MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 bc79ba346cdd5204883d8fb10ba1d4bffc3f1f91ef5cdc5257860a80393e6794. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | bc79ba346cdd5204883d8fb10ba1d4bffc3f1f91ef5cdc5257860a80393e6794 |
|---|---|
| SHA3-384 hash: | 27ec2215d9d6b2d6eb9962b4b1ceb9ea7afe5c217a5afe92bd3d0ff25f65c02605ffb70b23e121b5e4825baacdce93b6 |
| SHA1 hash: | 075aef0457e53e8247e12c15d1cd3170da604db5 |
| MD5 hash: | aba05a810c963e2233f2ab16933984e8 |
| humanhash: | paris-florida-kentucky-pip |
| File name: | a07b2f3dd8d49fe85b3d50cb552145a6 |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 12:34:02 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 6144:kOkWaFy1+1zMyDhVi9k2jHIT9SwR+ekEj1:JkWGWyTk+FkC |
| Threatray | 116 similar samples on MalwareBazaar |
| TLSH | 5D247CC176A99207D267DA3548EFC0B80ABE7D2D8B71463B2983FB1F5D356687920370 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows directory
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Creating a file in the Windows subdirectories
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-17 12:38:01 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 106 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
bc79ba346cdd5204883d8fb10ba1d4bffc3f1f91ef5cdc5257860a80393e6794
MD5 hash:
aba05a810c963e2233f2ab16933984e8
SHA1 hash:
075aef0457e53e8247e12c15d1cd3170da604db5
SH256 hash:
d44851f9e08971dd6b9e2125e231a43c2914919a5e1716ce5436308f8df5875e
MD5 hash:
3991927da57d5cd733f8c3b8e1fd5ef6
SHA1 hash:
5d34e72254baa78e0d6bb2778780a90fa22658bb
SH256 hash:
3aad593b78f75ed169f0031330ab8d568b875a2b4d3ab0510b3fa316dbf76331
MD5 hash:
24f241d98322302c909cc6beb6fbe3e0
SHA1 hash:
f82570b816d61d94e48c8ed481a74f20f4f57ae1
SH256 hash:
845ac0279500c77f1d7e8deb73ec0431e49247a97f8441f63a74c13819eaa4bd
MD5 hash:
a94a5beb6d88bf8f303e99fc2fde6c63
SHA1 hash:
80d0f2738b759bf43afb5806af53134fb9b3fc28
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.