MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc64e7337e23dc861c4b4a4bbe26189cb388add1ed27198779c701e6ab1cc2b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	fc64e7337e23dc861c4b4a4bbe26189cb388add1ed27198779c701e6ab1cc2b6
SHA3-384 hash:	06600beafe8ecd9f8155066c3e026c5d539d63fa591a4982262fa6fb2e1af5536b07e795f0bb09e686835091b6ebac5c
SHA1 hash:	178724041e00a3e607bae8dda8cec86761dd7250
MD5 hash:	c71711d472a03ef3de8bd0c685394ef5
humanhash:	football-florida-beer-nevada
File name:	Untitled.exe
Download:	download sample
File size:	451'168 bytes
First seen:	2022-02-22 10:19:38 UTC
Last seen:	2022-02-28 07:21:26 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	a1a6f7025c83f5a233e7b28bc2c43a84
ssdeep	6144:3iErClNeUVufvSsZ20bDffOtEpnT1ieVoDjTEDoBSH8ALBLk0ReIDePGR:yErCCCKXDffqQ1ivcEdALLRes80
Threatray	8 similar samples on MalwareBazaar
TLSH	T1DEA47D16F6A404F5E0B78138C9A64617FA767C5A0730DACF22E1435A2F337D26E39B19
File icon (PE):
dhash icon	e0e1e4aeb8aea020 (29 x CoinMiner, 2 x Gh0stRAT, 1 x njrat)
Reporter	ankit_anubhav
Tags:	exe signed

Code Signing Certificate

Organisation:	Adersoft
Issuer:	GlobalSign CodeSigning CA - SHA256 - G3
Algorithm:	sha256WithRSAEncryption
Valid from:	2019-09-18T12:58:35Z
Valid to:	2022-12-11T11:53:03Z
Serial number:	3a1010878ed6f7ddd4ec8e8f
Intelligence:	3 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	363f7d015f06fd7fbb26fbe29629a09198c021f33896040be77277fc8cac761d
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

202

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

fc64e7337e23dc861c4b4a4bbe26189cb388add1ed27198779c701e6ab1cc2b6.zip

Verdict:

No threats detected

Analysis date:

2022-02-22 18:05:26 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/cdc7e418-be68-44e1-aeda-6cbeaa00ca00

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/243230/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a window

Sending a custom TCP request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/6990/overview

Behaviour

MalwareBazaar

MeasuringTime

CheckCmdLine

EvasionQueryPerformanceCounter

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug greyware hacktool overlay packed shell32.dll wscript.exe

Link:

https://www.filescan.io/uploads/6214b8ddac8ad0468b65b172/reports/373918a8-7cb9-4408-9186-7e681c60a4e2/overview

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/267681eb-95fa-4b67-bd35-749c8af7fb9f

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

5 / 100

Link:

https://www.joesandbox.com/analysis/943832

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fc64e7337e23dc861c4b4a4bbe26189cb388add1ed27198779c701e6ab1cc2b6/

Verdict:

unknown

3deec916d94fabdc65168ebd8b5f072a702781064d13b10700d9a52998a669a3

8c6cf25734d89865f9aaa5dea926d6dcb66558ac0493248237c36474b1d3bd0e

d3120247e0cad04591c5a670a28da82e156ea3e4b02610cfeb2e4cdcc85ca0f5

e1c8fbc6931af31a8c7d8a8a85792c44906728db795ca6df3f2d626c760c43b6

f54f4f34ff1f194148e1296d12e1badfae3eecf24cbfd35aa0308507d7cd367d

ffc3d4c2d7568d3d632ba01f05fcb54bb8bc2b73afabc4741999957498011568

Result

Malware family:

n/a

Score:

4/10

Tags:

n/a

Link:

https://tria.ge/reports/220222-mc4m5affc2/

Behaviour

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Drops file in Windows directory

Unpacked files

SH256 hash:

fc64e7337e23dc861c4b4a4bbe26189cb388add1ed27198779c701e6ab1cc2b6

MD5 hash:

c71711d472a03ef3de8bd0c685394ef5

SHA1 hash:

178724041e00a3e607bae8dda8cec86761dd7250

Link:

https://www.unpac.me/results/fc1bc590-1387-4c43-8456-c80a38ec55f8/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/fc64e7337e23dc861c4b4a4bbe26189cb388add1ed27198779c701e6ab1cc2b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/243230/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample