MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 babd7c7528de9097db3a25174dcd7ce4b68ba3efe6e000d3496c8ffd8dd11d33. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: babd7c7528de9097db3a25174dcd7ce4b68ba3efe6e000d3496c8ffd8dd11d33
SHA3-384 hash: 5f2a2a3523e3294781714d7c07104d9fd5bce65505a9606cf91c89025ea72c7f0eace5ed3c24a96978a8662ac293ad0d
SHA1 hash: c1cedbe4b1737c60bf2ca000ad5173581d1b30ee
MD5 hash: 40aeab8b3e97a2bf0349bb6acfd19e37
humanhash: zulu-snake-one-charlie
File name:d3dcompiler_47.bin
Download: download sample
File size:4'111'328 bytes
First seen:2022-02-02 08:17:29 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 185ce3a45c3a9cfb3bf83afd7f79c140
ssdeep 98304:S4czLWVMYHItqGZ5CNjEhXZ0T2S1kHGMa:yMpGZ5CFEhp0TD1kHGMa
Threatray 1 similar samples on MalwareBazaar
TLSH T15F16AF22F6818072D8CB05B0666FB76AA43C9B35573444C39290AD7DEC711D36F3EA9E
Reporter JAMESWT_WT
Tags:dll TransactionBitnomicsWallet

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/229857/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Remcos.bc.12867.2435.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
DNS request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe greyware hacktool overlay packed remcos replace.exe virus
Link:
https://www.filescan.io/uploads/61fa3e3d6d25ac9e79fae035/reports/bda864f4-bf9e-45e0-bad2-d361f1a2204e/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/cc17dd71-8a5c-43a2-9a63-40ba714b3961
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/933005
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 565483 Sample: d3dcompiler_47.bin Startdate: 03/02/2022 Architecture: WINDOWS Score: 52 34 Multi AV Scanner detection for submitted file 2->34 36 Sigma detected: Suspicious Call by Ordinal 2->36 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 7 other processes 8->16 process5 18 rundll32.exe 10->18         started        20 WerFault.exe 2 9 12->20         started        22 WerFault.exe 14->22         started        24 WerFault.exe 9 16->24         started        26 WerFault.exe 9 16->26         started        28 WerFault.exe 16->28         started        30 WerFault.exe 16->30         started        process6 32 WerFault.exe 23 9 18->32         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/babd7c7528de9097db3a25174dcd7ce4b68ba3efe6e000d3496c8ffd8dd11d33/
Threat name:
Win32.Dropper.Remcos
Create hunting rule
Status:
Malicious
First seen:
2022-01-29 07:03:00 UTC
File Type:
PE (Dll)
AV detection:
12 of 28 (42.86%)
Threat level:
  3/5
Verdict:
unknown
Similar samples:
0f4d1a9ac1322f2bb0ae03ff90a2ef81237e626965c33098e49be650050caf8c
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/220202-j6958ahgf9/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Sets service image path in registry
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
babd7c7528de9097db3a25174dcd7ce4b68ba3efe6e000d3496c8ffd8dd11d33
MD5 hash:
40aeab8b3e97a2bf0349bb6acfd19e37
SHA1 hash:
c1cedbe4b1737c60bf2ca000ad5173581d1b30ee
Link:
https://www.unpac.me/results/018c570a-3135-4aa9-94af-e8d975ee79e0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/babd7c7528de9097db3a25174dcd7ce4b68ba3efe6e000d3496c8ffd8dd11d33

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/229857/

Comments