MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8564dbe6928ead975f5c2324f15d1a02d46a58607a1446a6666d0783c5f5024. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Worm.Virut

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	d8564dbe6928ead975f5c2324f15d1a02d46a58607a1446a6666d0783c5f5024
SHA3-384 hash:	cf3bb7a7d2c625e36d82521c558e8e7b4c5378ac0809a3e60271026179fa29ce2a6ab741acdef333bd9cfb4afe66620e
SHA1 hash:	5c1944e06c6726268481a07d8febb032f4b1cbbc
MD5 hash:	98b4d7f181683a47d13f0848140da7e8
humanhash:	avocado-hawaii-saturn-salami
File name:	98b4d7f1_by_Libranalysis
Download:	download sample
Signature	Worm.Virut Create hunting rule
File size:	203'776 bytes
First seen:	2021-05-05 09:07:41 UTC
Last seen:	2021-05-05 10:05:44 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	c6be910da0707f87de7b5801f87f4bc9 (1 x Worm.Virut)
ssdeep	3072:PMUIAc4Buub4C6c5Q3eSjlR+8qxLijgJyfFOG83Yj34YFnw6OC2c9cBAui7V66:5IAc4Bk3lRGOUZGKc4YFnwjCpWS96
Threatray	1'121 similar samples on MalwareBazaar
TLSH	C014F1017740A274D8D122B0819AB7B90239B9B14F1812DB93D86EFFBDF4782AD3575B
Reporter	Libranalysis
Tags:	Worm.Virut

Libranalysis

Uploaded as part of the sample sharing project

Intelligence

File Origin

# of uploads :

2

# of downloads :

131

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Zeus

Link:

https://www.capesandbox.com/analysis/150214/

Detection(s):

SecuriteInfo.com.Win32.Virtob.Gen.12.22138.5837.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a UDP request

Connection attempt

Sending a TCP request to an infection source

Unauthorized injection to a browser process

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d8564dbe6928ead975f5c2324f15d1a02d46a58607a1446a6666d0783c5f5024/

Threat name:

Win32.Virus.Virut

Status:

Malicious

First seen:

2020-05-05 15:43:09 UTC

AV detection:

26 of 28 (92.86%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3ble3ptjfdvns5pvyize6foruawunjmga6qui2tgm3ihqpc7kasa._file

Verdict:

malicious

Similar samples:

173240b443fdb5cc7ed97cf6eedeb0d823924df3dab6d468c9da2898443f3ac6

1bceb4e84115eabb8bf3df704b5cc014834ca08b126451ae95d60a968e66d666

37ad471d4b3ea1644bb111bacdf6306189214c900ee8882c3b85cab7d5a67351

3b8dd3bc950e31064f5fe058ed3e8c25f082bef1f42e1426760cc6f8fef14821

8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047

8fa3eaa46c7d8d1f44a2eeca895f802f2aa7a2251bab347ccb765c72d63ccb58

af05a9b5f7ed6483d7f10ea0e521e0a15fd90d224ca04a9665991ab630a54991

d1597e584fec8eb356aa5c831045b2ce68531e69fe70436fa3ca0d8dd1d90ca7

d9ace2d97010316fdb0f416920232e8d4c59b01614633c4d5def79abb15d0175

e3ac84aeb4c0a6606a5e385327f371c36335954f27ec4151d616fbb73d466e37

+ 1'111 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

evasion

Link:

https://tria.ge/reports/210505-wmwnasec5s/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Drops file in Drivers directory

Modifies firewall policy service

Unpacked files

SH256 hash:

d8564dbe6928ead975f5c2324f15d1a02d46a58607a1446a6666d0783c5f5024

MD5 hash:

98b4d7f181683a47d13f0848140da7e8

SHA1 hash:

5c1944e06c6726268481a07d8febb032f4b1cbbc

Link:

https://www.unpac.me/results/36e4f476-b9d1-4eb5-9038-fbe23d6a9479/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/150214/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample