MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e394e7da62d1b272f3bec28cc075485cef04cda0d18c834d7133fbe3cacbb909. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	e394e7da62d1b272f3bec28cc075485cef04cda0d18c834d7133fbe3cacbb909
SHA3-384 hash:	0782a8cb0c19d1045d4a6b82b24073806e5b97a63e5dd9e31e61150be171cc71f31f10b63d8ef7998d28891133929fb2
SHA1 hash:	fc98b2cb81fcaacdc7be9eddae71afc530899681
MD5 hash:	301375233c096c22c6002644f9d77233
humanhash:	echo-ohio-beryllium-venus
File name:	SecuriteInfo.com.Trojan-PWS.Win32.Gamec.15149.13956
Download:	download sample
File size:	887'296 bytes
First seen:	2023-06-08 16:28:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bfcb746239efa7e6aa5dfcb91447d6d8
ssdeep	24576:DCeoB9eZIAejF9a8kh5YEJSkHbmfcOzVk8u5ap:+e8eSNqbekH8c8c
TLSH	T1551523CEEB4509B2F20072711FDBF7074A05A4C6146A2E5F5825E52ECF37AA01EA47F6
TrID	42.6% (.EXE) Win32 Executable (generic) (4505/5/1) 19.2% (.EXE) OS/2 Executable (generic) (2029/13) 18.9% (.EXE) Generic Win/DOS Executable (2002/3) 18.9% (.EXE) DOS Executable Generic (2000/1) 0.2% (.VXD) VXD Driver (29/21)
File icon (PE):
dhash icon	fa99b8f4f8d994c4
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

268

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Trojan-PWS.Win32.Gamec.15149.13956

Verdict:

No threats detected

Analysis date:

2023-06-08 16:34:10 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/2dba875d-0937-46b7-8a96-22ddf819f4a2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/397019/

Detection(s):

SecuriteInfo.com.Trojan-PWS.Win32.Gamec.15149.13956.UNOFFICIAL

SecuriteInfo.com.Trojan-PWS.Win32.Gamec.15511.16779.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Searching for synchronization primitives

Using the Windows Management Instrumentation requests

Creating a file

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

lolbin packed shell32.dll

Link:

https://www.filescan.io/uploads/648201d053bdc73e916f4bb1/reports/eaa9a189-1175-4fc1-8208-6efc5c471136/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/e394e7da62d1b272f3bec28cc075485cef04cda0d18c834d7133fbe3cacbb909

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/352923e2-da3e-48b2-a662-8cb774e696a4

Result

Threat name:

n/a

Detection:

malicious

Classification:

spyw

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1251416

Signature

Contains functionality to modify clipboard data

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e394e7da62d1b272f3bec28cc075485cef04cda0d18c834d7133fbe3cacbb909/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4okopwtc2gzhf456ykgma5kiltxqjtna2ggigtlrgp56hswlxeeq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

upx

Link:

https://tria.ge/reports/230608-ty8mjagg84/

Behaviour

Enumerates physical storage devices

UPX packed file

Unpacked files

SH256 hash:

e394e7da62d1b272f3bec28cc075485cef04cda0d18c834d7133fbe3cacbb909

MD5 hash:

301375233c096c22c6002644f9d77233

SHA1 hash:

fc98b2cb81fcaacdc7be9eddae71afc530899681

Link:

https://www.unpac.me/results/5f45a864-757c-4a88-ab9c-a9d29748ed39/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e394e7da62d1b272f3bec28cc075485cef04cda0d18c834d7133fbe3cacbb909

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/397019/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample