MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb663a4fa79cb0fcb52c3049b65b1a012c45e72badc13c931fc2c72a8a94dcca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb663a4fa79cb0fcb52c3049b65b1a012c45e72badc13c931fc2c72a8a94dcca
SHA3-384 hash: 84d8be6fc9de7f4b4aeb6f21960b30c294cfdf98954fae52969e2c097e0702e1087fe637816687ea79d60a3959814726
SHA1 hash: c5cbab8fc73d532c4ece48c0b01ba64e386d22fb
MD5 hash: e9156d4d9b48dcc3530efcc27151a1c7
humanhash: pip-black-iowa-east
File name:ajay.jpg
Download: download sample
File size:823'808 bytes
First seen:2020-04-27 09:31:06 UTC
Last seen:2020-04-27 09:33:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 46978de0f8944a65af1673d613222a98 (5 x Smoke Loader, 5 x Vjw0rm, 3 x FormBook)
ssdeep 24576:nNR2zaQBt37/CZ0w1PeWnzqhqCC6+PEvQ:+UsrC6aEI
Threatray 171 similar samples on MalwareBazaar
TLSH 0F057C12B3D3C1B6EFA225F2C5B553320939BC38173CA6DB7390392EE9A06C16A75355
Reporter JoulK
Tags:powershell

Intelligence

File Origin
# of uploads :
2
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Autohk-6995517-0
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Scrami
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 07:22:28 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0c3ffcd5a7623471ea4ebd0df78300568f641bba314b956f5837c2b829c87334
3afe4dd1466eb99bc7ab905a2363173dc043f9060982c49b6f5da73293f7d6ed
50871371de6754f17507213f50bd7748814f8a99899599f835701c5a772c89c7
65c86813da2eb5bfc495e538fa4e77f8c3a3c03418e655ac8262bc0aa42281ba
693626ad4ce750ecb027980dfb505ca69872923702dfe564e0adcb651e8c60d9
849af25a67d831b8e5d90cc6e4b51014a3a4d9f474f7363865cbd98c4dc0ea5a
b254d7faa603b46c4c63f6d1f88d65767fb80638a000967fe527b9572b956e35
d7a340421f260de130a285233b110130fbccd2f26f1f70fc1600bf2855073017
e7c777cc2838334214d3349178f52cd2fdce9138cbd51de1c62bcc73a3478a4f
e942c853f791a2ebd37ae59344bf8878d9a02cdcb83848a68876c49497c642d2
+ 161 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe cb663a4fa79cb0fcb52c3049b65b1a012c45e72badc13c931fc2c72a8a94dcca

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/351856/
  
URLhaus
https://urlhaus.abuse.ch/url/351908/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
ole32.dll::CreateStreamOnHGlobal
MULTIMEDIA_APICan Play MultimediaWINMM.dll::joyGetDevCapsW
WINMM.dll::joyGetPosEx
WINMM.dll::mciSendStringW
WINMM.dll::mixerClose
WINMM.dll::mixerGetControlDetailsW
WINMM.dll::mixerGetDevCapsW
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AdjustTokenPrivileges
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteExW
SHELL32.dll::SHFileOperationW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::OpenProcess
ADVAPI32.dll::OpenProcessToken
KERNEL32.dll::VirtualAllocEx
KERNEL32.dll::WriteProcessMemory
KERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetDriveTypeW
KERNEL32.dll::GetVolumeInformationW
KERNEL32.dll::GetStartupInfoW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::GetWindowsDirectoryW
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameW
ADVAPI32.dll::GetUserNameW
ADVAPI32.dll::LookupPrivilegeValueW
KERNEL32.dll::QueryDosDeviceW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegConnectRegistryW
ADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryInfoKeyW
ADVAPI32.dll::RegQueryValueExW
WIN_SVC_APICan Manipulate Windows ServicesADVAPI32.dll::OpenSCManagerW
ADVAPI32.dll::UnlockServiceDatabase
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuW
USER32.dll::CreateMenu
USER32.dll::EmptyClipboard
USER32.dll::FindWindowW
USER32.dll::OpenClipboard
USER32.dll::PeekMessageW

Comments