MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0162e920bcd8f86cde4d211edafbf9f268c6a966ac8566537836eded4c77c85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	f0162e920bcd8f86cde4d211edafbf9f268c6a966ac8566537836eded4c77c85
SHA3-384 hash:	91fa8283a4e9847360494a55383e0b27159a0b9f09eb2cd559e2a28e00df159d864e3773e3b39d856e38fec965e7731e
SHA1 hash:	a8ca42a38ebaa42fba9921e6d4b81089f5bf5602
MD5 hash:	122c8e5c264c357e3fe73b72e5f21bb8
humanhash:	muppet-mexico-sink-video
File name:	SecuriteInfo.com.PUA.CoinMiner.2664.30245
Download:	download sample
File size:	20'480 bytes
First seen:	2024-01-28 09:30:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f20db28d4db163b97ebff1ae6ecf0a80
ssdeep	384:4MinaHaryST6VpmE0RXSWaWUO4oRFcW049USVo4jPjJl9N/yHG:4MiCar6Vc5RXAWUO42FcWF9UyVN/ym
TLSH	T16F92E1123F1F0689CBA871B4BA37A126F7F91BC18C72977D334588863FC96145DC564A
TrID	44.4% (.EXE) Win64 Executable (generic) (10523/12/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

305

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

05-11-2023_5OynSAoQPS29OfR.zip

Verdict:

No threats detected

Analysis date:

2023-11-05 23:12:17 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/caae63f9-c3c6-45cb-a3e8-c65680c39f64

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/473245/

Detection(s):

SecuriteInfo.com.PUA.CoinMiner.2664.30245.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

coinminer packed packed upx

Link:

https://www.filescan.io/uploads/65b61ed73af306d5bedd69eb/reports/c63e1e65-428d-4023-b3eb-3070fc61b8d7/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_70%

Link:

https://www.hybrid-analysis.com/sample/f0162e920bcd8f86cde4d211edafbf9f268c6a966ac8566537836eded4c77c85

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/d31516e7-9ede-4885-937c-8ae280eb5c7c

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1382273

Signature

Contains functionality to inject threads in other processes

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

PE file has nameless sections

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/f0162e920bcd8f86cde4d211edafbf9f268c6a966ac8566537836eded4c77c85

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f0162e920bcd8f86cde4d211edafbf9f268c6a966ac8566537836eded4c77c85/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=6alc5eqlzwhyntpe2ii63l57t4tiy2uwnlefmzjxqnxn5vghpscq._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/240128-lg2hwshgaq/

Behaviour

Suspicious behavior: EnumeratesProcesses

Unpacked files

SH256 hash:

f0162e920bcd8f86cde4d211edafbf9f268c6a966ac8566537836eded4c77c85

MD5 hash:

122c8e5c264c357e3fe73b72e5f21bb8

SHA1 hash:

a8ca42a38ebaa42fba9921e6d4b81089f5bf5602

Link:

https://www.unpac.me/results/251ca0cd-0478-4038-91a5-533e42eb7b07/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.44

Link:

https://yomi.yoroi.company/submissions/f0162e920bcd8f86cde4d211edafbf9f268c6a966ac8566537836eded4c77c85

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/473245/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample