MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b419388d90afae438580cfb282413b38b0aa9b219c61ec2291c4a76f2e696f39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b419388d90afae438580cfb282413b38b0aa9b219c61ec2291c4a76f2e696f39
SHA3-384 hash: cafa8347d69a04d76e15717bd05841f8f3fe706f06719685c37c5133dc9622fb68ad21849d2a4e5e8ce0dcc0528efd62
SHA1 hash: 23c6d369a6c5f9758a53fe7a74cf07da60cc30b3
MD5 hash: 93ca57bcee3747aba3ad7a0173e69a87
humanhash: skylark-red-moon-mirror
File name:viewprintersettings2.exe
Download: download sample
File size:397'048 bytes
First seen:2020-07-17 20:57:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2d50d815227036c264fa0eff6880597c
ssdeep 3072:Zd1NE5ahgzz+Kla9rbe73iyNPH04BhjsFCOj2HTW2G1nXTBfoWlPqOM5yEIhp9:Zd02gzzE9o08hE2HTwnXTBAfD58
Threatray 20 similar samples on MalwareBazaar
TLSH 6F84623B9DD07321FC3B953D9C50EE1DB9982D10392B5827F2CCB54A273BBA5B218199
Reporter James_inthe_box
Tags:exe

Code Signing Certificate

Organisation:Unirad LLC
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Jul 12 00:00:00 2020 GMT
Valid to:Jul 12 23:59:59 2021 GMT
Serial number: 566AC16A57B132D3F64DCED14DE790EE
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: 2E44464A5907AC46981BEBD8EED86D8DEEC9A4CFAFDF1652C8BA68551D4443FF
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/27572/
Detection(s):
PUA.Win.Adware.Browsefox-6628766-0
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/389214
Signature
Contains functionality to access PhysicalDrive, possible boot sector overwrite
Contains functionality to infect the boot sector
Contains functionality to steal Chrome passwords or cookies
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b419388d90afae438580cfb282413b38b0aa9b219c61ec2291c4a76f2e696f39/
Threat name:
Win32.Trojan.Delfsnif
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 16:05:28 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0f7facae07fd7efc8eb9a2b6916eb8d912fe48d3a74a9629d110856df8144a65
5b2459c7aa6746f614a05a2797798fe09ecf294db3e2c1ddba33261e2f4acf8a
8eebcb7d52c969e6bb4704f11022afdf9d61462f96ad27e6859863fa681c77e6
91cfa121b109ceaceb8ca6dcef72ac69691291facec3569755f13c4a87f6da75
a85880ca7ce394362c81b3fdbc1650de0ccbfb0eaf0e95038344caa309c332c9
b250144e3bf196501c5064576d34ff66398323d7862e957f359a263d7a0c3636
cbef9f75a09b4a90f5fe320f79ffbf7255c884f6f9da7afa04e8410dc5271a21
d3e61ff0f9f172da1ba0f3e59ccdb7ea480a3e9ea6e141d134df6f421ff44cc8
e16f5fcf9912ab24e1aaf4b23949214c83d003ec14fd68232320d1f2fc8ed68e
e76dbde4aabc5707baa53641e9fca2eba239b0a6e9339e12627f2c767d435279
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200717-gb1hf6wgxa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b419388d90afae438580cfb282413b38b0aa9b219c61ec2291c4a76f2e696f39

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_unidentified_030_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/27572/

Comments