MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c47a2878fc31c893ecead34851c697424e9e159e34c2ed5c93d6b69cee90cb66. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 1 File information Comments

SHA256 hash:	c47a2878fc31c893ecead34851c697424e9e159e34c2ed5c93d6b69cee90cb66
SHA3-384 hash:	4e95caac368cb612556c744b76f693095d819ee17bbfcfd08ea441ac749dc4de86c47089573600c37653b4078a9abcf8
SHA1 hash:	deadb805c874c2e583f7a838596b7e2534863f09
MD5 hash:	408af3116c165496eea895ce91c30ff4
humanhash:	leopard-three-burger-romeo
File name:	gm pin.exe
Download:	download sample
File size:	5'328'896 bytes
First seen:	2023-04-25 12:51:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f7be0615c01951c478ee59f5ad92950a
ssdeep	98304:RywEqDYkx0MVnJlG4+NiefVzArOSqeDalc6d:Dvrkiedc9BDal
Threatray	39 similar samples on MalwareBazaar
TLSH	T1C036F101BA8280B2D522193004B7DB7BAF31DE960B14DB8753D5DE6F3D62391BE3B259
TrID	38.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 20.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 13.0% (.EXE) Win64 Executable (generic) (10523/12/4) 8.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	292959f874e4d0c8
Reporter	Anonymous
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

249

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

gm pin.exe

Verdict:

Malicious activity

Analysis date:

2023-04-25 12:54:09 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/b5ae1513-1aca-4524-9975-b499b78c67ed

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/384797/

Detection(s):

SecuriteInfo.com.Trojan.Generic.32274998.4193.22409.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a window

Creating a file in the %temp% directory

Сreating synchronization primitives

Creating a process from a recently created file

Creating a process with a hidden window

Sending a custom TCP request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/81398/overview

Behaviour

MalwareBazaar

CursorPosition

CheckCmdLine

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware keylogger packed shell32.dll

Link:

https://www.filescan.io/uploads/6447ccf32644a56ac26860fa/reports/57c6be48-a8a4-458c-8755-cbdc45162e2a/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/c47a2878fc31c893ecead34851c697424e9e159e34c2ed5c93d6b69cee90cb66

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ba98f529-9eaa-4ceb-afad-93a33dcff12b

Result

Threat name:

n/a

Detection:

malicious

Classification:

spyw

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1220701

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to modify clipboard data

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c47a2878fc31c893ecead34851c697424e9e159e34c2ed5c93d6b69cee90cb66/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2022-11-26 07:11:23 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 36 (58.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=yr5cq6h4ghejh3hk2nefdruxijhj4fm6gtbo2xet223jz3uqznta._file

Verdict:

malicious

1948cbc56b010af69cab63977edb0dfb76de1520291fd9eac8777a887f006adc

56133c0d017af35f49253926e3583cf72c36146ab7faa65b6058971685166652

6ce171619dd97a51a8d5e6a4eaeea86f4fea6ed400c9e0a879b690b4fbd0a6b4

75b388003cc32b680abc3d9b41bc6c435af723de235eaab36a323fddcb906f62

799b7395c9f279d8cd1cd24657788ecb37db7ae03c0dddeb3344a95a551d1325

7b4cf9f048c369e0c4c26cb10eea84b05c255c85267488b55bf8c01c8b324b62

e6902e5efb53a1de2af93809a5103603aa8115e0f80fa95ade2461947bff4c7e

faaf2d27ca3c7a332b9c9474b869931e614e77697d30703c4f2c02b14237b019

fdb6ea9de0be18ad1f1418aa6dd3ce73db50d6abab7b27d274eeb15940a3bc31

+ 29 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/230425-p32ybscc4x/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Unpacked files

SH256 hash:

982a177924762f270b36fe34c7d6847392b48ae53151dc2011078dceef487a53

MD5 hash:

8b6c94bbdbfb213e94a5dcb4fac28ce3

SHA1 hash:

b56102ca4f03556f387f8b30e2b404efabe0cb65

Link:

https://www.unpac.me/results/a3603afe-a333-4a64-aa65-072c31940d32/

SH256 hash:

c47a2878fc31c893ecead34851c697424e9e159e34c2ed5c93d6b69cee90cb66

MD5 hash:

408af3116c165496eea895ce91c30ff4

SHA1 hash:

deadb805c874c2e583f7a838596b7e2534863f09

Link:

https://www.unpac.me/results/a3603afe-a333-4a64-aa65-072c31940d32/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.65

Link:

https://yomi.yoroi.company/submissions/c47a2878fc31c893ecead34851c697424e9e159e34c2ed5c93d6b69cee90cb66

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	meth_get_eip Create hunting rule
Author:	Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/384797/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample