MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ddc1c7e7121e391e79469de093c830163f27aed010d8fec02efc4c2dab990d86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ddc1c7e7121e391e79469de093c830163f27aed010d8fec02efc4c2dab990d86
SHA3-384 hash: aee0fb4f73631c6e729a71aa10f2cd4b92dc7a155ed19e9187d9971a992d7e8569bc99578fd75ff8c18d10f37e7fb879
SHA1 hash: 0553b4e844d31a23acc8145a220e12b2e3644157
MD5 hash: ceba74be4e4ba642243da4d46cb86e71
humanhash: blossom-enemy-mockingbird-artist
File name:weird_thing.exe
Download: download sample
File size:3'275'699 bytes
First seen:2023-01-25 14:30:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 55434999759dc441540a18ca96a7f43b
ssdeep 49152:bH/av7zZrBdDE1uD0bZYdE8zlz5hyMXq8PlYD0:bHQZrBdMYNzlz5hyMXq8PlYD0
TLSH T1A6E5A45369DFCD95CDC667B45D8312356734BE318A2F1E2AE608C23DEB1F6C4A91AB00
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 9669d0a8a9d26498
Reporter JaffaCakes118
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
189
Origin country :
GB GB
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/356752/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Running batch commands
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/63011/overview
Behaviour
MalwareBazaar
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug greyware overlay shell32.dll spyeye
Link:
https://www.filescan.io/uploads/63d13d27447edb203a00efd2/reports/a6c03270-bfee-4604-9404-08619b65de2e/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/422ecd57-1d4c-4b68-bede-b2269d186e9d
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
5 / 100
Link:
https://www.joesandbox.com/analysis/1158777
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ddc1c7e7121e391e79469de093c830163f27aed010d8fec02efc4c2dab990d86/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-01-18 03:34:17 UTC
File Type:
PE+ (Exe)
Extracted files:
3
AV detection:
4 of 26 (15.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3xa4pzysdy4r46kgtxqjhsbqcy7splwqcdmp5qbo7rgc3k4zbwda._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230125-rvpzxaab81/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
ddc1c7e7121e391e79469de093c830163f27aed010d8fec02efc4c2dab990d86
MD5 hash:
ceba74be4e4ba642243da4d46cb86e71
SHA1 hash:
0553b4e844d31a23acc8145a220e12b2e3644157
Link:
https://www.unpac.me/results/c1a019a6-fce9-4c1c-9542-6fc47b1ca914/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.96
Link:
https://yomi.yoroi.company/submissions/ddc1c7e7121e391e79469de093c830163f27aed010d8fec02efc4c2dab990d86

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Disable_Defender
Create hunting rule
Author:iam-py-test
Description:Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ddc1c7e7121e391e79469de093c830163f27aed010d8fec02efc4c2dab990d86

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/356752/

Comments