MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 bb20143e44d0b77b03c2649708028c7430e3ada3d7dd11474af8104856c5e9b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | bb20143e44d0b77b03c2649708028c7430e3ada3d7dd11474af8104856c5e9b6 |
|---|---|
| SHA3-384 hash: | e7dfe818517d0c6e96d3a51c32387fa0d514e45b2c1c482d930a849f8577efe6cbcb2800cc5fd24bb4c8a43c3fe5566c |
| SHA1 hash: | dbff1795d79df6a0c0d989b87630991a907d54eb |
| MD5 hash: | a1d99be90f8e55813cb88b96010748e8 |
| humanhash: | utah-saturn-maine-chicken |
| File name: | a1d99be90f8e55813cb88b96010748e8 |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 12:08:13 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 3072:MywvYOLOiMC4q9aRg0iYso2iZE7hLDfPHZsHd3Uuu4pLthEjQT6j:fwvYUSso2iZE7VzPHZDuukEj1 |
| Threatray | 92 similar samples on MalwareBazaar |
| TLSH | F1249E12FAED807AE163763488D7E5B41E6A7D93BFB2406B378433DD5C722284B22751 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-07 20:41:30 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 82 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
bb20143e44d0b77b03c2649708028c7430e3ada3d7dd11474af8104856c5e9b6
MD5 hash:
a1d99be90f8e55813cb88b96010748e8
SHA1 hash:
dbff1795d79df6a0c0d989b87630991a907d54eb
SH256 hash:
d6a011e98c68f2924a2f5f53762f80bf4243c9076dfcab819e1e720782d0eb44
MD5 hash:
28a4fd9acd365ec6a38d789499e468f9
SHA1 hash:
8396b5aa95b842323610ddee25501511855e7c08
SH256 hash:
7bbb6eed68d906ebf1d876fa5651ce69fc21768887dd4cea60c66124e72fc54a
MD5 hash:
27d110272b6cc946cd36c61a8084eb7a
SHA1 hash:
f4da130bf3ce53718bf2f207fb20a78d5df1b901
SH256 hash:
69727f0b91e19d70a91d42ac3fc3a9c1d004d8eb63a847c5877f5a123e657f96
MD5 hash:
2e45a020907470c5277f4e812dd3417e
SHA1 hash:
19f3266708194c444adcf1d5122f501e4e470d40
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.