MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e813b7ca003c8c13c0f1e9feb2e62190df2fb08b3ac3f5ecd30f3abc961232ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.Generic


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e813b7ca003c8c13c0f1e9feb2e62190df2fb08b3ac3f5ecd30f3abc961232ce
SHA3-384 hash: 564f80b19c2f9ef71f54795c076cc1ee718d0d9a3f9e9c8e7a73aa4851891d68b996907a636c1b9326658475a0d0bf62
SHA1 hash: 476b1e86627c52edb9a133c1945598d1abaef2dd
MD5 hash: 21f48fe74e4d8fe827f217bee2be54a7
humanhash: charlie-seventeen-comet-carpet
File name:Cheat.exe
Download: download sample
Signature Adware.Generic
Create hunting rule
File size:31'034'059 bytes
First seen:2023-12-22 15:24:29 UTC
Last seen:2023-12-22 17:15:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e569e6f445d32ba23766ad67d1e3787f (270 x Adware.Generic, 41 x RecordBreaker, 24 x RedLineStealer)
ssdeep 786432:s+XVHW5Vlae8/M8WeQag3Z5ksG95EGNL1B4FMm:s8U5WRE8PQag3ZJM2GN8
TLSH T11567332FF264713ED48F5B3145B3A61099BBBEA1691A4C2E53FC340CDF715600E3A6A9
TrID 39.3% (.EXE) Inno Setup installer (107240/4/30)
21.1% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
15.7% (.EXE) InstallShield setup (43053/19/16)
15.2% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
3.8% (.EXE) Win64 Executable (generic) (10523/12/4)
File icon (PE):PE icon
dhash icon 5050d270cccc82ae (112 x Adware.Generic, 77 x OffLoader, 43 x LummaStealer)
Reporter Anonymous
Tags:Adware.Generic exe


Avatar
Anonymous
Retrieved from https://github.com/Filmans/WinLocker/releases/download/winlocker/Cheat.exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
434
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://objects.githubusercontent.com/github-production-release-asset-2e65be/644086411/ea4dca6b-6461-4cb7-b4ef-3525be4de78d?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231222%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231222T152310Z&X-Amz-Expires=300&X-Amz-Signature=4313a1b467e80790d3f7e3afe3658d0a6422bd82d7b5f3ca98e533d9482725a7&X-Amz-SignedHeaders=host&actor_id=21245760&key_id=0&repo_id=644086411&response-content-disposition=attachment%3B%20filename%3DCheat.exe&response-content-type=application%2Foctet-stream
Verdict:
No threats detected
Analysis date:
2023-12-22 15:27:43 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b02fe0ca-11a7-4e19-978f-fe91eeb96868

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control installer lolbin overlay packed setupapi shell32
Link:
https://www.filescan.io/uploads/6585aa51f4b6e5e16354d695/reports/68c17368-9b8b-4361-bdcb-06febafeb66f/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/e813b7ca003c8c13c0f1e9feb2e62190df2fb08b3ac3f5ecd30f3abc961232ce
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
3 / 100
Link:
https://www.joesandbox.com/analysis/1366286
Behaviour
Behavior Graph:
n/a
Score:
20%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/e813b7ca003c8c13c0f1e9feb2e62190df2fb08b3ac3f5ecd30f3abc961232ce
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5aj3psqahsgbhqhr5h7lfzrbsdps7melhlb7l3gtb45lzfqsglha._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/231222-stmc3abfa4/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Executes dropped EXE
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e813b7ca003c8c13c0f1e9feb2e62190df2fb08b3ac3f5ecd30f3abc961232ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Adware.Generic

Executable exe e813b7ca003c8c13c0f1e9feb2e62190df2fb08b3ac3f5ecd30f3abc961232ce

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2743687/

Comments