MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c00660379db4da598cf59eeb74ae9a686803cc4296cbde73a61c988cf87e1d44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c00660379db4da598cf59eeb74ae9a686803cc4296cbde73a61c988cf87e1d44
SHA3-384 hash: 6d9c688eb535380ca5e94340bc64fc5d1a903a3562b555623c74c399efe97a654dc81cdbdb4b13e2858b0ea9aabd50a0
SHA1 hash: e67b15b6df987ac6d25ab8bc04e7873e9db57d7e
MD5 hash: ce86672892e74b48c26f4fefe1ca7177
humanhash: eight-ceiling-beryllium-kilo
File name:SecuriteInfo.com.Win64.PWSX-gen.4450.31097
Download: download sample
File size:448'512 bytes
First seen:2022-12-12 03:29:13 UTC
Last seen:2023-01-06 10:28:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:l741Y7HaMVtxE18LkOv7z77RN8AvBDiKtGdX/fAsmGJCazXzuhKGPsdV26zGktbW:CmJtj9n7nHdGN/fAsmOdz6Q7KWbW
Threatray 775 similar samples on MalwareBazaar
TLSH T1CB94020317851A18CCD7F97DA9DDED608D34AF2C834CFAA621DBE15BA40BB6215DC13A
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
172
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/345310/
Detection(s):
SecuriteInfo.com.Win64.PWSX-gen.4450.31097.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Sending a custom TCP request
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6396a03e0c6473d1671a9038/reports/a13d2c6f-d2c3-4a6f-a8d2-538908498fe9/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/1d9e2a38-57b1-4dab-874b-183cf04c6ea1
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1132384
Signature
.NET source code contains very large array initializations
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 765108 Sample: SecuriteInfo.com.Win64.PWSX... Startdate: 12/12/2022 Architecture: WINDOWS Score: 56 19 Multi AV Scanner detection for submitted file 2->19 21 .NET source code contains very large array initializations 2->21 23 Machine Learning detection for sample 2->23 6 SecuriteInfo.com.Win64.PWSX-gen.4450.31097.exe 1 2->6         started        process3 file4 17 SecuriteInfo.com.W....4450.31097.exe.log, CSV 6->17 dropped 9 CasPol.exe 6->9         started        11 CasPol.exe 6->11         started        13 CasPol.exe 6->13         started        15 2 other processes 6->15 process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c00660379db4da598cf59eeb74ae9a686803cc4296cbde73a61c988cf87e1d44/
Threat name:
Win64.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2022-12-12 03:30:11 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yadgan45wtnftdhvt3vxjlu2nbuahtccs3f5445gdsmiz6d6dvca._file
Verdict:
malicious
Similar samples:
17781abe73e2c5aca6d20dd339a34f223a4dcb2de58bda4fa6679fdb83a5688e
2c965072de3cd60d9dc8c066b9e5bd3130e0d03a0502e9598dc5493b2297f290
533afea70b1fd1d2bc1bc9ade167aa251bdfaca969dbda48b240a17e01891986
70612d4332ec94d8443df6fa1cb9fa43502e54fc7a46ade65cc52058a824f056
a8af3c1e7acc8c9940cda87d5a962608b53431a6a0a57ec59edc30bcbcbf30f2
af90b7982f9e83491575881365351306991619644e94fde6382d892f27a7fb1b
d0e7776bac7c4f0d6a2ba3314ffcf6f430130cd3f6f3ffc4b8496b31eec9043d
e66a3a8ec788ee743a53778ce3adaeb98d15c691a4e15a361c644b5e98e2f60c
+ 765 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221212-d2hbraac46/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/bba9c7ce-b798-437d-9be5-3c217225e05b
Unpacked files
SH256 hash:
c00660379db4da598cf59eeb74ae9a686803cc4296cbde73a61c988cf87e1d44
MD5 hash:
ce86672892e74b48c26f4fefe1ca7177
SHA1 hash:
e67b15b6df987ac6d25ab8bc04e7873e9db57d7e
Link:
https://www.unpac.me/results/76166203-1956-402c-822c-a08da2bee57b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/c00660379db4da598cf59eeb74ae9a686803cc4296cbde73a61c988cf87e1d44

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/345310/

Comments