MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b31bacca7824f68859ded0863bac01fd8844eaf00558fe505557f94e1da1e8c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b31bacca7824f68859ded0863bac01fd8844eaf00558fe505557f94e1da1e8c5
SHA3-384 hash: 730dd7c777bfce7956ce14b2056e63a1bfef4fdfde3dd1ae1331bba6b71647d4bd4151795a6683cb0120c48f09c8c6b9
SHA1 hash: bf684214496f991ddc950db1a72f0e36ca5bd4b8
MD5 hash: 184d84f90dfd30247820e2054ea9b090
humanhash: vermont-robert-charlie-ceiling
File name:diskinfo8.exe
Download: download sample
File size:3'203'084 bytes
First seen:2022-04-26 10:28:54 UTC
Last seen:2022-04-26 11:56:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d0182901dff70a5dc77beb8354f5b20f
ssdeep 49152:848qP30k7npjUOXdvZ1WssZ+c6eck1Fj3tJ97oxDxKQTPxpb5nHgix986:849ljUOdvSsskc6JO7toFZlpVHgix986
Threatray 3 similar samples on MalwareBazaar
TLSH T17EE5F0D62DABAD16D8DA7F3D1EC678312047D9965AF02C09CA7C8FCC07AA59C0572F06
TrID 29.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
22.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
20.3% (.EXE) Win32 Executable (generic) (4505/5/1)
9.1% (.EXE) OS/2 Executable (generic) (2029/13)
9.0% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter JAMESWT_WT
Tags:exe roseannmortali-com backspinnews-com

Intelligence

File Origin
# of uploads :
2
# of downloads :
236
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Windows11InstaIIationAssistant.scr
Verdict:
Malicious activity
Analysis date:
2022-04-26 10:14:28 UTC
Tags:
loader trojan
Link:
https://app.any.run/tasks/a8a6de9c-b068-4135-ac9d-e9ae54920fdd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
VMProtectStub
Create hunting rule
Link:
https://www.capesandbox.com/analysis/266720/
Detection(s):
SecuriteInfo.com.Variant.Jaik.51135.31787.32634.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Unauthorized injection to a recently created process
Using the Windows Management Instrumentation requests
Sending a TCP request to an infection source
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/6267c97073707978a848ce21/reports/23c07fce-66e5-4ba8-9711-3c626f52e6ad/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/19ac9700-3a9f-4b16-ba41-4493bdb7ccf4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/983127
Signature
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b31bacca7824f68859ded0863bac01fd8844eaf00558fe505557f94e1da1e8c5/
Threat name:
Win32.Trojan.Jaik
Create hunting rule
Status:
Malicious
First seen:
2022-04-16 14:48:11 UTC
File Type:
PE (Exe)
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
3b7b846373c9e626c33e2561a6ff5515a67f25dc089f6e62711e792572105a17
614c970bb776bad75d7b79488a591a5a9954cfd3835817246ce544ddb4a1fd83
a5541460d296b3b3ca23cc1663882122351a08067b3ee608fabb88e38e95e515
Result
Malware family:
n/a
Score:
  6/10
Tags:
bootkit persistence
Link:
https://tria.ge/reports/220426-mh8h9scaf5/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Enumerates connected drives
Writes to the Master Boot Record (MBR)
Unpacked files
SH256 hash:
0218cd7fa896bb5304c22d3938649304fa5ee660b0a67784333ccf05a712ce73
MD5 hash:
3c6651054cc75272c5521f6ead145b56
SHA1 hash:
07bd9e1f0a47d2a9fda9af822e6a7578a0ce8bf6
Link:
https://www.unpac.me/results/7ea53acc-10e0-4c21-a2c8-575fbf996702/
SH256 hash:
b31bacca7824f68859ded0863bac01fd8844eaf00558fe505557f94e1da1e8c5
MD5 hash:
184d84f90dfd30247820e2054ea9b090
SHA1 hash:
bf684214496f991ddc950db1a72f0e36ca5bd4b8
Link:
https://www.unpac.me/results/7ea53acc-10e0-4c21-a2c8-575fbf996702/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.44
Link:
https://yomi.yoroi.company/submissions/b31bacca7824f68859ded0863bac01fd8844eaf00558fe505557f94e1da1e8c5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/266720/

Comments