MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdc0ccb5bd0267845485e0716a802a2552c919b659ebdfb272e3ad33379cb570. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fdc0ccb5bd0267845485e0716a802a2552c919b659ebdfb272e3ad33379cb570
SHA3-384 hash: d8632206ab421b8f324cdbf2be7ef7bb29745f72e897fb802813a2e7db5b36d3e0f66ed45bccf79d8de18b8bf047749c
SHA1 hash: 82a06a22ed0ad30e2f1ed888251579c45d862232
MD5 hash: d4b83a5047549d4e5d73741f92b2fe30
humanhash: blue-orange-venus-idaho
File name:ApowerREC 1.6.5.18.exe
Download: download sample
File size:37'639'594 bytes
First seen:2023-08-13 13:16:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'562 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 786432:nHh3339iVR3upucGb2Q8hSGoo6Nbk3nanKe/JEf4hs2pD:BX4H3uS6ioek3IJ4ssOD
Threatray 2'432 similar samples on MalwareBazaar
TLSH T1B4873303B9DF4DE0D2830738795E5B57C9A74F8827330E2B8E3D20A5D66DE9D6A19231
TrID 76.6% (.EXE) Inno Setup installer (109740/4/30)
9.9% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.1% (.EXE) Win32 Executable (generic) (4505/5/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
dhash icon 8000907070300080
Reporter xr1pper
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
314
Origin country :
EG EG
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ApowerREC 1.6.5.18.exe
Verdict:
Suspicious activity
Analysis date:
2023-08-13 13:20:02 UTC
Tags:
installer
Link:
https://app.any.run/tasks/1fb40f2c-de82-4ce2-90c6-5c500514be02

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Searching for the window
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/102780/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control greyware installer lolbin masquerade overlay packed shell32
Link:
https://www.filescan.io/uploads/64d8d7d14154db2bd52aa953/reports/ee889d4c-2f73-4fb5-b983-f04270545c3e/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/fdc0ccb5bd0267845485e0716a802a2552c919b659ebdfb272e3ad33379cb570
Result
Verdict:
MALICIOUS
Result
Threat name:
HTMLPhisher
Create hunting rule
Detection:
suspicious
Classification:
phis.troj.spyw.evad
Score:
36 / 100
Link:
https://www.joesandbox.com/analysis/1290671
Signature
Contains functionality to log keystrokes (.Net Source)
Modifies security policies related information
Multi AV Scanner detection for submitted file
Uses regedit.exe to modify the Windows registry
Yara detected Generic Downloader
Yara detected HtmlPhish44
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-08-10 23:34:45 UTC
File Type:
PE (Exe)
Extracted files:
2490
AV detection:
6 of 38 (15.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7xamznn5ajtyivef4bywvabkevjmsgnwlhv57mts4owtgn44wvya._file
Verdict:
unknown
Similar samples:
32f8116d810b51a81f394b634d20015279fb3c33efeca8df1780ec00060a8f90
35ad56ad06889db09ce30a14e69c3c7a4570a54121e5c2ec5fd60bd7e1cd1cdb
4589960a9a31c7dbdb6687e3d336cfa69660969b40e00d5dfb9f578ee6d2b26f
502cc078f4ce8e2a5a6ee664b0221170eae8a6ae00b36f01c2c27b3588a3f762
6ff134c7112da54cc62593ea1e87add046eb615295d4f6db8dccb1645d11f27e
71bf7691a9cc7dc3f5dee1ac0bf691a1be90aa88b4d43a6d56d9ea36deea9096
a283083eea81bfe5d7fc1c5203af7e2995e88a87a019702eeff18a6572bb86f0
c6041381dca149356dba2bc83550a5bc234c151f9faf099e8179ae1f3e1b275b
e09a18963c0d27d11e0587c5ec0c55563b77f83042ced18825b00457ec9af0bd
fb6d4bdb9d9f57d4d3e127cc5c04903b06406daf16d7ac008701d590df22b168
+ 2'422 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230813-qjc1jacd68/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Executes dropped EXE
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fdc0ccb5bd0267845485e0716a802a2552c919b659ebdfb272e3ad33379cb570

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fdc0ccb5bd0267845485e0716a802a2552c919b659ebdfb272e3ad33379cb570

(this sample)

  
Delivery method
Distributed via web download

Comments