MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b09a65fb9d4743f3b9376c8c393104dcb63ce9c3ea66d60d443e175f3de126fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b09a65fb9d4743f3b9376c8c393104dcb63ce9c3ea66d60d443e175f3de126fc
SHA3-384 hash: 3f3a3eb6d07534a8bc13ba41c6f21a1b157f043b38c1769a0e3be7f5bd6fa3e6489107b9eeefd09c1feb82966f5f375f
SHA1 hash: 623453405cca3157d438e3e8b6175714443d38a3
MD5 hash: 484a22ea207b0615e6d0626abf54e3fa
humanhash: thirteen-sad-winter-don
File name:484a22ea207b0615e6d0626abf54e3fa.dll
Download: download sample
File size:4'078'995 bytes
First seen:2023-11-27 15:08:33 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 98304:PLejSGRBZpJFnllLK9l31EZh8gl0b+hpbl4k:PLejSGJHFn+3Yh8gZT
TLSH T15B163363E647A488FAAA697EC2377C0970B607FF0FD89675959145E54320BEBC3122C3
TrID 35.6% (.EXE) Win32 Executable (generic) (4505/5/1)
16.3% (.ICL) Windows Icons Library (generic) (2059/9)
16.0% (.EXE) OS/2 Executable (generic) (2029/13)
15.8% (.EXE) Generic Win/DOS Executable (2002/3)
15.8% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
292
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/460703/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed packed packed vmprotect
Link:
https://www.filescan.io/uploads/6564b112bcca970107cf095a/reports/4b37fdd0-f2b4-4ddc-89ac-33a7bc3d351a/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/b09a65fb9d4743f3b9376c8c393104dcb63ce9c3ea66d60d443e175f3de126fc
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/550bc597-5547-4055-8ccb-8f257d453096
Result
Threat name:
n/a
Detection:
suspicious
Classification:
n/a
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/1348644
Signature
Detected VMProtect packer
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1348644 Sample: jMGI1f4d0p.dll Startdate: 27/11/2023 Architecture: WINDOWS Score: 24 36 Detected VMProtect packer 2->36 14 loaddll32.exe 1 2->14         started        process3 process4 16 cmd.exe 1 14->16         started        18 conhost.exe 14->18         started        process5 20 rundll32.exe 16->20         started        process6 22 rundll32.exe 20->22         started        process7 24 rundll32.exe 22->24         started        process8 26 rundll32.exe 24->26         started        process9 28 rundll32.exe 26->28         started        process10 30 rundll32.exe 28->30         started        process11 32 rundll32.exe 30->32         started        process12 34 rundll32.exe 32->34         started       
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/b09a65fb9d4743f3b9376c8c393104dcb63ce9c3ea66d60d443e175f3de126fc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b09a65fb9d4743f3b9376c8c393104dcb63ce9c3ea66d60d443e175f3de126fc/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wcngl645i5b7hojxnsgdsmie3s3dz2od5jtnmdkehylv6ppbe36a._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
vmprotect
Link:
https://tria.ge/reports/231127-sjfgrshc83/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
b09a65fb9d4743f3b9376c8c393104dcb63ce9c3ea66d60d443e175f3de126fc
MD5 hash:
484a22ea207b0615e6d0626abf54e3fa
SHA1 hash:
623453405cca3157d438e3e8b6175714443d38a3
Detections:
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Link:
https://www.unpac.me/results/b4e2e657-cef4-4e4b-b955-28ad44745eb0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b09a65fb9d4743f3b9376c8c393104dcb63ce9c3ea66d60d443e175f3de126fc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with VMProtect.
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll b09a65fb9d4743f3b9376c8c393104dcb63ce9c3ea66d60d443e175f3de126fc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2735400/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/460703/

Comments