MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd8be738f2dae2cac76f492d4e4b66bebbe3c42dfeee3ef58510a89c571b86e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd8be738f2dae2cac76f492d4e4b66bebbe3c42dfeee3ef58510a89c571b86e1
SHA3-384 hash: 472cea0569a9172ded88feb30870f158db89698971f516c65d3b678f7c76da52d2dffae7ba84ca8ab0f726b231508efa
SHA1 hash: 2ec5e11ddeeb9bb7c8c6814c8e53d59a241158c2
MD5 hash: 73c919661084fcd54db210dce55057a0
humanhash: utah-bakerloo-jig-mike
File name:88420d5c7258cf6f70d0d29a1b2dc376
Download: download sample
File size:2'185'728 bytes
First seen:2020-11-17 12:14:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 885df46e21bb687cad9934ee8f0499d0
ssdeep 49152:rOne+f+RT894BupgH3+NyJga2Pgol94GJ/Bpl1zFY+/h4uZsxyqBth/7UZHE:rkWcsu+H3+NM22IZplBeVuK5vFK
Threatray 8 similar samples on MalwareBazaar
TLSH 6BA5339311044BA7F432B1FC861AD4F0474A5E33D8AA3A5B2D9FF9E4B532F829B14167
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd8be738f2dae2cac76f492d4e4b66bebbe3c42dfeee3ef58510a89c571b86e1/
Threat name:
Win32.PUA.FlyStudio
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:18:03 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
1495a59a2300245b0c8cfdfe2e467de7f79a4d287e10e9119a96cdac0a1b7c5b
2a214959e1a85a4d11444053d4262961ee29e2cc53c3f4ae8f1a59152e5d67f3
56133c0d017af35f49253926e3583cf72c36146ab7faa65b6058971685166652
5edc0beea63d8b8533a31663df2bc2e860607c9befbd5fefc054afec6ce18ec9
75b388003cc32b680abc3d9b41bc6c435af723de235eaab36a323fddcb906f62
82385c5627675bb1a2f760238c766d1b8d3c31e109e067334959c084d62e5d55
9248b405edcc5411ccb36855b9da55f4b5b0e685b45dec9373395bf2c917aa01
bd668ef292ae01d2ed9a32b1ea054e2acb484f61e86481f306669637ba31ce82
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201117-c74tlve9l6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
UPX packed file
Unpacked files
SH256 hash:
bd8be738f2dae2cac76f492d4e4b66bebbe3c42dfeee3ef58510a89c571b86e1
MD5 hash:
73c919661084fcd54db210dce55057a0
SHA1 hash:
2ec5e11ddeeb9bb7c8c6814c8e53d59a241158c2
Link:
https://www.unpac.me/results/b4c58147-271a-4f5d-8f37-0792b2bc8944/
SH256 hash:
51ecf92480455d38ee1f46855283559c9a6cc77b35bb9481ab5abb935b223a9a
MD5 hash:
8ce640ecea7b1d4baa1a57183c959d9c
SHA1 hash:
ffc34452e7f618dd31c1a2d814ca8a52dea22bfd
Link:
https://www.unpac.me/results/b4c58147-271a-4f5d-8f37-0792b2bc8944/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments