MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ffb7e0228d5212b01b82d48a1a058ada453228b70a0285e39822facefcc24e52. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ffb7e0228d5212b01b82d48a1a058ada453228b70a0285e39822facefcc24e52
SHA3-384 hash: d6972eb5b9f324489ac01d626fdac2aaafd06ad4c6a04f7cf3c01e4434252e5405e9391c3726cd24704293b1eeb990eb
SHA1 hash: 958aff891948845f648041f62e42efd7d0fe5cbe
MD5 hash: 650c121ef770044b5b8533ec524b9c7b
humanhash: winter-mexico-massachusetts-paris
File name:setup.exe
Download: download sample
File size:178'784 bytes
First seen:2024-02-12 07:56:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4f67aeda01a0484282e8c59006b0b352 (51 x GuLoader, 9 x RemcosRAT, 9 x VIPKeylogger)
ssdeep 3072:T1E/rS2paccKntcpbdJIpIxqgnmQQrSQSTr:T1oneboIxuQsx2
TLSH T121041873A5857991D35218B1DDB3F22256E02D284B7F04026E1F3FBE2F3DDA64A39582
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
File icon (PE):PE icon
dhash icon a4ac4c23a6c4e469
Reporter Anonymous
Tags:exe signed

Code Signing Certificate

Organisation:Aller Media e.K.
Issuer:Certum Code Signing 2021 CA
Algorithm:sha256WithRSAEncryption
Valid from:2022-11-29T16:48:00Z
Valid to:2023-11-29T16:47:59Z
Serial number: 3b73603420a80eb71c597ec9e28af21d
Thumbprint Algorithm:SHA256
Thumbprint: e4edf4e3eb65e720abcabcd8232a96563acde757b28a57d4df75d49713b25de1
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
289
Origin country :
RO RO
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://en.vlc.de/
Verdict:
Malicious activity
Analysis date:
2024-02-12 07:43:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/44c98a7f-f693-4dc5-8589-ca088a236fec

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/475799/
Detection(s):
SecuriteInfo.com.Adware.Generic12.HOD.14374.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Creating a file
DNS request
Connection attempt
Sending an HTTP GET request
Creating a window
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Tags:
installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/65c9cf5102d5be924b636c16/reports/d807dbcc-c397-4290-91f1-2f0fa8d40180/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/ffb7e0228d5212b01b82d48a1a058ada453228b70a0285e39822facefcc24e52
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/3f8b3e3e-2182-45a5-8d76-f1d942381262
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
4 / 100
Link:
https://www.joesandbox.com/analysis/1390607
Behaviour
Behavior Graph:
n/a
Score:
17%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/ffb7e0228d5212b01b82d48a1a058ada453228b70a0285e39822facefcc24e52
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ffb7e0228d5212b01b82d48a1a058ada453228b70a0285e39822facefcc24e52/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7636aiunkijlag4c2sfbubmk3jctekfxbibily4yel5m57gcjzja._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/240212-js9mjaab27/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Enumerates physical storage devices
Loads dropped DLL
Unpacked files
SH256 hash:
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
MD5 hash:
3f176d1ee13b0d7d6bd92e1c7a0b9bae
SHA1 hash:
fe582246792774c2c9dd15639ffa0aca90d6fd0b
Link:
https://www.unpac.me/results/c08275f5-67e1-433c-ad4b-0e815d4b11e9/
SH256 hash:
9de492995d2180635aa3194b88ce6dd94e0c2b001af5952a73d4a84fbc32b6ab
MD5 hash:
41f557e065b405f94d0ece8b5727233b
SHA1 hash:
c6d1704eefbdfe0a7d4a03c65acc70cdde883598
Link:
https://www.unpac.me/results/c08275f5-67e1-433c-ad4b-0e815d4b11e9/
SH256 hash:
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f
MD5 hash:
2b342079303895c50af8040a91f30f71
SHA1 hash:
b11335e1cb8356d9c337cb89fe81d669a69de17e
Link:
https://www.unpac.me/results/c08275f5-67e1-433c-ad4b-0e815d4b11e9/
SH256 hash:
ffb7e0228d5212b01b82d48a1a058ada453228b70a0285e39822facefcc24e52
MD5 hash:
650c121ef770044b5b8533ec524b9c7b
SHA1 hash:
958aff891948845f648041f62e42efd7d0fe5cbe
Link:
https://www.unpac.me/results/c08275f5-67e1-433c-ad4b-0e815d4b11e9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ffb7e0228d5212b01b82d48a1a058ada453228b70a0285e39822facefcc24e52

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_SliverFox_String
Create hunting rule
Author:huoji
Description:Detect files is `SliverFox` malware
Rule name:Ins_NSIS_Buer_Nov_2020_1
Create hunting rule
Author:Arkbird_SOLG
Description:Detect NSIS installer used for Buer loader
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/475799/

Comments