MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc5af35fe4bd3d1b4ce2fa24698704d682a8bfea94d7d5e7ce9b4d496b68e6f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.Generic


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc5af35fe4bd3d1b4ce2fa24698704d682a8bfea94d7d5e7ce9b4d496b68e6f6
SHA3-384 hash: d859c9446a466d650c524464c11c8c6f27342db9d04596af0b27e3a97bca384200aa5642f0b931de9d2770cd0c8cbc49
SHA1 hash: 3a188da137e0edb9483c7a215e24bda36ed529c9
MD5 hash: b4438eaacceaacf38f87d724e22758a0
humanhash: finch-four-autumn-fanta
File name:Wondershare Dr.Fone Toolkit for Pc 10.6.7.75 FULL+Crack.exe
Download: download sample
Signature Adware.Generic
Create hunting rule
File size:15'385'783 bytes
First seen:2023-08-13 10:40:41 UTC
Last seen:2023-08-13 11:35:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e569e6f445d32ba23766ad67d1e3787f (262 x Adware.Generic, 41 x RecordBreaker, 24 x RedLineStealer)
ssdeep 393216:H4m67ZQ4E2WTo4m67ZQ4EgWTo4J67ZQ4EgWTodJ6/o9d:Ym6u2Mm6ugMJ6ugBJ6i
Threatray 20 similar samples on MalwareBazaar
TLSH T1EFF6233EF268B03ED99A1B3205B74660847B7B5075468C1E47FC348DDB756301F3AAAA
TrID 50.4% (.EXE) Inno Setup installer (109740/4/30)
19.7% (.EXE) InstallShield setup (43053/19/16)
19.1% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
4.8% (.EXE) Win64 Executable (generic) (10523/12/4)
2.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 5050d270cccc82ae (109 x Adware.Generic, 43 x LummaStealer, 42 x OffLoader)
Reporter xr1pper
Tags:Adware.Generic exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
390
Origin country :
EG EG
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Wondershare Dr.Fone Toolkit for Pc 10.6.7.75 FULL+Crack.exe
Verdict:
Malicious activity
Analysis date:
2023-08-13 10:08:32 UTC
Tags:
installer loader adware
Link:
https://app.any.run/tasks/0f999993-a2b3-4b36-a80a-cec150b6391d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.FileRepMalware.3090.31208.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/102769/overview
Behaviour
MalwareBazaar
CheckNumberOfProcessor
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control installer lolbin overlay packed setupapi shell32
Link:
https://www.filescan.io/uploads/64d8b33fe1d5367a534c28ab/reports/9b400562-0815-4f41-9b6e-a69077df5071/overview
Verdict:
Malicious
Labled as:
TR/Downloader.Generic
Link:
https://www.hybrid-analysis.com/sample/cc5af35fe4bd3d1b4ce2fa24698704d682a8bfea94d7d5e7ce9b4d496b68e6f6
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ea21b27d-6801-4021-9fa3-ff775b6a7fb8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc5af35fe4bd3d1b4ce2fa24698704d682a8bfea94d7d5e7ce9b4d496b68e6f6/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-08-13 10:41:08 UTC
File Type:
PE (Exe)
Extracted files:
11
AV detection:
13 of 24 (54.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zrnpgx7exu6rwthc7isgtbye22bkrp7kstl5lz6otngus23i433a._file
Verdict:
unknown
Similar samples:
1062b856e7580e1d5b19bdbe87a233343c39c5a41860358c854586f52dbf906f
Adware.Generic
5377fdf4a8c5b2de8f21a23a0770fbc497d3ba1ff58d50d1ec952216e84a3c4f
Adware.Generic
5a4b558e3f228adc43c877a56890612ba69b2e112ca8e0fdd538581e0dc6898b
Adware.Generic
63fe94f5903f4d969dd1e3032497a9f7ed693410a1a58a9857aaf22826bb0115
Adware.Generic
6c3f24ff26c5d2f16ae6aa8842e97d402c2e203d0aa2798a40f4dc000554dbca
Adware.Generic
82e3523dc7d162e55eaa4f69c2dba9555592661eadcc6807898da7196e57289a
Adware.Generic
87f58956937f84708706f515675d0b48125ace13ede701886e433cc8b336720d
Adware.Generic
8fc055b97e29323ef0f570ef76b2bacdceb4f8d1b8a2eb62bb974f0abf03e5c0
Adware.Generic
aad7a088f309c1e0671f327db2428a470c14d08d5f6489fcb628071d2361b6a7
Adware.Generic
f95fdca4f8709816b40f99b492f57e383ab60dee9d34cfe1aa919e0c90dd48ba
Adware.Generic
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230813-mq39hsdc2w/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
4812e8c98a522999978ef831139b5b7483da2ed9ffc747a02ae0207056b6c61b
MD5 hash:
f5f27de68a8748d2d1ddb6f0df43433f
SHA1 hash:
151087f9a04f36df8d805e605eda5bb96f93c834
Link:
https://www.unpac.me/results/cd8d5a10-9f3c-4505-a616-1f6dd0b0160e/
SH256 hash:
cc5af35fe4bd3d1b4ce2fa24698704d682a8bfea94d7d5e7ce9b4d496b68e6f6
MD5 hash:
b4438eaacceaacf38f87d724e22758a0
SHA1 hash:
3a188da137e0edb9483c7a215e24bda36ed529c9
Link:
https://www.unpac.me/results/cd8d5a10-9f3c-4505-a616-1f6dd0b0160e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cc5af35fe4bd3d1b4ce2fa24698704d682a8bfea94d7d5e7ce9b4d496b68e6f6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Adware.Generic

Executable exe cc5af35fe4bd3d1b4ce2fa24698704d682a8bfea94d7d5e7ce9b4d496b68e6f6

(this sample)

  
Delivery method
Distributed via web download

Comments