MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1aa901cfbefbf00e206851ea8da56362e8edbad4416383e175a90e5ee15b54b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f1aa901cfbefbf00e206851ea8da56362e8edbad4416383e175a90e5ee15b54b
SHA3-384 hash: 41f228ed824c6775403fb8d514b1a9c9e45b614fe6d918ce86da108230e1c70ff5a43ec94d4e8d809f84a5751b895edc
SHA1 hash: c664193356a7c1523ca49017dec5677862392556
MD5 hash: bd4741c5f468ad89aa4b6aa237b75027
humanhash: london-july-mango-eleven
File name:AutoInstall.exe
Download: download sample
File size:159'144 bytes
First seen:2022-05-18 14:12:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 23c751ae9c02945f8d146a6490f2d56d
ssdeep 3072:WCrIvgURbVCVf/bdIwtGdpgZXUMOdU48u1pSXCG3176t:WCrRUihtIpgZkn1wCu16t
Threatray 27 similar samples on MalwareBazaar
TLSH T18EF3BE02D91E1036E9665570AFA61A1BD77A72605F0031EBB7C289BA0B72CF93C715BC
TrID 53.0% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
17.8% (.EXE) Win64 Executable (generic) (10523/12/4)
11.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win32 Executable (generic) (4505/5/1)
3.4% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter ShinigamiOwl
Tags:exe


Avatar
ShinigamiOwl
https://telegra.ph/Download-04-29-12

Intelligence

File Origin
# of uploads :
1
# of downloads :
237
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
AutoInstall.exe
Verdict:
No threats detected
Analysis date:
2022-05-18 14:13:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/80c76ed1-088b-4a37-83c4-f791081c8b37

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/272130/
Detection(s):
SecuriteInfo.com.Variant.Lazy.184615.23463.23864.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/18739/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c10071df-bb09-4e48-8683-b9a3c86fe193
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/996868
Signature
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f1aa901cfbefbf00e206851ea8da56362e8edbad4416383e175a90e5ee15b54b/
Threat name:
Win32.Trojan.Lazy
Create hunting rule
Status:
Malicious
First seen:
2022-05-18 14:13:07 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
05963059249f086c08d8487b82e08f4e6ba91ec4391484cf2bf54258aa2e6a64
312783a788b6b11c7921d2836059c7beb80adcc4d4162f80bb6a3cf5d20b80c3
527b3ec7f548207e3ef8509973591509e5d61c91d613c232329204dfa35535be
6b3260201ea9fb85f2374c809140463ae0e47398c1c8a0c07e54724f82a34c71
7605a5d355941ddf465272bd31583c254584b65b230c0fe7a93b8f887c5af3aa
+ 17 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/220518-rjd39safg2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Unpacked files
SH256 hash:
f1aa901cfbefbf00e206851ea8da56362e8edbad4416383e175a90e5ee15b54b
MD5 hash:
bd4741c5f468ad89aa4b6aa237b75027
SHA1 hash:
c664193356a7c1523ca49017dec5677862392556
Link:
https://www.unpac.me/results/012e1720-5c6e-46dc-b300-b4b13b0fc90a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f1aa901cfbefbf00e206851ea8da56362e8edbad4416383e175a90e5ee15b54b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f1aa901cfbefbf00e206851ea8da56362e8edbad4416383e175a90e5ee15b54b

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/272130/

Comments