MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee9d99a09e56c71072f7ea7e53d36d02e53d2e9dabd029fe0820fada596178b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee9d99a09e56c71072f7ea7e53d36d02e53d2e9dabd029fe0820fada596178b6
SHA3-384 hash: 21b976a809a6b93824cd7ad7068d2cfe02b5af61c2539edc452b2a96276a1b3a1285d732f513eda55e556824af42ec76
SHA1 hash: f3e928f84fbdcd36d4be06fa3d05af91886284b7
MD5 hash: b47305de0a90c3ab1de429dbf70f2027
humanhash: golf-zebra-sink-zebra
File name:104723298.exe
Download: download sample
File size:393'728 bytes
First seen:2022-08-02 11:00:54 UTC
Last seen:2022-08-02 11:01:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ef471c0edf1877cd5a881a6a8bf647b9 (83 x Formbook, 33 x Loki, 31 x Loda)
ssdeep 12288:KOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiQH/:Kq5TfcdHj4fmbRH
Threatray 1'264 similar samples on MalwareBazaar
TLSH T1718401E1B5EC8951FBF22A3365790E210B3BBF519C79C64D1DB4788C28739426EA0736
TrID 35.7% (.EXE) UPX compressed Win32 Executable (27066/9/6)
35.0% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.9% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 969696698e92b296
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
255
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
百度一下.exe.7z
Verdict:
Malicious activity
Analysis date:
2022-04-04 18:29:07 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4480fa26-257d-403f-8b3d-6da7ad030b0d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/295817/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Launching a process
Unauthorized injection to a recently created process
Searching for the browser window
Searching for the window
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/28057/overview
Behaviour
MalwareBazaar
CheckNumberOfProcessor
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
autoit greyware packed strictor
Link:
https://www.filescan.io/uploads/62e904669ca9b9bfcbe4ee80/reports/1a5740bc-0e15-43ed-ac75-cc14cd4fd6e0/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a706b555-027e-463c-90b9-2f0e2a3058ee
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1044788
Signature
Antivirus / Scanner detection for submitted sample
Binary is likely a compiled AutoIt script file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee9d99a09e56c71072f7ea7e53d36d02e53d2e9dabd029fe0820fada596178b6/
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2015-09-23 12:21:54 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
18 of 40 (45.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=52oztie6k3dra4xx5j7fhu3nalst2lu5vpict7qied5nuwlbpc3a._file
Verdict:
malicious
Similar samples:
07b55ae89038136fc1da21d2aaea7b9e6d17ea18843d26f9bbcad7124eb5f1be
1656c8b0d2cf6a2c990f87b2774a242cccc62ce6b9cd725cc5d5b3ef46585734
5c1ef7cfd4682402744f14978af8383c9153e52db9ecf4926596b898f1dd32da
5c6e6b2ac1dd3b79f6bd5de563d90e9614d75a2f33dbde962dd708242e6eb1b8
61004944921826aa2cdf48c60720daa7e45a6694606ce82e62ea38c655856c0f
68dfd4d506b49f1ac0345d9507835df35a25aca5df2fb52396e66af443f9feca
782fa714fdc51cee0a898e99f98093833524a280d11dbe52aa74b4e18b37262c
98011c4066f47e8f3628772faeae182566a68c9829eb9206b04115b307c42f5a
bd49dbc39747130c1e76ad9ce9579a8d4fe5ea95ef5ade5568db2b398c072327
+ 1'254 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence upx
Link:
https://tria.ge/reports/220802-m4jr2afcdq/
Behaviour
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
AutoIT Executable
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Registers COM server for autorun
Sets file execution options in registry
UPX packed file
Unpacked files
SH256 hash:
ee9d99a09e56c71072f7ea7e53d36d02e53d2e9dabd029fe0820fada596178b6
MD5 hash:
b47305de0a90c3ab1de429dbf70f2027
SHA1 hash:
f3e928f84fbdcd36d4be06fa3d05af91886284b7
Link:
https://www.unpac.me/results/22f7f9eb-645a-4f27-be82-97494a09952f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.25
Link:
https://yomi.yoroi.company/submissions/ee9d99a09e56c71072f7ea7e53d36d02e53d2e9dabd029fe0820fada596178b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/295817/

Comments