MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3f1a687b8d7fa7e79db790ae7dbf6fd255b17e127f6d6cfd240e1a6fec09e0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	e3f1a687b8d7fa7e79db790ae7dbf6fd255b17e127f6d6cfd240e1a6fec09e0f
SHA3-384 hash:	a2a6ed4694c27d8ce98c18bc9e2625c5e84e8b331e500e84d1347082557b84c911758338679f24abfe6c1b9ffaf1832b
SHA1 hash:	6faaa39db238500e9c37479e6085f9aa224b9978
MD5 hash:	154fa541231de8534505492dfa135243
humanhash:	table-undress-equal-lion
File name:	mavinject32.exe
Download:	download sample
File size:	2'355'690 bytes
First seen:	2022-04-17 04:29:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ead69853b7cb1b3bd5e661d99b54cf07
ssdeep	49152:hlj4oJdXN0BMOwLloBrugCCIabjKoh9W2v9M:HJdXN0B7+sBIabjKoh9WG9
TLSH	T1CDB5280EFE108D35D02604B66996831E55A47D60C6235E87B3807EDDFBF1FC26AA7632
TrID	71.0% (.CPL) Windows Control Panel Item (generic) (197083/11/60) 11.2% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 5.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 3.7% (.EXE) Win64 Executable (generic) (10523/12/4) 2.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
Reporter	adm1n_usa32
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

343

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

mavinject32.exe

Verdict:

Suspicious activity

Analysis date:

2022-04-17 04:28:20 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/1c50df8b-f55e-41ef-beb0-0a5481fe74d2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/264145/

Detection(s):

Win.Trojan.Generic-9862772-0

Win.Malware.Midie-9866099-0

Win.Malware.Midie-9866100-0

Win.Malware.Bulz-9870239-0

Win.Malware.Dqan-9882956-0

Win.Packed.Pidgeon-9909600-0

Win.Malware.Generic-9936057-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/14050/overview

Behaviour

MalwareBazaar

MeasuringTime

EvasionQueryPerformanceCounter

CheckCmdLine

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/625b97cb482f2f41cac120fa/reports/75cd393b-c4f4-4a33-90e2-65702cf645ca/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2dd10c21-293f-47ca-9259-dd366615ce9b

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/977782

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e3f1a687b8d7fa7e79db790ae7dbf6fd255b17e127f6d6cfd240e1a6fec09e0f/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2021-05-30 13:31:25 UTC

File Type:

PE (Exe)

Extracted files:

229

AV detection:

11 of 42 (26.19%)

Threat level:

5/5

Verdict:

unknown

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220417-e4tcgahfcj/

Unpacked files

SH256 hash:

e3f1a687b8d7fa7e79db790ae7dbf6fd255b17e127f6d6cfd240e1a6fec09e0f

MD5 hash:

154fa541231de8534505492dfa135243

SHA1 hash:

6faaa39db238500e9c37479e6085f9aa224b9978

Link:

https://www.unpac.me/results/3b5bb767-b532-4013-9d96-e9462b0ef57b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/e3f1a687b8d7fa7e79db790ae7dbf6fd255b17e127f6d6cfd240e1a6fec09e0f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/264145/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample