MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 edbe03f74167f65d2c416d8dd7dd809ecbcc39b1dcdbd9fb8a7797503170e5db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: edbe03f74167f65d2c416d8dd7dd809ecbcc39b1dcdbd9fb8a7797503170e5db
SHA3-384 hash: 607c81f33ddccc91b95876ed448eb24b553a3a453c76d8d7974e14a2c53e8e3ad6c990cd46962386f4fae78c774b4b77
SHA1 hash: 22f45518e1427cf9965ee8da400f1d05b9736438
MD5 hash: 9f52f0ddebef7dae9a591cebf727d9ef
humanhash: colorado-network-oxygen-finch
File name:Autodesk_AutoCAD_2023_License_keygen_by_KeyGenGuru.exe
Download: download sample
File size:2'236'094 bytes
First seen:2024-08-26 17:38:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bc758c921c6e0fda5a933c5b8a3c02e9 (2 x LummaStealer, 1 x RaspberryRobin, 1 x AsyncRAT)
ssdeep 49152:k1hZXsEWG8ZyKyWoMdUeruPBFO2G73MEAmTP:eh79tjW3Uh5E2k6CP
Threatray 16 similar samples on MalwareBazaar
TLSH T150A5125AF3E518F8E473D639CD060697F5B67C111B60974F27A0262A2F233A19E3E721
TrID 92.4% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.6% (.EXE) Win64 Executable (generic) (10523/12/4)
1.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
0.7% (.EXE) OS/2 Executable (generic) (2029/13)
0.6% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (904 x DCRat, 486 x NirCmd, 172 x RedLineStealer)
Reporter aachum
Tags:exe pass-12345


Avatar
iamaachum
https://keygen.run/qa/autodesk-autocad-2023-license-key-full-version-win-038-mac/ => https://uploadify.pro/t/b8e079f85a7390r31.html? => https://get.gigaload.pro/d/download.php?p=bmFtZT1BdXRvZGVzaytBdXRvQ0FEKzIwMjMrTGljZW5zZStLZXkrRnVsbCtWZXJzaW9uKyUyOFdpbislMjYrTWFjJTI5JnRvcF9yYXRlZD0xJnRvcF9yYXRlZF9oYXNoPSZpZD1iZTE0ZTIyZThmJnR5cGU9a2V5Z2VuJmNudD0yJnN3PTEwMjQmc2g9NzY4JnNkPTI0JmNhcHRjaGE9JmJrPSUyRnQlMkZmYTM0MmI3MzI2NzM4ODJyOS5odG1sJnB3ZD0xMjM0NSZzb3VyY2U9a2V5Z2VuLnJ1biZpcGdlbz04NS41My4xODEuMTY4JmlwcmF3PTg1LjUzLjE4MS4xNjgmaG9zdD11cGxvYWRpZnkucHJvJmRjMT1mOTM5YjZkZWI4N2RmMTU4YjFiZmI4YTJhN2UxOWFhMCZkYzI9ZTQ2NTQ0ZmI1MDlhMjc3OGVkNjIxZGM4MGVjOGRiNTcmZGNudD0w&h=be91d864b230533ff89e57ec12ae49f0

Intelligence

File Origin
# of uploads :
1
# of downloads :
381
Origin country :
ES ES
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Autodesk_AutoCAD_2023_License_keygen_by_KeyGenGuru.exe
Verdict:
No threats detected
Analysis date:
2024-08-26 17:40:37 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c3402555-a7d5-49bb-afeb-810207076d37

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.FileRepMalware.16692.2934.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66ccbdb8e7ff3f5a063c0569
Tags:
Encryption Static
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm fingerprint installer lolbin microsoft_visual_cc overlay packed setupapi sfx shdocvw shell32
Link:
https://www.filescan.io/uploads/66ccbdb761f4e2a6865c2e72/reports/8e02b0fd-52db-40cd-a3b5-5bf860900fd5/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/edbe03f74167f65d2c416d8dd7dd809ecbcc39b1dcdbd9fb8a7797503170e5db
Malware family:
WinRAR
Create hunting rule
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/feab2c81-8b2a-4548-b880-0f154f31143d
Score:
54%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/edbe03f74167f65d2c416d8dd7dd809ecbcc39b1dcdbd9fb8a7797503170e5db
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/edbe03f74167f65d2c416d8dd7dd809ecbcc39b1dcdbd9fb8a7797503170e5db/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-08-26 17:39:05 UTC
File Type:
PE+ (Exe)
Extracted files:
38
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5w7ah52bm73f2lcbnwg5pxmat3f4yonr3tn5t64ko6lvamlq4xnq._file
Verdict:
unknown
Similar samples:
19893404be43526a387fe6515809c799a524af03939b5916269fe9067c82524a
2295c55cebabfc69575dfd557a85d8a0200125cff624cd8fb6aa10e56bf0cb26
259de99ae56fc5101dc5e0d8a2f3b23d06de6d89b55c44b7b5c2675175a8ac51
5c8b8cb2444a1a89bf1a1c77150a942bf27c554cb0148c6b9547dfb01941d94f
63d9319414c01f4172c4fdb53645cfd848f380bdc08ed3c1cb83bacb715b6770
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240826-v8anxsxgrp/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/10da9135-d5c3-4554-92a6-4737ecd07750
Unpacked files
SH256 hash:
edbe03f74167f65d2c416d8dd7dd809ecbcc39b1dcdbd9fb8a7797503170e5db
MD5 hash:
9f52f0ddebef7dae9a591cebf727d9ef
SHA1 hash:
22f45518e1427cf9965ee8da400f1d05b9736438
Link:
https://www.unpac.me/results/23cb85e7-64cb-4d00-8e1b-340eef00c510/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/edbe03f74167f65d2c416d8dd7dd809ecbcc39b1dcdbd9fb8a7797503170e5db

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe edbe03f74167f65d2c416d8dd7dd809ecbcc39b1dcdbd9fb8a7797503170e5db

(this sample)

AZORult

Executable exe 8e0b16cb20b4e833537bc17f619a3f013fbec5da1d11063561496bdd89985fc2

  
Link
https://tria.ge/240826-vyqbmawckh
  
Dropping
SHA256 8e0b16cb20b4e833537bc17f619a3f013fbec5da1d11063561496bdd89985fc2
  
Dropping
SHA256 b08a4b2e818c2cea901bf41daa162722ded8a3136a38c207538ac913eb8767d7
  
Dropping
SHA256 3701e89a871bcd41d4acd221aa855fad14f9fbafbc21da9695b5084951e561c7
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (FORCE_INTEGRITY)high
Reviews
IDCapabilitiesEvidence
GDI_PLUS_APIInterfaces with Graphicsgdiplus.dll::GdiplusStartup
gdiplus.dll::GdiplusShutdown
gdiplus.dll::GdipAlloc
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::AllocConsole
KERNEL32.dll::AttachConsole
KERNEL32.dll::WriteConsoleW
KERNEL32.dll::FreeConsole
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateHardLinkW
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileMappingW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::MoveFileExW

Comments