MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7146bf39b9897b61eb017d92d38b2949f39cda4f0b99e5138cc00992f1d2446. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Poison


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7146bf39b9897b61eb017d92d38b2949f39cda4f0b99e5138cc00992f1d2446
SHA3-384 hash: 75b6d4a63131b16825f65a8a47b77d31a99a7d3c5bcf56d24c6b6c7a8864d15b4b56b3e795b806a1e6139c4b5f50959c
SHA1 hash: 8209237bd5793dcf6cf429d6775a81c3c7632618
MD5 hash: 934953431c40eaa8784a801dc14b3760
humanhash: jersey-georgia-floor-eleven
File name:40ac4e54bb913e149876d6df83d0f85d
Download: download sample
Signature Poison
Create hunting rule
File size:18'246'499 bytes
First seen:2020-11-17 11:28:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 46d56b44c2f42c46a90229f6b8a7313a (1 x Poison, 1 x Pony, 1 x Plugx)
ssdeep 393216:Eh0Swc9J+cUWGekDA8xE+vR/dphCNFEdPWnkcC4rldjG3a7tyWVYBMRBNI:a0Sf8cUJDA3+vR/7hCKP0kcCI9G6tZAp
Threatray 22 similar samples on MalwareBazaar
TLSH 200733D1B386D6B2E04005728BD79274AD37BF110EE6C99723C4FF9CA63018366B6A57
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ThemidaWinlicen-2
Create hunting rule

PUA.Win.Packer.ThemidaWinlicen-9
Create hunting rule

PUA.Win.Packer.ThemidaWinlicen-7
Create hunting rule

PUA.Win.Packer.Themida-12
Create hunting rule

PUA.Win.Packer.Themida-6
Create hunting rule

PUA.Win.Packer.ThemidaWinlicen-1
Create hunting rule

PUA.Win.Packer.ThemidaWinlicen-4
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Delayed reading of the file
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a file
Launching the default Windows debugger (dwwin.exe)
Launching a process
Result
Verdict:
0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7146bf39b9897b61eb017d92d38b2949f39cda4f0b99e5138cc00992f1d2446/
Threat name:
Win32.Backdoor.Poison
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:29:28 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
044863910e84822872c6a9d134f18db1e04b17f2641f0baa7c3aca4f5f587fbb
Poison
2b1995968ff5b1b0c1bc81553052f425decebcb3333b9fc5b95343c4df69c33f
Poison
4671dbc33d55c1b28df97a2af222a558362ed68f24bc5a3bf433069f6d7673cb
Poison
548c375182f63e134625ec757d001e42051be39bf22f4065932ba53557825312
Poison
985bc1027ad2c2656ede64ca442a4a264b7a93595bac07015a03619b3e87d894
Poison
ace64cbe1ef91a0b14602264fe0de8e3698cb8b901cbd6251b3fd11d87a0bef6
Poison
b0fedb5fc4232c07ff1161ddcc830cf11596ba2653cc7cea1d5666b4bab1f276
Poison
b2f041348835c102db3769245ee4c28dd00cb19c3c6710fc9c11228f3bbce61b
Poison
be3acd23cffe0baa73da9501728b70240077320fe57f729e46111e06ef67f2ef
Poison
d7f7b600a0291f227e18c700916cbd7552aeb595e51a1ab918e164255cc29b1b
Poison
+ 12 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion themida
Link:
https://tria.ge/reports/201117-c39z69ntds/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Identifies Wine through registry keys
Loads dropped DLL
themida
Executes dropped EXE
Unpacked files
SH256 hash:
ee9a0974ab84e67d6cc1a5ca6f87f1b9397538cda410e11d9bb5783a2246f4da
MD5 hash:
e111e2acedc4a00a60342549eebead1e
SHA1 hash:
997b111553901c95e7f9be0e728fa7a48b288b06
Link:
https://www.unpac.me/results/56e5e6fe-208d-46b1-aaf6-0c3a535c6a38/
SH256 hash:
e5496bb53fac5947a189f38250d0d6399f90c691ca514a79a6bbc9f7b677b9d8
MD5 hash:
d49578094a966de7bf24b5149fd04d68
SHA1 hash:
407902841e961f7c18c9df81b15e5860aba2526a
Link:
https://www.unpac.me/results/56e5e6fe-208d-46b1-aaf6-0c3a535c6a38/
SH256 hash:
0d7508774ffe6bc85c0cdee4cb0e784dc8948588e7d3f5f64e4d0e2976d1c487
MD5 hash:
84eb1c7bfffef5329d1472ee0daaf4c6
SHA1 hash:
f0f2a2a40d30b55ce93883cef63dc37a0be6c3b1
Link:
https://www.unpac.me/results/56e5e6fe-208d-46b1-aaf6-0c3a535c6a38/
SH256 hash:
ce203855bafe3d46760b28d2d3a25ae0bca8e36f93515a6a99ed15a74554a263
MD5 hash:
e904fe4f4bbc1dea273f3cdf08058d71
SHA1 hash:
0a399a38e14fe86acce14926405b7c4b9b544f89
Link:
https://www.unpac.me/results/56e5e6fe-208d-46b1-aaf6-0c3a535c6a38/
SH256 hash:
c7146bf39b9897b61eb017d92d38b2949f39cda4f0b99e5138cc00992f1d2446
MD5 hash:
934953431c40eaa8784a801dc14b3760
SHA1 hash:
8209237bd5793dcf6cf429d6775a81c3c7632618
Link:
https://www.unpac.me/results/56e5e6fe-208d-46b1-aaf6-0c3a535c6a38/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments