MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e141dfc05ea821775ef7c4e337d6468ebb68572c8a90d8704d62873db0ef949c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e141dfc05ea821775ef7c4e337d6468ebb68572c8a90d8704d62873db0ef949c
SHA3-384 hash: 7567dbd4cabc9a96c2a48b1957ed934b52eacfd006078bde51662297708e2f1b734e698c9f5b097cc83d186e53164390
SHA1 hash: 6830b0174f89472a3822446df2371692fa766ac7
MD5 hash: aca8199513333f5f293e4465cd72c954
humanhash: carbon-oregon-bravo-seven
File name:SecuriteInfo.com.W32.Agent.CE13.tr.5254.32139
Download: download sample
File size:3'878'330 bytes
First seen:2023-07-09 06:27:35 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash deba71fcd4e68e93af678f2a5e291977
ssdeep 49152:V4tj+s8KuqGaX0ToIBAUZLYHx+KwWJdbS0Bib3wf:+mJBAUZL+x+KwWJxZaU
Threatray 50 similar samples on MalwareBazaar
TLSH T1CA06AE44EE808757E08218B3CE36F56DB36AFE920DC5DE07728D7A091DF5642A5C90EB
TrID 43.2% (.EXE) Win32 Executable Microsoft Visual Basic 6 (82067/2/8)
14.2% (.EXE) UPX compressed Win32 Executable (27066/9/6)
14.0% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
8.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
6.9% (.SCR) Windows screen saver (13097/50/3)
Reporter SecuriteInfoCom
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
275
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/412240/
Detection(s):
SecuriteInfo.com.W32.Agent.CE13.tr.5254.32139.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm explorer greyware lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/64aa537fdbb9e835463f368c/reports/6c3d77ca-5afa-4cc8-a623-05ec87ee8e66/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/e141dfc05ea821775ef7c4e337d6468ebb68572c8a90d8704d62873db0ef949c
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b436580c-b84e-4dc2-98f6-0108022fda9b
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1271134
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1271134 Sample: SecuriteInfo.com.W32.Agent.... Startdate: 11/07/2023 Architecture: WINDOWS Score: 52 29 Multi AV Scanner detection for submitted file 2->29 31 Machine Learning detection for sample 2->31 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 1 8->14         started        16 8 other processes 8->16 process5 18 rundll32.exe 10->18         started        20 WerFault.exe 9 12->20         started        22 WerFault.exe 3 9 14->22         started        process6 24 WerFault.exe 22 9 18->24         started        dnsIp7 27 192.168.2.1 unknown unknown 24->27
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e141dfc05ea821775ef7c4e337d6468ebb68572c8a90d8704d62873db0ef949c/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4fa57qc6vaqxoxxxytrtpvsgr25wqvzmrkinq4cnmkdt3mhpssoa._file
Verdict:
unknown
Similar samples:
45982d6a7674a3ff4d2f28e95963d74729e0cb3059c08ef2e4c235182bf4591d
485a5454645f5d90d1b3097336b08dcaa9d4b49db9738a2f953e81081002600d
6ce171619dd97a51a8d5e6a4eaeea86f4fea6ed400c9e0a879b690b4fbd0a6b4
837b440949fc77add8605b039270d7c479f63b8d1e0e8a45c8da16d20858ba0f
83e11774e75ac33d5e754c051e42a87c516a646d78d06375d8c345761fca7e77
8e6ab3fa1fd0a8bcef6b042cd9f0120847180ec1e57b10c28336ace670470e22
94b85015bb3beb57e1810aec53712b8158fa10e3a970b0ee65484be34b3073cd
bfe85700c95ee65a50c47769f003c792d9b7cc407359a6d6df795c3bbb3fef8b
c5d24b4a21b5ce63ea8752778e37059f9fd0f4d738b760f6c03b2b902f67f848
+ 40 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
upx
Link:
https://tria.ge/reports/230709-g8bz4aah94/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
UPX packed file
Unpacked files
SH256 hash:
d442177f8a058b40ad5172eec3bd800f1a04bb8cbe4fad0b539132f0cef279c2
MD5 hash:
f12ee9e2413801a779ccff7e70a255d9
SHA1 hash:
1c53f865aac9a6bd8f0a549e42a3f1daeb5aa569
Link:
https://www.unpac.me/results/b86b742b-429f-4102-8634-7703ec5399c6/
SH256 hash:
e141dfc05ea821775ef7c4e337d6468ebb68572c8a90d8704d62873db0ef949c
MD5 hash:
aca8199513333f5f293e4465cd72c954
SHA1 hash:
6830b0174f89472a3822446df2371692fa766ac7
Link:
https://www.unpac.me/results/b86b742b-429f-4102-8634-7703ec5399c6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e141dfc05ea821775ef7c4e337d6468ebb68572c8a90d8704d62873db0ef949c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/412240/

Comments