MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f05717a64218e6b687c3675ce9f8e3c774d82d81eb0f1f0befd4286ed1947f37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f05717a64218e6b687c3675ce9f8e3c774d82d81eb0f1f0befd4286ed1947f37
SHA3-384 hash: 2a859427db70787e102310d4dd17745f2ac100e319170678cacab00cf47f840c2df33ff93653c0a4bb7a4d4c36fcf4af
SHA1 hash: 7964e27c7320eb69a741346ba00f2df50d6f4907
MD5 hash: f00bfe5874529e457af2ac411f8050d9
humanhash: burger-florida-virginia-kentucky
File name:f05717a64218e6b687c3675ce9f8e3c774d82d81eb0f1f0befd4286ed1947f37
Download: download sample
File size:315'208 bytes
First seen:2022-04-05 07:23:02 UTC
Last seen:2022-04-05 08:07:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2b8714d949689cf253d380f5bff2ecff
ssdeep 6144:ybLJPSzyAAy9DeVftJG87mHaUHH1o+0LQAmCVEaVzW5ehXphi+hhYRbEiYiitrF9:yhSeAAy9kqZ5Z3CVHFW5Whi+hk8HYE
Threatray 18 similar samples on MalwareBazaar
TLSH T1AA64128255499CCACC5109B278A6CE305A74678D55F88A5B33F6F619CAB33D03CAFD0E
File icon (PE):PE icon
dhash icon a2b2a8b6aa968e8e
Reporter JAMESWT_WT
Tags:Cerulean Studios LLC exe signed

Code Signing Certificate

Organisation:Cerulean Studios, LLC
Issuer:Sectigo Public Code Signing CA R36
Algorithm:sha384WithRSAEncryption
Valid from:2022-03-22T00:00:00Z
Valid to:2024-03-07T23:59:59Z
Serial number: 38fe2e64cfda0ec832ace9e8a693b434
Thumbprint Algorithm:SHA256
Thumbprint: fceab9c75fbc2a61d8820491fe05b3b2f7d7d5fca1db22b2de81cb2e93cfdb34
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
208
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f05717a64218e6b687c3675ce9f8e3c774d82d81eb0f1f0befd4286ed1947f37
Verdict:
Suspicious activity
Analysis date:
2022-04-05 08:07:43 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ced63391-24d6-4b26-af6e-8e9cb97815d4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/260870/
Detection(s):
PUA.Win.Packer.PECompact-2
Create hunting rule

PUA.Win.Packer.ExeshieldProtec-1
Create hunting rule

SecuriteInfo.com.StaticAI-SuspiciousPE.6882.6971.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/12676/overview
Behaviour
MalwareBazaar
AntidebugCommonApi
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/624bee96aa7e43c6a6bae031/reports/96887893-f622-4d8b-b8a1-9c506dee2b10/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8a04bd59-da80-4a7a-bd91-33c1c0a204a7
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/970645
Signature
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f05717a64218e6b687c3675ce9f8e3c774d82d81eb0f1f0befd4286ed1947f37/
Verdict:
unknown
Similar samples:
025c02b41a8f743e5787b57e74631316db62317c41845402f3ad5e0575b6586e
0d47d1c6e21e6df01ac6593d252993b93a0a00a645e1687c2b75cd0b7656ec2b
123f17fcd035b40ddff50b0c592ecaff3e58846f6c5f37afe84bd5a1b6df176e
4a46a253a8201ca8dd7be2be8ce8cdab7bd5cb5c39d7a87adaa03e96c3187be8
561fe3832a5681034418efd005c0f2ebae8b9a54efa6d52761980fe6b3a31337
707330f0f7009aeb6cb1bba679ac72183ed938293fc5c2a4ecea035f245b789c
bbc09aecdb816662e1d982d0a8d358d8e4e634197f73c3b01bd73076f5f4a0bf
c79f3e70d3993f9da3f7b010f8a1610ee52919191bb29e2359305b1b75f1a6b3
d4f636c94595d717dec6e61d2648b48ca528a7e172ae5c8e198147d111335db8
fdb370e507a2dafd896f539be1e63bad7dd1963259606df11208f5e1498e6f20
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220405-h8ddlabdb9/
Unpacked files
SH256 hash:
6c51323b9bff5f7359ec36be40958bb13f792d2418cf5abbe1c30f05e804428e
MD5 hash:
dea459f8fab32336c8cd14919ae01dd5
SHA1 hash:
af4b3420d5f4bdfe25b6f27ee3b8aec86012fbc1
Link:
https://www.unpac.me/results/c7a0a0bd-328f-43ab-ba90-a36277a20be7/
SH256 hash:
f05717a64218e6b687c3675ce9f8e3c774d82d81eb0f1f0befd4286ed1947f37
MD5 hash:
f00bfe5874529e457af2ac411f8050d9
SHA1 hash:
7964e27c7320eb69a741346ba00f2df50d6f4907
Link:
https://www.unpac.me/results/c7a0a0bd-328f-43ab-ba90-a36277a20be7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f05717a64218e6b687c3675ce9f8e3c774d82d81eb0f1f0befd4286ed1947f37

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/260870/

Comments