MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 af56963172182772cfb8ece6dee221898b281e8f93a62dc82a08cc188131849f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | af56963172182772cfb8ece6dee221898b281e8f93a62dc82a08cc188131849f |
|---|---|
| SHA3-384 hash: | f8ea6298ce62a7722faaab0a1ed6dbce2888927ebf55ea386368aa2192ecf5711b49dea4c175e11bde27ab3bc19df600 |
| SHA1 hash: | d89e4668a4245538935a1ddfd22687fe0ee20c4c |
| MD5 hash: | 8749cccb225f375cbb35db9d7f1fea1f |
| humanhash: | idaho-utah-twelve-high |
| File name: | af56963172182772cfb8ece6dee221898b281e8f93a62dc82a08cc188131849f |
| Download: | download sample |
| File size: | 4'474'616 bytes |
| First seen: | 2020-11-24 08:11:06 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 371ad6b95148151e3806aaa3370b3499 |
| ssdeep | 49152:ST4X2trgaDNHxDz9e9UuGJiq2qRuun3AlpPESjE4yWO+EUjobr:STXBDNR/9e9UuZW+pPfjdO+EUjof |
| Threatray | 3 similar samples on MalwareBazaar |
| TLSH | 96267BBF2D91225BC4E7D0B89194F85FCB4B707A5A0CAA43A6E570F1796BE403F80B51 |
| Reporter |  JAMESWT_WT |
| Tags: | signed Umbor LLC |
Code Signing Certificate
| Organisation: | AAA Certificate Services |
|---|---|
| Issuer: | AAA Certificate Services |
| Algorithm: | sha1WithRSAEncryption |
| Valid from: | Jan 1 00:00:00 2004 GMT |
| Valid to: | Dec 31 23:59:59 2028 GMT |
| Serial number: | 01 |
| Intelligence: | 364 malware samples on MalwareBazaar are signed with this code signing certificate |
| Cert Central Blocklist: | This certificate is on the Cert Central blocklist |
| Thumbprint Algorithm: | SHA256 |
| Thumbprint: | D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF4 |
| Source: | This information was brought to you by ReversingLabs A1000 Malware Analysis Platform |
Intelligence
File Origin
# of uploads :
1
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Xmrig
Detection:
malicious
Classification:
evad.mine
Score:
57 / 100
Signature
Found strings related to Crypto-Mining
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Potential time zone aware malware
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Threat name:
Win64.Trojan.BitCoinMiner
Status:
Malicious
First seen:
2020-11-05 01:10:00 UTC
File Type:
PE+ (Exe)
Extracted files:
8
AV detection:
18 of 28 (64.29%)
Threat level:
5/5
Result
Malware family:
n/a
Score:
9/10
Tags:
evasion trojan
Behaviour
Checks whether UAC is enabled
Checks BIOS information in registry
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Unpacked files
SH256 hash:
af56963172182772cfb8ece6dee221898b281e8f93a62dc82a08cc188131849f
MD5 hash:
8749cccb225f375cbb35db9d7f1fea1f
SHA1 hash:
d89e4668a4245538935a1ddfd22687fe0ee20c4c
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Themida
Score:
0.70
File information
The table below shows additional information about this malware sample such as delivery method and external references.
No further information available
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.