MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd4ad1ad993e65c20ee4db15680091fc0edc0b4b763696e716b8b11e95a75968. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd4ad1ad993e65c20ee4db15680091fc0edc0b4b763696e716b8b11e95a75968
SHA3-384 hash: 88521f0d226f0b7d213cc6b51304aad508e7b0596a0cee005ff7747012a652b6ee33939c4ba41a4387813cb10761389e
SHA1 hash: c296b04959bf0ad76a310dfba266c3d542c82fbc
MD5 hash: 4906f9c9cbf8ca932a944f39b8042861
humanhash: xray-carolina-oklahoma-alanine
File name:cd4ad1ad993e65c20ee4db15680091fc0edc0b4b763696e716b8b11e95a75968
Download: download sample
File size:802'304 bytes
First seen:2024-09-10 10:02:34 UTC
Last seen:2024-09-10 10:22:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 99be29d5a7b5111aaa6c2befab6e6c7a
ssdeep 12288:syxleD0jeHp2pcdPuG1l/rRl24yH1XC0HyQO2fZc5Pz5uz6XoKmD:7l36dPN15lHGC0HyQOIc5Pzcz6XoKm
TLSH T15E05CF29A2580574F0E7B378C8970512EBF97847132196DF07F086BA6FA77B01A7E352
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter JAMESWT_WT
Tags:exe m-bala-iask-sina-com-cn

Intelligence

File Origin
# of uploads :
2
# of downloads :
383
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cd4ad1ad993e65c20ee4db15680091fc0edc0b4b763696e716b8b11e95a75968
Verdict:
No threats detected
Analysis date:
2024-09-10 10:07:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5c9b80e4-fb09-4fca-a2d5-9b4adf1b7ab0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.Win64.Hacktool.13315.31482.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66e0195876bc4542b04952e0
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug fingerprint microsoft_visual_cc packed
Link:
https://www.filescan.io/uploads/66e01957ac80a0110f673dc8/reports/79c3c5dc-f7e5-4b64-89a3-4447b15d2dc1/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/cd4ad1ad993e65c20ee4db15680091fc0edc0b4b763696e716b8b11e95a75968
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/491c1e4b-dd58-45b2-8103-2d023b440b60
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1508564
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1508564 Sample: DUq3hQDfCn.dll Startdate: 10/09/2024 Architecture: WINDOWS Score: 48 23 Multi AV Scanner detection for submitted file 2->23 7 loaddll64.exe 1 2->7         started        process3 process4 9 rundll32.exe 7->9         started        11 rundll32.exe 7->11         started        13 cmd.exe 1 7->13         started        15 5 other processes 7->15 process5 17 WerFault.exe 20 16 9->17         started        19 WerFault.exe 16 11->19         started        21 rundll32.exe 13->21         started       
Score:
92%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/cd4ad1ad993e65c20ee4db15680091fc0edc0b4b763696e716b8b11e95a75968
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd4ad1ad993e65c20ee4db15680091fc0edc0b4b763696e716b8b11e95a75968/
Threat name:
Win32.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2024-09-09 11:35:44 UTC
File Type:
PE+ (Dll)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zvfndlmzhzs4edxe3mkwqaer7qhnyc2loy3jnzywxcyr5fnhlfua._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240910-l3cfwsxhqj/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/df49f609-b4c1-4e74-b0d0-e6a45e1fbbc8
Unpacked files
SH256 hash:
cd4ad1ad993e65c20ee4db15680091fc0edc0b4b763696e716b8b11e95a75968
MD5 hash:
4906f9c9cbf8ca932a944f39b8042861
SHA1 hash:
c296b04959bf0ad76a310dfba266c3d542c82fbc
Link:
https://www.unpac.me/results/c4ea1b66-bed0-42e3-8d69-e0ee8faf3aa8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cd4ad1ad993e65c20ee4db15680091fc0edc0b4b763696e716b8b11e95a75968

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::OpenProcess
KERNEL32.dll::VirtualAllocEx
KERNEL32.dll::WriteProcessMemory
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThreadpoolTimer
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
ntdll.dll::NtQueryInformationProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
KERNEL32.dll::GetCommandLineW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleOutputCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW

Comments