MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c38f92e0b7c73dbabf18d61b4c99fe4f0c1ff8852b215d3b18683669595073f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c38f92e0b7c73dbabf18d61b4c99fe4f0c1ff8852b215d3b18683669595073f0
SHA3-384 hash: 1d2c231a1d4d2617af7bdcfb9979462fedff49d43326588ce0f7a6281cf67dc35e2d8e57ca089733b740f5f63f61c879
SHA1 hash: 899d1dc5fa4ff51f5d30faee7e3a1af8cb585b17
MD5 hash: f08f3029d3e61b1e47563125891c2615
humanhash: sixteen-autumn-alanine-orange
File name:slw.dll
Download: download sample
File size:537'088 bytes
First seen:2021-12-08 17:21:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 73695e263c995c6cbf95f79fb65d2713
ssdeep 12288:5gN/jwPsxVMLOy+xT0SsAqcY4EI7GZoejOxmIrFp/LkpSce:KwPQVM5ChqcY4E6GZjjOwyVAw
Threatray 43 similar samples on MalwareBazaar
TLSH T1BEB49E19FA5844F6E167813889779646E2727C5907708BEF23A4623E2F33FD04A7B721
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
slw.dll
Verdict:
No threats detected
Analysis date:
2021-12-08 18:12:13 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fde19397-3fc8-47ae-9da7-2b10b97ca334

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/212581/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
DNS request
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/1354/overview
Behaviour
MeasuringTime
SystemUptime
EvasionQueryPerformanceCounter
CheckCmdLine
EvasionGetTickCount
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61b0e9bffa72c81b5b12017d/reports/dbc87201-b363-41f5-8c0e-f7a77c6a0fc2/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9a53d105-e556-4755-ab8b-33e699c6fad1
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/904061
Signature
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to detect virtualization through RDTSC time measurements
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 536535 Sample: slw.dll Startdate: 08/12/2021 Architecture: WINDOWS Score: 68 34 Multi AV Scanner detection for submitted file 2->34 36 Sigma detected: Suspicious Call by Ordinal 2->36 8 loaddll64.exe 1 2->8         started        process3 signatures4 40 Tries to detect virtualization through RDTSC time measurements 8->40 11 cmd.exe 1 8->11         started        14 rundll32.exe 8->14         started        16 rundll32.exe 8->16         started        18 rundll32.exe 8->18         started        process5 signatures6 42 Uses ping.exe to sleep 11->42 44 Uses ping.exe to check the status of other devices and networks 11->44 20 rundll32.exe 11->20         started        22 cmd.exe 1 14->22         started        46 Found potential dummy code loops (likely to delay analysis) 16->46 48 Tries to detect virtualization through RDTSC time measurements 16->48 process7 signatures8 38 Uses ping.exe to sleep 22->38 25 PING.EXE 1 22->25         started        28 rundll32.exe 22->28         started        30 conhost.exe 22->30         started        process9 dnsIp10 32 127.0.0.1 unknown unknown 25->32
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c38f92e0b7c73dbabf18d61b4c99fe4f0c1ff8852b215d3b18683669595073f0/
Threat name:
Win64.Trojan.CrypterX
Create hunting rule
Status:
Malicious
First seen:
2021-12-07 23:00:54 UTC
File Type:
PE+ (Dll)
Extracted files:
4
AV detection:
17 of 45 (37.78%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
086c37d38778e01644fd879d4c19b7387f6526d3d5ca408af8166207b3729f0e
58bef95d2f1dc3d23b16d982a452e982d4812eee455bc90b2c8694e5e58eec28
5a057b438a0e8668571bc5a452f6403c246ba2def57b158db04a57b156f6b640
6a852c0f5d6e5f124298d47ec6800100bfd886b6196a722bced61f267b497a7d
7883df070b501cf6d4f167ac030820d2fa5d90bd6f48b7feacbe17e612e0475b
83eebca023e0700c5d40cc90fd9fedba3523b8f4e4012a6427e2d8c644a6eb84
976ef5ced7cc6b4d30a7eed5d427dcbc70b4c14403dd53fc1caa7c5b9ac9200f
b163e34d8490c0b567d788e997d9693c9da120a21dff06de9d400c6e66386437
bec7fb70521beab8f861f0d0c5c2996c48bd26626546b12d8c08265dcbc546d7
f0718e4578b67fc0c73b03762a91abd62a071758074ac8f108a00c4cf612474f
+ 33 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211208-vxlbaahhan/
Behaviour
Delays execution with timeout.exe
Runs ping.exe
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
c38f92e0b7c73dbabf18d61b4c99fe4f0c1ff8852b215d3b18683669595073f0
MD5 hash:
f08f3029d3e61b1e47563125891c2615
SHA1 hash:
899d1dc5fa4ff51f5d30faee7e3a1af8cb585b17
Link:
https://www.unpac.me/results/1dad33fc-c88f-48ce-a10d-5c8b6d416103/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c38f92e0b7c73dbabf18d61b4c99fe4f0c1ff8852b215d3b18683669595073f0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/212581/

Comments