MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc631481dbec5317fdebc9407fadaf8cc8d1a7c46222de4344aa0da78e1142d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc631481dbec5317fdebc9407fadaf8cc8d1a7c46222de4344aa0da78e1142d1
SHA3-384 hash: 2639cff15f8df475955572c303accc2d82efda6dc011c6922450099ca3520e4bd9f4c67becaeefafcdf1f568c0fd1f4f
SHA1 hash: 410bbab9241ba9501df2c488215549c272108c73
MD5 hash: 0532b57409ff7febd0406dc5b1ac7b71
humanhash: floor-jupiter-oregon-fix
File name:SecuriteInfo.com.Gen.Variant.Adware.Midie.65867.22103.7645
Download: download sample
File size:15'409'856 bytes
First seen:2023-01-18 12:48:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 20dd26497880c05caed9305b3c8b9109 (31 x Adware.Auslogics, 5 x LummaStealer, 5 x Adware.Generic)
ssdeep 393216:PH5P9Y6jzDRw+6jzDRw/g9pXW7dYUTTq2u:PRBS6cG7d7fqF
Threatray 486 similar samples on MalwareBazaar
TLSH T1CCF62303B1C4807AD4AA57364632A51069FFB67496B29E1B2FF4D98CCF751C10E3BB26
TrID 35.9% (.EXE) Inno Setup installer (109740/4/30)
14.1% (.EXE) InstallShield setup (43053/19/16)
13.6% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
8.8% (.EXE) UPX compressed Win32 Executable (27066/9/6)
8.7% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
214
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Gen.Variant.Adware.Midie.65867.22103.7645
Verdict:
Malicious activity
Analysis date:
2023-01-18 12:57:45 UTC
Tags:
installer
Link:
https://app.any.run/tasks/bddf3e48-e4be-424d-b265-5c36736d8658

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
PUA.Win.Malware.Speedingupmypc-6718419-0
Create hunting rule

SecuriteInfo.com.Gen.Variant.Adware.Midie.65867.22103.7645.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Outbrowse-6628770-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Searching for the window
DNS request
Connecting to a non-recommended domain
Sending a custom TCP request
Sending an HTTP GET request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/61215/overview
Behaviour
MalwareBazaar
CheckNumberOfProcessor
CheckCmdLine
Verdict:
No Threat
Threat level:
  2/10
Confidence:
80%
Tags:
greyware overlay packed packed setupapi.dll shell32.dll
Link:
https://www.filescan.io/uploads/63c7eadd8352dc7065e38970/reports/bde144cd-6671-4cc8-b216-6656599da409/overview
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/dcf697ff-6687-45b1-b7e8-ceff31c8f66c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
46 / 100
Link:
https://www.joesandbox.com/analysis/1153825
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Creates a thread in another existing process (thread injection)
Injects code into the Windows Explorer (explorer.exe)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Obfuscated command line found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 786558 Sample: SecuriteInfo.com.Gen.Varian... Startdate: 18/01/2023 Architecture: WINDOWS Score: 46 59 Multi AV Scanner detection for domain / URL 2->59 61 Antivirus / Scanner detection for submitted sample 2->61 63 Multi AV Scanner detection for submitted file 2->63 65 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->65 8 SecuriteInfo.com.Gen.Variant.Adware.Midie.65867.22103.7645.exe 2 2->8         started        process3 file4 33 SecuriteInfo.com.G...5867.22103.7645.tmp, PE32 8->33 dropped 67 Obfuscated command line found 8->67 12 SecuriteInfo.com.Gen.Variant.Adware.Midie.65867.22103.7645.tmp 11 81 8->12         started        signatures5 process6 dnsIp7 45 reqbus.ru 35.217.27.166, 443, 49691, 49697 GOOGLEUS United States 12->45 37 C:\Users\user\AppData\...\shortcut.exe (copy), PE32+ 12->37 dropped 39 C:\Users\user\AppData\...\shortcut.dll (copy), PE32+ 12->39 dropped 41 C:\Users\user\AppData\Local\...\is-PTVKI.tmp, PE32+ 12->41 dropped 43 6 other files (4 malicious) 12->43 dropped 16 shortcut.exe 12->16         started        19 shortcut.exe 12->19         started        21 shortcut.exe 12->21         started        23 Victoria_4.76b_SSD.exe 2 12->23         started        file8 process9 file10 47 Injects code into the Windows Explorer (explorer.exe) 16->47 49 Writes to foreign memory regions 16->49 51 Allocates memory in foreign processes 16->51 26 explorer.exe 11 46 16->26 injected 53 Creates a thread in another existing process (thread injection) 19->53 55 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 19->55 31 C:\Users\user\...\Victoria_4.76b_SSD.tmp, PE32 23->31 dropped 57 Obfuscated command line found 23->57 28 Victoria_4.76b_SSD.tmp 3 10 23->28         started        signatures11 process12 file13 35 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 28->35 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc631481dbec5317fdebc9407fadaf8cc8d1a7c46222de4344aa0da78e1142d1/
Threat name:
Win32.Trojan.Midie
Create hunting rule
Status:
Malicious
First seen:
2019-10-14 10:04:32 UTC
File Type:
PE (Exe)
Extracted files:
747
AV detection:
13 of 39 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zrrrjao35rjrp7plzfah7lnprtendj6emirn4q2evig2pdqriliq._file
Verdict:
unknown
Similar samples:
0a814a1f3ef52e8379da69712873c881699ead13f7ab737f875638313123d181
111d1529eb5320465bc09a12146b321b0f4409372a8b73048b7798904082068c
43fd44a53e16097ae8b813e48be98cddfce369cd515efa1383fd0ea0b5a4c0bc
9848335d47d8bb203145e2aca78fc8f9b42fb2ba1cd91561974172ea6da43851
c23f7427ef397ef00212583329e993347165a21aa8b06e4162844f89b0dc3b23
fce1d9496dbdcf9505069283bf61e825e76a1c99af5258beae9feb0a34385cd7
ffa212f2e4a69930a47fab0c12b6e2d98c590dd18c5ee1115e5ea4571b89ac50
+ 476 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/230118-p2fzgade7z/
Behaviour
Modifies system certificate store
Script User-Agent
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
ff4423d666f19bba5df840fbee049ecf17ae63667d2f9f38df58ccd79bb2193e
MD5 hash:
34d48ab74911471e8edc357128bffa84
SHA1 hash:
6ea0e334d2926b3652b55e4356cb1be704291cf7
Link:
https://www.unpac.me/results/9cfdd3a7-167b-4e49-b044-c5be3b83b31a/
SH256 hash:
b7c8240d603b85dd99047e12936f5bd72b3db15dacce77c9506b674299560850
MD5 hash:
3f456380dfe562e211aa49a99247735f
SHA1 hash:
8c3655e5088f9fa13b8395919abf4a05f592ff91
Link:
https://www.unpac.me/results/9cfdd3a7-167b-4e49-b044-c5be3b83b31a/
SH256 hash:
44b8e6a310564338968158a1ed88c8535dece20acb06c5e22d87953c261dfed0
MD5 hash:
9c8886759e736d3f27674e0fff63d40a
SHA1 hash:
ceff6a7b106c3262d9e8496d2ab319821b100541
Link:
https://www.unpac.me/results/9cfdd3a7-167b-4e49-b044-c5be3b83b31a/
SH256 hash:
2889147be7789bf3beb60b06615787da33f81e92baeb60c6d6020b9392454ce3
MD5 hash:
d4a7c61f5d04dd2fccd48d94d9a9785e
SHA1 hash:
63c7fe378fa534a1754d413e37bec732175284ba
Link:
https://www.unpac.me/results/9cfdd3a7-167b-4e49-b044-c5be3b83b31a/
SH256 hash:
b8bca3d1f9db9ba3fccb693cf458ea919539757b6e9b0738570dd4cee8d9836c
MD5 hash:
60b93f648077fcbdf5432b43696d9e03
SHA1 hash:
5cfcc821b8f071a892596d771a40d29c24aec913
Link:
https://www.unpac.me/results/9cfdd3a7-167b-4e49-b044-c5be3b83b31a/
SH256 hash:
5fd023d29743df135670d280acdf276ca02b9b6bb2719d40c85293292c1e5fe7
MD5 hash:
52adbf46c40fdc35c239b01564698aa4
SHA1 hash:
f2cfaa1866e885541a38ca66bf97211a3f2eb727
Link:
https://www.unpac.me/results/9cfdd3a7-167b-4e49-b044-c5be3b83b31a/
SH256 hash:
0fa640fd775b365ea8441138111463f3ddd72e50891650b5bf87b1eaf10bb52a
MD5 hash:
6c2f2b353c8a77817d677581bbe5fb55
SHA1 hash:
430e028a8f1ae5f13ab1745fb4095e8a70f48391
Link:
https://www.unpac.me/results/9cfdd3a7-167b-4e49-b044-c5be3b83b31a/
SH256 hash:
3a8ce467ea565b76a4367854d8e8997025c0a238a193d15679f06ff169ba9300
MD5 hash:
5f835ea79b47e049b494b946d3a0092b
SHA1 hash:
b447674b082e4bfe297569381628dd4280c65378
Link:
https://www.unpac.me/results/9cfdd3a7-167b-4e49-b044-c5be3b83b31a/
SH256 hash:
cc631481dbec5317fdebc9407fadaf8cc8d1a7c46222de4344aa0da78e1142d1
MD5 hash:
0532b57409ff7febd0406dc5b1ac7b71
SHA1 hash:
410bbab9241ba9501df2c488215549c272108c73
Link:
https://www.unpac.me/results/9cfdd3a7-167b-4e49-b044-c5be3b83b31a/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/cc631481dbec/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cc631481dbec5317fdebc9407fadaf8cc8d1a7c46222de4344aa0da78e1142d1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments