MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 d2c0475852e1d44f90dd4f8f7361176ae05dedf2ad5d21cfbc96aa9b90260c68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | d2c0475852e1d44f90dd4f8f7361176ae05dedf2ad5d21cfbc96aa9b90260c68 |
|---|---|
| SHA3-384 hash: | 7cb51dcda2d89b006d115fe3746c9c157ffe6a2aaa237c21409b91486edef28078fb577ed8ab6fbed845a50a723df537 |
| SHA1 hash: | bd59294900fa6df6847e4f18db61cac3db9ba728 |
| MD5 hash: | 38dd033f90ab570e4538705e9662ee26 |
| humanhash: | charlie-twelve-romeo-sixteen |
| File name: | a1dc23076541c68c64d11d7c076a0997 |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 11:54:03 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 3072:H7t4x1Jj08ep/reTwKm9NCjlYNCoynhFl2L4pLthEjQT6j:H7t4xjuSm9NCjlY0oM0LkEj1 |
| Threatray | 129 similar samples on MalwareBazaar |
| TLSH | D4247C02B5D04697D1E70A7189E789E41EBFFCB1CBB5762B3A4073DE38365884D487A2 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Creating a process from a recently created file
Creating a file in the Windows directory
Launching the default Windows debugger (dwwin.exe)
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-17 11:57:04 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 119 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
d2c0475852e1d44f90dd4f8f7361176ae05dedf2ad5d21cfbc96aa9b90260c68
MD5 hash:
38dd033f90ab570e4538705e9662ee26
SHA1 hash:
bd59294900fa6df6847e4f18db61cac3db9ba728
SH256 hash:
c1368d4225cc9f2552f7018582470989b48be4b9fde0f22afac802780abfc80d
MD5 hash:
d80bb91cabda6af12f7e6573bee9aeba
SHA1 hash:
07aa9f10ce94ae9efd58ebe80f1c9b41204e6548
SH256 hash:
6f0dcb6c847e269401a3a488479c95de86227cc40887b6c9a063b4cddf71a3cd
MD5 hash:
d5a7f6b83c879512b96354e04949f9fb
SHA1 hash:
5d7a5865dab083d6b6488b48979a06fd8e3ecf5c
SH256 hash:
b6c605e09b6f3904d665dac95edffb0306a86d6c81ad7450f92caacb950ec5a2
MD5 hash:
31702162c13f6a8ca8bb8d708e233b58
SHA1 hash:
59ee4440e1800cd9dec4c914c4c66ba2a3669c7a
SH256 hash:
282f82c4718ad8edc48f339846091e39c4ef82670cb70955f75b7f4bba35548a
MD5 hash:
dd366eeba92dab8d0760294f51d774fd
SHA1 hash:
ad43618aed090e91acaab74aebe0d0c5897e657e
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.