MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7d11c958c790562daf2522a05d7ba39e0c013e810f51ff2013af571d9394679. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7d11c958c790562daf2522a05d7ba39e0c013e810f51ff2013af571d9394679
SHA3-384 hash: 0cc835638ef2157d0888537505cd0c4b5cdc8b155b463178820893478a43c1ff09af06026b621e543729f4786c6fdf1a
SHA1 hash: cdf3fcfd476356cddf983bff1c4a442341d06064
MD5 hash: 05e07edd65b3b00840b04eb95af62d78
humanhash: august-alabama-stairway-hydrogen
File name:05e07edd65b3b00840b04eb95af62d78.exe
Download: download sample
File size:9'713'152 bytes
First seen:2023-01-22 17:14:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d67688b0b39051c22f07167dfdd6ecad
ssdeep 196608:o8rTXxh+ZZX9D7NGn2DM7QWOMPeKssZZF6yn8rDcpO2drrScm:tD+ZDc2OQ6WVFkfJk
Threatray 3 similar samples on MalwareBazaar
TLSH T15FA623D5589052E4D0E2871470CA13AEB4D03AAE5BE95E0C7AE54C125F90DFF360FAEB
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
173
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
vidar
Create hunting rule
ID:
1
File name:
Software.exe
Verdict:
Malicious activity
Analysis date:
2023-01-21 02:27:03 UTC
Tags:
trojan stealer vidar loader
Link:
https://app.any.run/tasks/a1e91b31-a055-4128-b6a9-7901581d6c46

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/355655/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Verdict:
No Threat
Threat level:
  2/10
Confidence:
67%
Tags:
packed
Link:
https://www.filescan.io/uploads/63cd6f16416d38777a79e792/reports/cd8ecda1-2917-42d0-ac5d-e93e396a709e/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/8878385e-afec-48dd-9070-9eacad40886b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1156566
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7d11c958c790562daf2522a05d7ba39e0c013e810f51ff2013af571d9394679/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-01-21 05:29:47 UTC
AV detection:
7 of 39 (17.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y7irzfmmpecwfwxskivalv52hhqmae7icd2r74qbhl2xdwjziz4q._file
Verdict:
unknown
Similar samples:
5280df289219b64295e97b3b94e61b34e93a2fa9796067a447b7695499711e97
58591d220d48fbc565054766db000c1d14250a02c160bfe86370877441e5d2da
804826c7da65f0ef6aba984fc65cd2e701f4d26ef52fedd3dcea5808c4c70542
Result
Malware family:
n/a
Score:
  7/10
Tags:
themida
Link:
https://tria.ge/reports/230122-vsjxnaae2y/
Behaviour
Program crash
Themida packer
Unpacked files
SH256 hash:
c7d11c958c790562daf2522a05d7ba39e0c013e810f51ff2013af571d9394679
MD5 hash:
05e07edd65b3b00840b04eb95af62d78
SHA1 hash:
cdf3fcfd476356cddf983bff1c4a442341d06064
Link:
https://www.unpac.me/results/cb1409ef-4dbf-43a3-b695-fbd75ef56e06/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c7d11c958c790562daf2522a05d7ba39e0c013e810f51ff2013af571d9394679

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_Themida
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with Themida

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c7d11c958c790562daf2522a05d7ba39e0c013e810f51ff2013af571d9394679

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2469977/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/355655/

Comments