MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea483b01f53c950bbb8531487f0516d278388b96ef480ae786a009159acf29a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea483b01f53c950bbb8531487f0516d278388b96ef480ae786a009159acf29a5
SHA3-384 hash: 0ed206803bf3ed871ae4e486cd9df2ad7037aadb1fcb5ef3feaf15fa5572183699687dd12127af16ca5be87823694728
SHA1 hash: eb18c363fcf706fc8bdcfc26187d9d1ab3cab087
MD5 hash: 4476d99fc8f4c91bbafdfc1bcbb4bff5
humanhash: south-wolfram-blossom-twenty
File name:SecuriteInfo.com.Win64.PWSX-gen.17669.24642
Download: download sample
File size:12'288 bytes
First seen:2023-06-29 12:35:15 UTC
Last seen:2023-06-29 13:21:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 192:QqwFkb7H0rKTW2eOdgR82YR7bf6X15V87W1tfC8XLfJh6myRRW35DOeXlseXl41O:oUTcOdgRT26X1Ssq8HHBq+y+r
Threatray 31 similar samples on MalwareBazaar
TLSH T15642F9049FEC0277E8AB03BDA97357404739F6B77613EF2A29DC619A2C4124559223F7
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
277
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Win64.PWSX-gen.17669.24642
Verdict:
Malicious activity
Analysis date:
2023-06-29 12:37:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/950c4c38-871b-4858-9227-423ed7338a5c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/403762/
Detection(s):
SecuriteInfo.com.Win64.PWSX-gen.17669.24642.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Creating a window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/649d7ab52aeaabaa7b77cda6/reports/94c5ce56-6124-4f12-837d-bdef0621a302/overview
Verdict:
Malicious
Labled as:
Tedy.Generic
Link:
https://www.hybrid-analysis.com/sample/ea483b01f53c950bbb8531487f0516d278388b96ef480ae786a009159acf29a5
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/8634c84f-b67e-4cbf-b7ae-025dc07ea450
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1263238
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ea483b01f53c950bbb8531487f0516d278388b96ef480ae786a009159acf29a5/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2023-06-29 08:44:24 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5jedwapvhskqxo4fgfeh6biw2j4drc4w55eavz4guaerlgwpfgsq._file
Verdict:
malicious
Similar samples:
06dc6394565b70ac8efd2cc98225cf3ec9b5f7711e036189b186340c591e4f67
3956c21824bc18caca2523381ce3fa113e40d5e7f47bf2a05d65f2a1a27a3f1d
3e24e97aba6e7432395abc346ee3484b9dbadbe803a046a84ea41529d6ed8c89
6174638ee97b4984047d575745f84d6a41e286bca39f8eca1924860b0eb545ff
670bc9a86f72af2ab43a89c576a4e1874ce188b35a1f5656ea27f4b7ac3d5f09
752cd9b98abfd8737d90c300de0ffb7c471a0b94a8a6f870931a7d69ac424281
7e5db4d74733c673a834aed6ad6e3e312444d8d89974ed47482762ec2f364c8e
a566a538d325ee3da4c86712b3cf4b305d35b2612e2112cfa8f76b511e036e06
ac8608bc5b4c0f07e986efa1965ea77825ef430b4c7699e569a43877aeebc6a5
d73dbd022ae04284c10281b7aad42b0b80d45deec6beee79858e635a43627f65
+ 21 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230629-psw94ada36/
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
ea483b01f53c950bbb8531487f0516d278388b96ef480ae786a009159acf29a5
MD5 hash:
4476d99fc8f4c91bbafdfc1bcbb4bff5
SHA1 hash:
eb18c363fcf706fc8bdcfc26187d9d1ab3cab087
Link:
https://www.unpac.me/results/d150f3cf-9eec-430a-a2a5-89bd31944482/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ea483b01f53c950bbb8531487f0516d278388b96ef480ae786a009159acf29a5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/403762/

Comments