MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 b07f8a3235234b38405b57fe41af7c8f89c46b091cc0b3cb8670cb5337d7b4fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | b07f8a3235234b38405b57fe41af7c8f89c46b091cc0b3cb8670cb5337d7b4fa |
|---|---|
| SHA3-384 hash: | 2aa6bc392791ec24f0250c292e99eec75f712273892e4348183b26764cbd7de69bb248057af337dbc2d3903ccb74ae86 |
| SHA1 hash: | e96c689095b7526ab8f44fe9685bd7c86ba1bbff |
| MD5 hash: | a2100824342fd3696acfd91e47c3f1fe |
| humanhash: | batman-pip-minnesota-saturn |
| File name: | a2100824342fd3696acfd91e47c3f1fe |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 12:20:11 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 3072:zImbvga7wqVVVDAZXWhz0639XOVGLMi9X7NY/EAxIuMrM894pLthEjQT6j:Hvl1WZXWR08OQOjMr7kEj1 |
| Threatray | 78 similar samples on MalwareBazaar |
| TLSH | DA247B57B68CC58BD4A30672C4F282BB96F9BC25FFA3402B75447BCD64B35A0B906721 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a window
Creating a file in the Windows directory
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Creating a file in the Windows subdirectories
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-07 15:04:09 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 68 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
b07f8a3235234b38405b57fe41af7c8f89c46b091cc0b3cb8670cb5337d7b4fa
MD5 hash:
a2100824342fd3696acfd91e47c3f1fe
SHA1 hash:
e96c689095b7526ab8f44fe9685bd7c86ba1bbff
SH256 hash:
20d6bd8d2bd024907537ccf6b3b4d0959ea748f7a7ba745eb0f84072dfba53ff
MD5 hash:
257b5f9dd241e16f02bfd5b7de62f473
SHA1 hash:
433bee09fb8c18d17862728b21b1cf613ee78876
SH256 hash:
7c6ce49de572d5bc2801b9763cf405b2389a15877107c92a7f0a0a1a60c48fc5
MD5 hash:
f045bffc85e87f96796c2964a921daaf
SHA1 hash:
dfd661b93e9562f79abbc08d42f09805fd1cc87e
SH256 hash:
3f33e43d1792a9722577e4883ff7b754415f14c32d6ac38a3288a8e1e740176b
MD5 hash:
0bfd493910743d9b909db842cf3ff25e
SHA1 hash:
5741a853854487cb658b3690075e45008e229d40
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.