MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab631126a17db88906bb50154d9f7c064a3fb8d4d2ff29863705786bca72e30f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab631126a17db88906bb50154d9f7c064a3fb8d4d2ff29863705786bca72e30f
SHA3-384 hash: a8556aedf6f742e4db5d4c0f649859b8160f8cb6dedb53204b35a01dc90f8265ac96348a9ae5b87dcf22f496041a7bc6
SHA1 hash: 86ecdfa6ba4e352f41cdde0a8aa4b72c47d2be41
MD5 hash: 3b344491d5b0c1a35a4975d22ea6a2ed
humanhash: batman-friend-nine-lake
File name:INETCFG(1).dll
Download: download sample
File size:1'395'712 bytes
First seen:2022-06-07 11:20:52 UTC
Last seen:2022-06-07 12:07:09 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 74688493f0f1fa1abce7eee13e932ddf
ssdeep 24576:9xFZzL0rimfCQb7KTY0rDsJ0APCdhVvZNpJAdEICny0n:9pJmfCq7bSXAcPvZvqW1
Threatray 12'674 similar samples on MalwareBazaar
TLSH T1A255BF3AE7181658D267E336C95EC937CA587DA88626FF7F3F0B170430720193E99686
TrID 42.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
16.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
13.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.6% (.EXE) Win32 Executable (generic) (4505/5/1)
5.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter obfusor
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
215
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/277349/
Detection(s):
SecuriteInfo.com.Trojan.Heur.PT.v54@b4CSS0.25495.25079.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/629f34ddbea023f99d8863a6/reports/05786cf1-ffd5-4e54-9b43-c4fcc9c2c316/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/57fceda5-e1b5-4e9e-b9fe-33e11c2bb588
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1008086
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Creates an autostart registry key pointing to binary in C:\Windows
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ab631126a17db88906bb50154d9f7c064a3fb8d4d2ff29863705786bca72e30f/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-05-01 19:28:00 UTC
File Type:
PE (Dll)
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vnrrcjvbpw4isbv3kaku3h34azfd7ogu2l7stbrxav4gxsts4mhq._file
Verdict:
malicious
Similar samples:
18a5c872854f70b391af0696978bfb35d8ae08059971dd9eb8219f5aef40c026
1e857555be92a0e4bfa8c0e5dc5b7b91a08e6daea0036e3bf23d3d3de79e495f
7b483b575f88d063ec7d84405be25d5d29579133e9951e5f7b5e2b0d9632472f
8795836a86dc61f9fe1d4b3f798ebf3a4c1900ddac2f207f4d1f46e87b85850f
887aae4c40ef5ac852dcb98c50598ae087e21ba02456b35da67365fcfa6fea9b
8ec16e4c4fd0a80322418ea661e4dd3b427f7369078d85f64069588624752bdc
9c7feb98fb5804f1f80dd03db1f84a06b68ea6043d2d34ab53edce82b83827b2
+ 12'664 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/220607-nfzn1saabn/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Unpacked files
SH256 hash:
ab631126a17db88906bb50154d9f7c064a3fb8d4d2ff29863705786bca72e30f
MD5 hash:
3b344491d5b0c1a35a4975d22ea6a2ed
SHA1 hash:
86ecdfa6ba4e352f41cdde0a8aa4b72c47d2be41
Link:
https://www.unpac.me/results/b2abe430-bea1-464d-bdaa-3247837d72a3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ab631126a17db88906bb50154d9f7c064a3fb8d4d2ff29863705786bca72e30f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/277349/

Comments