MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b20112980114ed9a4db3420863e88e8e9f8f0237a07c63647544dbc79c8a54e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	b20112980114ed9a4db3420863e88e8e9f8f0237a07c63647544dbc79c8a54e7
SHA3-384 hash:	3804fdeb72024cd5983264af4a250b9e26c34308e9e32089f76bdbf233da670b32bfe391d01454da409124e1569d6ce1
SHA1 hash:	a2938d61e67cac40d0d0b2dcf365aa9371b370ff
MD5 hash:	61790fdf0c36ac0d757f9538e96f2ad7
humanhash:	hawaii-enemy-zebra-mexico
File name:	Adobe Photoshop Crack.exe
Download:	download sample
Signature	Phonk Alert Create hunting rule
File size:	6'978'831 bytes
First seen:	2023-04-12 20:22:42 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6011984d7c1f1b97a34d7517a498bff8 (8 x RedLineStealer, 5 x STRRAT, 3 x LummaStealer)
ssdeep	98304:o+ERc+kjotiAzYz6wPKVKFVTBrHJWGs2NyqeoNE/7SRYY2VymGu/m6zHAlA64TRX:ddjOpzuPKM3TVHJack+YlGlSRRd
Threatray	507 similar samples on MalwareBazaar
TLSH	T193660173B0DA2471F8731A36B8925422393E58DCE0472DA929B4ABD7F572D0C8F4B791
TrID	36.9% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 19.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 12.4% (.EXE) Win64 Executable (generic) (10523/12/4) 7.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 5.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	b6eaaab2baeacab0 (1 x Phonk)
Reporter	tcains1
Tags:	exe Phonk

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

299

Origin country :

NL

Vendor Threat Intelligence

ANY.RUN Suspicious

Malware family:

n/a

ID:

1

File name:

Adobe Photoshop Crack.exe

Verdict:

Suspicious activity

Analysis date:

2023-04-12 20:13:16 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/31385e5d-a513-4783-a7b0-c4663376d26f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/381894/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Win32.Malware-gen.19775.6029.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Clean

Result

Verdict:

Clean

Maliciousness:

Behaviour

Launching a process

Sending a custom TCP request

Сreating synchronization primitives

Creating a window

Searching for synchronization primitives

DNS request

Certego Dragonfly Suspicious

Result

Malware family:

n/a

Score:

  5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/77658/overview

Behaviour

MalwareBazaar

CheckCmdLine

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

anti-vm javadropper overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/64371328b4ec50bace5fd3d1/reports/059b09a4-6a5b-4ebc-82c0-5a12d37fe804/overview

Hybrid Analysis Unknown

Verdict:

Suspicious

Link:

https://www.hybrid-analysis.com/sample/b20112980114ed9a4db3420863e88e8e9f8f0237a07c63647544dbc79c8a54e7

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer OWASP

Malware family:

OWASP

Alert

Create hunting rule

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/9a58780b-9baa-4f56-9d27-f9c2984aa95b

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b20112980114ed9a4db3420863e88e8e9f8f0237a07c63647544dbc79c8a54e7/

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wiarfgabctwzutntiiegh2eor2py6arxub6ggzdvitn4phekkttq._file

Threatray malicious

Verdict:

malicious

Similar samples:

01a503d1dd46bbb4e8f160d957dcc4ad008d262c641b3dc63da3066f2002c8d3

Phonk

0808d65d091aba9c00a2d408dcebd37373d2abaf155a82991486b57cb88aeb79

Phonk

17de4a202bfc6ef9e6805362dbb99998276f6f992373e40d0c899a24e0ad4464

Phonk

2f2b97ab77736a86eeb79599be1137c99befab80ba2d1af6a19a9f5ee664fecc

Phonk

4dc43e28a0587cac34a92bf41308483f0b29f9a10f5bad041a72bd84386c2199

Phonk

ca10c218c7ed12f56148c11d31a0698c8d232064faba12402c16b70f7e34bf55

Phonk

ea685dcf87d09d3001c61b76017b2ab8fa7da6b9b7394291022beaf38ee61569

Phonk

f1a1e8093b15a2502f5341fea46ed836a2c19d1c6180a005064c8222d30d1d7b

Phonk

fc11c7743ee5d510bb52732f41f0ba40be8da3be2d820cf91a0774d575f11434

Phonk

fcb68c665d4639bacb89984706b5c2bbea6633e9c6f4d7639c468e553e45f47d

Phonk

+ 497 additional samples on MalwareBazaar

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  1/10

Tags:

n/a

Link:

https://tria.ge/reports/230412-y55axaeh58/

Behaviour

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

UnpacMe

Unpacked files

SH256 hash:

b20112980114ed9a4db3420863e88e8e9f8f0237a07c63647544dbc79c8a54e7

MD5 hash:

61790fdf0c36ac0d757f9538e96f2ad7

SHA1 hash:

a2938d61e67cac40d0d0b2dcf365aa9371b370ff

Link:

https://www.unpac.me/results/15276ab8-5579-45c0-b0f8-800e8681f413/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b20112980114ed9a4db3420863e88e8e9f8f0237a07c63647544dbc79c8a54e7

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Phonk

exe b20112980114ed9a4db3420863e88e8e9f8f0237a07c63647544dbc79c8a54e7

(this sample)

  

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/381894/