MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfcef5b0b3b3e1a965239d998248ae3532e2185c1aa45d55be0cd6da9ebe3488. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cfcef5b0b3b3e1a965239d998248ae3532e2185c1aa45d55be0cd6da9ebe3488
SHA3-384 hash: 7f53580aa31f51278e638057ff5ecdf85054c16d66295d6e52ca496b9933b1dfd726f1a45cb0e8fb9d413c5e6b738221
SHA1 hash: cfccf48ce18e8ec0bd33a89562722aad698899d1
MD5 hash: d0001f4174b04cd4a2f38b1783f19107
humanhash: aspen-beer-carpet-carpet
File name:SecuriteInfo.com.W32.Injector.EROU.tr.5538.32311
Download: download sample
File size:47'104 bytes
First seen:2022-11-28 02:30:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8b03fd89f9fb103cf409f04950cee672
ssdeep 768:LfWOP2sBk0yPnMsMRDzRe6DGOXcP5dMZ+b9OP7R/accmzC1MM2:VPdsMRDzRe6SOC5dMZ+b9OP+mG1MM
TLSH T1A923F611D282227FDEE610F794F7212DA934AB47430455DF17C8ACE62F2B9D66E3086B
TrID 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.7% (.EXE) Win64 Executable (generic) (10523/12/4)
7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
164
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.Injector.EROU.tr.5538.32311
Verdict:
No threats detected
Analysis date:
2022-11-28 02:32:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4a13d018-d9e8-4c42-b9fc-11d23c38b9ee

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/339222/
Detection(s):
SecuriteInfo.com.W32.Injector.EROU.tr.5538.32311.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/63841d6794f9bac087b38efc/reports/1d20fae9-e0fc-4af5-91d9-094dca8900b1/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/52a44714-3d2b-439b-a57d-34ec90bd6125
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1122174
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 754891 Sample: SecuriteInfo.com.W32.Inject... Startdate: 28/11/2022 Architecture: WINDOWS Score: 52 12 Multi AV Scanner detection for submitted file 2->12 14 Machine Learning detection for sample 2->14 6 SecuriteInfo.com.W32.Injector.EROU.tr.5538.32311.exe 1 2->6         started        process3 process4 8 WerFault.exe 24 9 6->8         started        10 conhost.exe 6->10         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cfcef5b0b3b3e1a965239d998248ae3532e2185c1aa45d55be0cd6da9ebe3488/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2022-11-27 23:48:44 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z7hplmftwpq2szjdtwmyesfoguzoegc4dksf2vn6btlnvhv6gsea._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/221128-czqdxagh78/
Behaviour
Program crash
Unpacked files
SH256 hash:
cfcef5b0b3b3e1a965239d998248ae3532e2185c1aa45d55be0cd6da9ebe3488
MD5 hash:
d0001f4174b04cd4a2f38b1783f19107
SHA1 hash:
cfccf48ce18e8ec0bd33a89562722aad698899d1
Link:
https://www.unpac.me/results/9998e48e-1513-4cea-a068-591142d2d09d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cfcef5b0b3b3e1a965239d998248ae3532e2185c1aa45d55be0cd6da9ebe3488

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/339222/

Comments