MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 fa86d2cd7e9281b198093a0a310c18b326c3dfbeaeb61d7e8ebd7be8a9f8d342. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | fa86d2cd7e9281b198093a0a310c18b326c3dfbeaeb61d7e8ebd7be8a9f8d342 |
|---|---|
| SHA3-384 hash: | 3158e983c9287afc0b43803837c01a294b603645cbe9152d9145aa2f972989d46daa966248c1fe16126dce8464ea5769 |
| SHA1 hash: | dcdb107302d6d048346065f5bdf3afc210ec21b2 |
| MD5 hash: | 62a75e3ff3e6519af8f6aa77c07083fa |
| humanhash: | salami-earth-zulu-hydrogen |
| File name: | 62a75e3ff3e6519af8f6aa77c07083fa |
| Download: | download sample |
| File size: | 213'056 bytes |
| First seen: | 2020-11-17 12:30:07 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 6144:jWGsJlzB1YSjB/694NkfA5Z5oK2Rsg/HkEjy:LolzXYSJ6ukfCZ5oRDHkB |
| Threatray | 117 similar samples on MalwareBazaar |
| TLSH | A4246A05B0A1D8D2D3AB0A701EE58EA04FADFC56DBB1931F3584F32E5AF25A50D24772 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
50
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a window
Creating a file in the Windows directory
Running batch commands
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a process from a recently created file
Launching the default Windows debugger (dwwin.exe)
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-07 18:29:43 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
8/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Drops file in System32 directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
fa86d2cd7e9281b198093a0a310c18b326c3dfbeaeb61d7e8ebd7be8a9f8d342
MD5 hash:
62a75e3ff3e6519af8f6aa77c07083fa
SHA1 hash:
dcdb107302d6d048346065f5bdf3afc210ec21b2
SH256 hash:
e04da5205143d7cfb5e4337adc483170d7270799e055fc0d27ac19d5b8e55259
MD5 hash:
94e0d7d9120cdea1bfb0abf49d4b9cef
SHA1 hash:
b669522f72caee7741efb779970d1abbcf0e78e0
SH256 hash:
6649d692ab8a47209992ae7c24a513d34fbeb4642c36a2aab05cf6e21c23f429
MD5 hash:
7ca447d37e7fa1de33ee036df6749a6e
SHA1 hash:
17feb6a8c3e6a59766fe5c1ecb96ecc982e57529
SH256 hash:
44bf116ec28ea1aeff17d781a98a05a1b9bb789497f75011a21b5ea9c66f6bef
MD5 hash:
6a0cbfde3d871905cb7c89ccc47aa841
SHA1 hash:
ff635b05c020ed569b54d40dc8557bb849d9ba6a
SH256 hash:
fe8f4eb0e604d66182d58f609e19293f319090dc9ef04ef42721ac8112d8548e
MD5 hash:
0654316b2784639ed240d89da7b8bb8c
SHA1 hash:
337c459390d85c67591da3dc97bd6419d373c1ee
SH256 hash:
4b23ec8c3f83cef1a66343f79c23ea516aec59749a90b3126e79a6ecdbd74a12
MD5 hash:
22a2429781cb6b6b942e0e39e593fcc7
SHA1 hash:
5d02c81609cc228431f9a54f45a06c8c65786740
SH256 hash:
378338bff57f749c836ba06286d02474e682b11c666e53743b5843ff341cee17
MD5 hash:
ef62ddc5268b94245f860d594f411de4
SHA1 hash:
b4b64cfeca41676ae76732c16a41bb851a2850ba
SH256 hash:
dbe28eb81079e4d2577dc9bda957d2d8372a299c9215aeab3f7bc0c5fa8281d2
MD5 hash:
65b9a0fe6a8ad421bd7370903ebbac3f
SHA1 hash:
53e12b4bd28cd78557ea9be9f358383c73cf6ce0
SH256 hash:
fd6ccec66bf1381fbf0def50af6a83b5486a084a666d192cc8cf2f115453709a
MD5 hash:
923fe9dcb28cbabad22e0cfb86f6e772
SHA1 hash:
0cc8702dec308961262b22cccda9a61406b2433a
SH256 hash:
6f78bd88aa03f1b29504c4bfff56898240984a35c2db13bf9a0eaa5a4ff2f6be
MD5 hash:
a09a4a9db36e0735d7d9406deb572e28
SHA1 hash:
5ce5bf2a49d0ce0ba6ffe1056479ea3c77401e08
SH256 hash:
4ef069a6eb3777d8ea5623b4c603221cafa5ce6506934053d4658e7c05801e84
MD5 hash:
f163d5fe6f387cd80e7a9095d471c500
SHA1 hash:
b4d2731898b6e70f33204078f6bc64eb8244c2f1
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.