MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af04ee03d69a7962fa5350d0df00fafc4ae85a07dff32f99f0d8d63900a47466. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af04ee03d69a7962fa5350d0df00fafc4ae85a07dff32f99f0d8d63900a47466
SHA3-384 hash: 3c1c6d68bd852f86e764159b6b29f08cac26a7a6b2fd542ccddcc8fd894cc31fd4906441ffbfe08b0dc4a12134b6169d
SHA1 hash: ec48082347136444540c9b8ba4eabcfdc526868c
MD5 hash: 89ec4405e9b2cab987f2e4f7e4b1666e
humanhash: bakerloo-virginia-ink-kilo
File name:setup7.exe
Download: download sample
File size:189'440 bytes
First seen:2022-10-26 20:27:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5231d45d27faab064697cd89d612e981
ssdeep 3072:6rtHTIN7WXsrbiUSAY4pf7JCIaxIJlShDGbm/5uDGWqB2l7:6ZzXcrjztp7JliNum/5
Threatray 15'024 similar samples on MalwareBazaar
TLSH T15504F1AC702680BCEDCA013A8D7C59612EF4693547A86BC76E3CA4967EF01FDA1341B1
TrID 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.7% (.EXE) Win64 Executable (generic) (10523/12/4)
7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
285
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
setup7.exe
Verdict:
Malicious activity
Analysis date:
2022-10-02 12:26:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4446aa96-77b4-4ed9-bbf8-19573054e3db

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/324552/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/45760/overview
Behaviour
MalwareBazaar
SystemUptime
CheckCmdLine
EvasionGetTickCount
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/58b389dd-91ac-48f1-bbcc-8d555c70da57
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/af04ee03d69a7962fa5350d0df00fafc4ae85a07dff32f99f0d8d63900a47466/
Threat name:
Win32.Trojan.Khalesi
Create hunting rule
Status:
Malicious
First seen:
2022-09-26 18:58:07 UTC
File Type:
PE (Exe)
AV detection:
28 of 42 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v4co4a6wtj4wf6stkdin6ah27rfoqwqh37zs7gpq3dldsafeorta._file
Verdict:
malicious
Similar samples:
12994830e14070b3af49df398138e277adfd261693b829032ed745873f334782
2c3310a45db53d2bc092521b417c9434c919dce00876b386e39a5b7cffa3c58f
2db9768efcf9026fd5c979e9802aa1e2cdec6bebb0815aea8a77d664bde1d8ae
44593f2948e2800c83e9d21abb9759e206ea94385ee5c0ddc9dc6a3e4d09273d
44cb5f67a1313320c87d07074faf1c5d98fb8e7731293558b03a834d4aac6511
7a20e31a7e7ee493b09241791fa78ee74eb456856fc75b9769405c26003b5179
99188f8c8ffc354e4174e7c490cb428d337faf3f0ae8a54beef70b2e67a8012a
ab3552ba960757c704f2942338d3e9e3792fba42245e580afb6cfe2a6ecec242
e2523f043a47f04db956092e5aa8b55fb8d69105bbc3df185fed9048392df0d2
+ 15'014 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221026-y8zjtsghh6/
Unpacked files
SH256 hash:
af04ee03d69a7962fa5350d0df00fafc4ae85a07dff32f99f0d8d63900a47466
MD5 hash:
89ec4405e9b2cab987f2e4f7e4b1666e
SHA1 hash:
ec48082347136444540c9b8ba4eabcfdc526868c
Link:
https://www.unpac.me/results/eb98bba1-22dd-436f-8122-324b92a3513b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/af04ee03d69a7962fa5350d0df00fafc4ae85a07dff32f99f0d8d63900a47466

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/324552/

Comments