MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 d2da9b3d8ce7e8750a387cc5464c97b515673b17430f5f3236c2dddbc9628508. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Adware.Generic
Vendor detections: 11
| SHA256 hash: | d2da9b3d8ce7e8750a387cc5464c97b515673b17430f5f3236c2dddbc9628508 |
|---|---|
| SHA3-384 hash: | 3fcd5d1202996d5f1cf2dc002b75509c14d6f16548d51d1498b07a721b38845edd4fb0dcecb15eedf1edcc86322722fc |
| SHA1 hash: | 229d2ec61a4c3c65676eaafb95c9780d91487347 |
| MD5 hash: | 6feb89a4fbf719427611dfd50b99a7c0 |
| humanhash: | hamper-oklahoma-magazine-steak |
| File name: | script_hack_412.exe |
| Download: | download sample |
| Signature | Adware.Generic |
| File size: | 2'921'144 bytes |
| First seen: | 2021-10-21 00:01:48 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | e00de6e48b9b06aceb12a81e7bf494c9 (20 x Adware.Generic, 1 x CoinMiner) |
| ssdeep | 49152:nG5UfgBTFurx12F+zAaSHV2wopAma07VDWktrGuDUlv/9TNU0LXeRINBNU:nG5QgC1lEBHVDoVa0R6mBUl9u0KRkU |
| Threatray | 93 similar samples on MalwareBazaar |
| TLSH | T100D533013EF584BAF4921972BEA97F96E096E39CDC9288933344832C1BBAF55C33515D |
| File icon (PE): |  |
| dhash icon | 92e0b496a2cada72 (11 x Adware.Generic, 5 x Adware.InstalleRex, 2 x Adware.Yantai) |
| Reporter |  JaffaCakes118 |
| Tags: | Adware.Generic exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
274
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
script_hack_412.exe
Verdict:
Malicious activity
Analysis date:
2021-10-21 00:01:09 UTC
Tags:
installer
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Using the Windows Management Instrumentation requests
Creating a file
Moving a recently created file
Launching a process
Delayed writing of the file
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
greyware overlay packed
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
42 / 100
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.PUA.InstallCore
Status:
Suspicious
First seen:
2021-10-21 00:02:04 UTC
AV detection:
17 of 45 (37.78%)
Threat level:
1/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 83 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
8/10
Tags:
discovery
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks for any installed AV software in registry
Checks installed software on the system
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
ca4122fb9489feb7ee19fed8a7c193d991cb6582534590256b31aaafb6648e5f
MD5 hash:
4e443a02d2cec64df38547017bbe08cf
SHA1 hash:
dbca58c34a1977129b9ebd7adedecb530efe8c7b
SH256 hash:
ece749c64dff26e49ba3a663f9986a332264b7333e28e8e049736e7a3d5496d0
MD5 hash:
24f89e6118f76da8a175074a8a1b32e3
SHA1 hash:
ad8b855839e0ce75469a81a6eabff460ecf772a6
SH256 hash:
497cfe8bbac5558e8358126bbc0c389d3924083b5f952ea7e178e25d56e10134
MD5 hash:
25c9b89b3dbf410fb648ff59f94b0727
SHA1 hash:
95dbced9504b8861d6662840dce2649c9502a6b0
SH256 hash:
1e95cc4acb907b3af3f1c156ec77bacea10182c00b36be2cb4558df098a6c162
MD5 hash:
faa41bc93d94ee03633dd70ffd068406
SHA1 hash:
5af019e5ee309ef6cde2c44f68b8282690840adf
SH256 hash:
0e9d1a74b975bdcccc6f5c585555f233cd03755045388246fe093d0fbafc9c37
MD5 hash:
c60f67ceae69c400f3b306ac81537d9d
SHA1 hash:
d26a815897dbba525a5922845cb711a121fb4be1
Detections:
win_karkoff_auto
SH256 hash:
0d3532f420c8767b26e61dc48ce75da250834059a9d538b84c87ffdafb63d8f7
MD5 hash:
51fdb22931618e0ad5853d9703de1a06
SHA1 hash:
b916ee7e30370c1de7e8195389be80abed320474
SH256 hash:
4748181279feb267a57b502900a846719206524fb6c7b110e053f77781e827a8
MD5 hash:
77820ac06269afac2a5afb83ba22de4a
SHA1 hash:
b8f7221e140d7b2a648f0c354ffe9b70306e164b
SH256 hash:
54f110e52738a5b3a9e425924828cef3c071bec32f804b5f078613a3ad30ef29
MD5 hash:
c775693bc6cd965a62333abe5948885b
SHA1 hash:
8cfeab669f8d9232ee11e897c49c3dcc1e7eea31
SH256 hash:
840387e7e2e86360ae62a1509002ce79eeaac1c9b4f6afffd579df1a68069603
MD5 hash:
b2152756c2a2cdf4ee53f0398b4b86b9
SHA1 hash:
6a9d1626c1428e76afeeb0331cd3eb7160f82553
SH256 hash:
d2da9b3d8ce7e8750a387cc5464c97b515673b17430f5f3236c2dddbc9628508
MD5 hash:
6feb89a4fbf719427611dfd50b99a7c0
SHA1 hash:
229d2ec61a4c3c65676eaafb95c9780d91487347
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.83
YARA Signatures
MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.
| Rule name: | INDICATOR_KB_CERT_1e508bb2398808bc420a5a1f67ba5d0b |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables signed with stolen, revoked or invalid certificates |
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.