MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c04c9af44ac55ad0ac68316661ee1bdf105444ce06389db25c4b8ed56ac3a807. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c04c9af44ac55ad0ac68316661ee1bdf105444ce06389db25c4b8ed56ac3a807
SHA3-384 hash: 2af9024875094978c30047749cd6c92352ac5541b56daca0145edcd54db854d76bfe62cdeeafd5fe488a6d692c7b1b03
SHA1 hash: 82d4d5498b1802c9828dd9e6ce5dee65070188cc
MD5 hash: 3edec1d8ac7797c849aa3998522449dc
humanhash: uniform-table-three-florida
File name:SecuriteInfo.com.W32.Injector.CLDS.tr.16742.18565
Download: download sample
File size:1'218'471 bytes
First seen:2023-05-29 12:30:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'463 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 24576:v2U+Z7yWesL3VCBuUjxrOQqX6LsI4o2DgOpTipiJwZ8YaXag:v2XGC3ABum1p/74o2BpiY6aV
Threatray 41 similar samples on MalwareBazaar
TLSH T125452325026C983BED53AB749D96B42D957A79A8A43134B930CC0BCDFF3F1E29907316
TrID 76.6% (.EXE) Inno Setup installer (109740/4/30)
9.9% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.1% (.EXE) Win32 Executable (generic) (4505/5/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
236
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.Injector.CLDS.tr.16742.18565
Verdict:
Suspicious activity
Analysis date:
2023-05-29 12:41:04 UTC
Tags:
installer
Link:
https://app.any.run/tasks/35f1e80e-951a-4ee6-8dcd-a645c946aa3d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/393064/
Detection(s):
SecuriteInfo.com.W32.Injector.CLDS.tr.16742.18565.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/88511/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware installer lolbin overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/64749b16641f4318be298423/reports/4f8768d4-41c0-45ed-af26-a7fc16c65298/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/c04c9af44ac55ad0ac68316661ee1bdf105444ce06389db25c4b8ed56ac3a807
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/57e72797-72b5-48b8-87e3-9343d5165bfb
Result
Threat name:
n/a
Detection:
suspicious
Classification:
n/a
Score:
30 / 100
Link:
https://www.joesandbox.com/analysis/1244438
Signature
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Obfuscated command line found
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c04c9af44ac55ad0ac68316661ee1bdf105444ce06389db25c4b8ed56ac3a807/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2011-06-06 08:26:00 UTC
File Type:
PE (Exe)
Extracted files:
126
AV detection:
5 of 37 (13.51%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ybgjv5ckyvnnbldigftgd3q334ifirgoay4j3ms4johnk2wdvadq._file
Verdict:
unknown
Similar samples:
0ae66a84bff78660f30aedcced0846aa627775d54fbdbb2eef87e7b299139cfd
42c326b155960ea90143b31d14c48bf081d6dc6bb74ce383cace3cdfe844a403
5152a2dee24714603552cf873e34a12b8822df103336e8f0e1da5379720c7348
5e68db0fc4ba7e505cb1d59e9db3c1c09ab83d0d5f1d2e28e0446ee8c6fa3081
9a1d08a5e847f6faf3abdbbf95388055757c544c5b792be39463b94417d9ea69
e295384539da6e846a4e14df3682a306a01797577a496a279e2718ca7c464ede
ec117203d9cf5a324fdd8ead407b681096e9f60a0916f8316febb76943240b0a
ed8534bd6aa40b9c0af7f68fe82154b3e7f0a82ecb05189a2de9884521f963a5
f22bf2bd431d6e2b93c8485c99537383fe4b775c70ca5633ffaf702fde170b7f
+ 31 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230529-pp3byabg72/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
986166e4e45b959744c9c9b739ddb757957cc7b19fdaab1e753f211744b0694d
MD5 hash:
3221951c9e5274ff874435dfea33599b
SHA1 hash:
05279bdddb8904473037a87ce6eb415bf81a9de1
Link:
https://www.unpac.me/results/9e11be32-8bc5-4b7f-9c95-3a49d4d40c1f/
SH256 hash:
9100df20cbb6ab900d3523770b90cb020a747263fb8ed4b3b707e706baabc9b4
MD5 hash:
ebec7e06e95315692f049089803a065a
SHA1 hash:
f054875e4c209fcae5e500bbba649838890469e5
Link:
https://www.unpac.me/results/9e11be32-8bc5-4b7f-9c95-3a49d4d40c1f/
SH256 hash:
c04c9af44ac55ad0ac68316661ee1bdf105444ce06389db25c4b8ed56ac3a807
MD5 hash:
3edec1d8ac7797c849aa3998522449dc
SHA1 hash:
82d4d5498b1802c9828dd9e6ce5dee65070188cc
Link:
https://www.unpac.me/results/9e11be32-8bc5-4b7f-9c95-3a49d4d40c1f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/c04c9af44ac55ad0ac68316661ee1bdf105444ce06389db25c4b8ed56ac3a807

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/393064/

Comments