MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d4f636c94595d717dec6e61d2648b48ca528a7e172ae5c8e198147d111335db8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d4f636c94595d717dec6e61d2648b48ca528a7e172ae5c8e198147d111335db8
SHA3-384 hash: ff08d60710e0c1b23ece53c4d61ae6a30483e8c1237ebad5cdd29554f337d3f796771f1eca02903b9e74936be10a750e
SHA1 hash: 35dae0b2fad4fd9b6e9788d1b508645cfe615549
MD5 hash: 6596030b2838652c3985c9da5ecfba73
humanhash: sodium-quebec-sierra-sixteen
File name:d4f636c94595d717dec6e61d2648b48ca528a7e172ae5c8e198147d111335db8
Download: download sample
File size:312'632 bytes
First seen:2022-04-05 07:22:57 UTC
Last seen:2022-04-05 08:07:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2b8714d949689cf253d380f5bff2ecff
ssdeep 6144:/TzYU2BQ2ADga3UAAUAhY0NbXHsF11ok8+5+dwyOvfsdtRV/V+:/TzYLvdayPyyXH1U+dwyO3YN+
Threatray 10 similar samples on MalwareBazaar
TLSH T1806412CFF7531660CC47087AA6B74410CEA2EE63BA614D7B960CB50A0FF624A5675C2F
File icon (PE):PE icon
dhash icon e2e2b2b2aaa2a2a0
Reporter JAMESWT_WT
Tags:Cerulean Studios LLC exe signed

Code Signing Certificate

Organisation:Cerulean Studios, LLC
Issuer:Sectigo Public Code Signing CA R36
Algorithm:sha384WithRSAEncryption
Valid from:2022-03-08T00:00:00Z
Valid to:2024-03-07T23:59:59Z
Serial number: fa1cd6dd8e23d65417906b996eb8dae8
Thumbprint Algorithm:SHA256
Thumbprint: bd5048aa1b58febe4be0f0204cde690ca9c5e071da4317de62357b56e0276b7f
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d4f636c94595d717dec6e61d2648b48ca528a7e172ae5c8e198147d111335db8.zip
Verdict:
Suspicious activity
Analysis date:
2022-04-06 05:40:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/84a5b504-d03a-4e68-b0f3-56ee9432d6b9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/260869/
Detection(s):
PUA.Win.Packer.PECompact-2
Create hunting rule

PUA.Win.Packer.ExeshieldProtec-1
Create hunting rule

SecuriteInfo.com.StaticAI-SuspiciousPE.4024.25190.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/12675/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/624bee5edb9ca5cf8422b19a/reports/22f007c5-b139-4fc6-9a12-399a01f6a071/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1d222c13-17ad-47fe-9c96-86baf7dca72e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/970646
Signature
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d4f636c94595d717dec6e61d2648b48ca528a7e172ae5c8e198147d111335db8/
Verdict:
unknown
Similar samples:
025c02b41a8f743e5787b57e74631316db62317c41845402f3ad5e0575b6586e
0d47d1c6e21e6df01ac6593d252993b93a0a00a645e1687c2b75cd0b7656ec2b
123f17fcd035b40ddff50b0c592ecaff3e58846f6c5f37afe84bd5a1b6df176e
4a46a253a8201ca8dd7be2be8ce8cdab7bd5cb5c39d7a87adaa03e96c3187be8
561fe3832a5681034418efd005c0f2ebae8b9a54efa6d52761980fe6b3a31337
707330f0f7009aeb6cb1bba679ac72183ed938293fc5c2a4ecea035f245b789c
bbc09aecdb816662e1d982d0a8d358d8e4e634197f73c3b01bd73076f5f4a0bf
c79f3e70d3993f9da3f7b010f8a1610ee52919191bb29e2359305b1b75f1a6b3
f05717a64218e6b687c3675ce9f8e3c774d82d81eb0f1f0befd4286ed1947f37
fdb370e507a2dafd896f539be1e63bad7dd1963259606df11208f5e1498e6f20
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220405-h7srwsehak/
Unpacked files
SH256 hash:
37c34e23c66f9ef17f7f70963ea4130c000c0b323718b3f32d3e24282e156651
MD5 hash:
f922499ce216c5e8998f6d21309119ca
SHA1 hash:
91b7333275fefe10d6dc97062d47da696ca168cb
Link:
https://www.unpac.me/results/ec78d4a1-6aad-4a1f-a787-b6657a88d90c/
SH256 hash:
d4f636c94595d717dec6e61d2648b48ca528a7e172ae5c8e198147d111335db8
MD5 hash:
6596030b2838652c3985c9da5ecfba73
SHA1 hash:
35dae0b2fad4fd9b6e9788d1b508645cfe615549
Link:
https://www.unpac.me/results/ec78d4a1-6aad-4a1f-a787-b6657a88d90c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d4f636c94595d717dec6e61d2648b48ca528a7e172ae5c8e198147d111335db8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/260869/

Comments