:

malicious

Similar samples:

0e4c5cf2d1d60e4931c7af6021073006379935d688f5f55ad21fb29844d75a5a

0f24e222f76b19a0f1995c70e3711ab2b1c7e3f41c5e915796e767fce361e2e3

3c81bde8d413cadc04efa32c2754918d4a1a9c43a60181e7907cca8d31107826

581ccb74a37077703bcc314447ce7dfeec42832bad81225f1be6c214ca9bf51d

5c63c2887891a56e0465251c8112ce7a07fc70e782dbc2e80f45f670294d4285

5e23eed104a5bd67c8ae3abe1f3554abac8500bf9f916992df36246b06f14419

7ef7ff0660d406b237fd3253738d60a294c0273ca1436cf9ba87d5b2ea8d62d8

9f06ce1718cfa4e73366f82c9488b7a4aad4ddede7d7b3b51d44667607a3961c

c2f42cfcfafad77546d57cbfde6a6f4c1c75d684a81304d1ec901285b1873bd3

cfd29866a9e618985b15c779e0ac0ad8e09a9e997774c0d2fe18f00f8110a24a

+ 633 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware

Link:

https://tria.ge/reports/200630-yhlrbb9qxj/

Behaviour

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Reads user/profile data of web browsers

Reads user/profile data of local email clients

Loads dropped DLL

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/17266/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample