MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b197522d218e972e8fe965032f47ec4e483b698709ac83640f1583feb5a67fb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b197522d218e972e8fe965032f47ec4e483b698709ac83640f1583feb5a67fb4
SHA3-384 hash: ad288f73e07736da09782e5aa275c5650f743cff59a894931e67ca31fad3f173712c5623078992a4607193225023043a
SHA1 hash: fde2368a32a52efe8de6c86adab0f709630c2246
MD5 hash: d6afceff3c0e238413ccdaaf74c9bf7a
humanhash: freddie-skylark-three-salami
File name:Windows11InstaIIationAssistant.scr
Download: download sample
File size:8'773'969 bytes
First seen:2022-04-26 10:12:24 UTC
Last seen:2022-04-26 10:40:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 340db3b6a61222327eddde33056bbc5a
ssdeep 196608:TJ1G0GtKPwPbSuB8IriosRxzhpo8VUAhUQuZZop192o4ZZbDgYaJ:TJM7lbSuB8IvsPlddQvu72FZbDgYaJ
Threatray 14 similar samples on MalwareBazaar
TLSH T19F963393F4BD4AD0D5828077BFE86A2638E8557F2F3D4BABA250CF9E5130CD14AB4494
TrID 32.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
28.9% (.EXE) Win32 Executable (generic) (4505/5/1)
13.0% (.EXE) OS/2 Executable (generic) (2029/13)
12.8% (.EXE) Generic Win/DOS Executable (2002/3)
12.8% (.EXE) DOS Executable Generic (2000/1)
Reporter JAMESWT_WT
Tags:exe roseannmortali-com backspinnews-com

Intelligence

File Origin
# of uploads :
2
# of downloads :
237
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
windows11-setup_11_24468.exe
Verdict:
Malicious activity
Analysis date:
2022-04-23 10:56:35 UTC
Tags:
installer
Link:
https://app.any.run/tasks/5cc9b70d-ada7-4f12-8d93-01a51e465d5d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
VMProtectStub
Create hunting rule
Link:
https://www.capesandbox.com/analysis/266716/
Detection(s):
SecuriteInfo.com.Trojan.Siggen17.47232.21646.24625.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/6267c5b416e18e7608f5f448/reports/844accc5-26bd-4892-9016-3ffa8f4d1731/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/06b7db20-c7e3-4734-b392-41690d9571f2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/983121
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b197522d218e972e8fe965032f47ec4e483b698709ac83640f1583feb5a67fb4/
Threat name:
Win32.Trojan.Jaik
Create hunting rule
Status:
Malicious
First seen:
2022-04-21 19:49:01 UTC
File Type:
PE (Exe)
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0cffbd0a9a71d6dc4ccb63dbbfeef735b2c8bf9acdf1409f1cbdeed36ce0faf8
1116037d457d9126f16fc9529a4be482d374047f0e834614ae8292a631ed8aaa
936016b0cd8e890dc141d51d82a8b9d1a21a4bd974687eff64307a2c96ab2b5a
9a60ef135297d1863e76696b603f9de38d77b8efa1387b7ab7e89eec5c8f4f43
9f27dace8e848c5957adb0686992fe7ce392cbc7f957116b13935d20e668f91b
a5541460d296b3b3ca23cc1663882122351a08067b3ee608fabb88e38e95e515
caa8ea5f119085a9bc0f33b8f1a0ad80b6d4a9b52050f03f11bc539ebdc88534
d2205532e27cf8ae9dbc0a62fdf3fca598f5fa8f9cc948bec49df54b0b8a8cd6
e4a932eaaec97ff04b018060f31b800dbd9a56ca0ba2bbb300037be3c55ee507
e972045da5186bd0d1b384aeb756fee789855c246080dcef9bd0c0b0f2e228e1
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/220426-l83j9scab9/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Checks installed software on the system
Checks computer location settings
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
b197522d218e972e8fe965032f47ec4e483b698709ac83640f1583feb5a67fb4
MD5 hash:
d6afceff3c0e238413ccdaaf74c9bf7a
SHA1 hash:
fde2368a32a52efe8de6c86adab0f709630c2246
Link:
https://www.unpac.me/results/e41603b4-a161-4aa9-9847-8c8e1b361545/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b197522d218e972e8fe965032f47ec4e483b698709ac83640f1583feb5a67fb4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/266716/

Comments