MALLEVEL

Sample Results


Analysis Information

Start Time: 14 January 2023 08:29:53

End Time: 14 January 2023 08:30:02

No. of Files Scanned: 19

Scan Summary: 13 Dangerous Files, 6 Safe Files

Download Analysis Report

You may want to validate the scan results with virustotal.com by clicking on "[VT]"

all files.zip

[SIG: 990]  

Verdict DANGEROUS
Signature Score 990
File Type ZIP
File Size 6148.83KB
MD5 Hash 8cc0a0c8a31a63bd89706847419901a5 [VT]
SHA1 Hash e965b04f2687edafbed159f572499a7233faaf18 [VT]
SHA256 Hash 4d569ed4d9b6b2df853203c28cd399ac1dedb3c535c08d8b749f6a17f70b5682 [VT]
Contains
 
  1. 02ca4397da55b3175aaa1ad2c99981e792f66151.bin
  2. 1585c4c34a86b13dacc3fbadb95c5c2065ccfa4084b66f10b3da6b5fb11e9ce0.php
  3. 20151011_bb69fce88e81433b11fc6d519df98a55.js
  4. 2021-08-17-formbook.pcap
  5. 6b961d6fc1c0ed36fdb9fa0d89afe7f08f75c20fdd56f026f23935e21ca4dc19.php
  6. 72d4375c5fe2533acb5e378ddbd3c55f87c61003a492caffdcb40db988c49503.exe
  7. 7ea5079109de884c386bdc186fad9ce93b68e8012150eea42aa55fe73dbdf0b0.exe
  8. a497aca3c4321e9ed7b437aca33b823a5905b1a6dcc0e52da8f5a5ad38ef48d7.ps1
  9. a9cf916a02ba38176cc73391c4711c1e20a3559adf1023754d6f52124114c6e7.ps1
  10. bdcamih.dll
  11. eicar.com.txt
  12. f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
  13. safe1.exe
  14. smb-37n0gip7.tmp
  15. smb-e7_udot9.tmp
  16. smb-ncqut0ao.tmp
  17. smb-zlm7d8hi.tmp
  18. SpotifySetup.exe
Reasons
 
  1. 02ca4397da55b3175aaa1ad2c99981e792f66151.bin has a score of 160
  2. 1585c4c34a86b13dacc3fbadb95c5c2065ccfa4084b66f10b3da6b5fb11e9ce0.php has a score of 80
  3. 20151011_bb69fce88e81433b11fc6d519df98a55.js has a score of 120
  4. 6b961d6fc1c0ed36fdb9fa0d89afe7f08f75c20fdd56f026f23935e21ca4dc19.php has a score of 140
  5. a497aca3c4321e9ed7b437aca33b823a5905b1a6dcc0e52da8f5a5ad38ef48d7.ps1 has a score of 80
  6. a9cf916a02ba38176cc73391c4711c1e20a3559adf1023754d6f52124114c6e7.ps1 has a score of 20
  7. eicar.com.txt has a score of 40
  8. smb-e7_udot9.tmp has a score of 70
  9. smb-ncqut0ao.tmp has a score of 140
  10. smb-zlm7d8hi.tmp has a score of 140

02ca4397da55b3175aaa1ad2c99981e792f66151.bin

[SIG: 160]  

Verdict DANGEROUS
Signature Score 160
File Type EXE
File Size 1541.5KB
MD5 Hash aba2d86ed17f587eb6d57e6c75f64f05 [VT]
SHA1 Hash aeccba64f4dd19033ac2226b4445faac05c88b76 [VT]
SHA256 Hash 807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d [VT]
File Imports
 
  1. wininet.dll
  2. kernel32.dll
  3. msvcrt.dll
  4. shell32.dll
Reasons
 
  1. Malware Hash TYPE: SHA256 HASH: 807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d SUBSCORE: 100 DESC: The PhotoMiner Campaign https://www.guardicore.com/2016/06/the-photominer-campaign/
  2. Yara Rule MATCH: CoinMiner_Strings SUBSCORE: 60 DESCRIPTION: Detects mining pool protocol string in Executable REF: https://minergate.com/faq/what-pool-address AUTHOR: Florian Roth MATCHES: Str1: stratum+tcp://

6b961d6fc1c0ed36fdb9fa0d89afe7f08f75c20fdd56f026f23935e21ca4dc19.php

[SIG: 140]  

Verdict DANGEROUS
Signature Score 140
File Type PHP
File Size 218.7KB
MD5 Hash 428950166a5f7607ac39f85d2527c787 [VT]
SHA1 Hash 0d834e827a9411ec58f2976506c3f988edd9f4b3 [VT]
SHA256 Hash 6b961d6fc1c0ed36fdb9fa0d89afe7f08f75c20fdd56f026f23935e21ca4dc19 [VT]
Reasons
 
  1. Yara Rule MATCH: webshell_php_generic SUBSCORE: 70 DESCRIPTION: php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings REF: - AUTHOR: Arnim Rupp MATCHES: Str1: addslashes Str2: <? Str3: <?php Str4: ($_POST) Str5: _SERVER['HTTP_ Str6: _SERVER["HTTP_ Str7: eval($ Str8: eval(" Str9: exec($ Str10 ... (truncated)
  2. Yara Rule MATCH: webshell_php_by_string_known_webshell SUBSCORE: 70 DESCRIPTION: Known PHP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions. REF: - AUTHOR: Arnim Rupp MATCHES: Str1: bot|spider|crawler|slurp|teoma|archive|track|snoopy|java|lwp|wget|curl|client|python|libwww Str2: <? Str3: <?php

smb-ncqut0ao.tmp

[SIG: 140]  

Verdict DANGEROUS
Signature Score 140
File Type EXE
File Size 120.0KB
MD5 Hash c16f128949209f7c520d9f6acd4b2c8a [VT]
SHA1 Hash b45fb46e8365a40581f1bad1a0cfe850017031b7 [VT]
SHA256 Hash 722941d55dc8c99d8e786ed68a821f0ad48762f3db01abebeedbe723790c7ddb [VT]
File Imports
 
  1. kernel32.dll
  2. advapi32.dll
  3. ws2_32.dll
  4. netapi32.dll
  5. mpr.dll
  6. msvcrt.dll
Reasons
 
  1. Yara Rule MATCH: WannaCry_Ransomware SUBSCORE: 70 DESCRIPTION: Detects WannaCry Ransomware REF: https://goo.gl/HG2j5T AUTHOR: Florian Roth (with the help of binar.ly) MATCHES: Str1: 09ff763050ff562c5959473b7e0c7c Str2: c1ea1dc1ee1e83e20183e6018d1456 Str3: 8d48fff7d18d4410ff23f123c1
  2. Yara Rule MATCH: Win32_Ransomware_WannaCry SUBSCORE: 70 DESCRIPTION: Yara rule that detects WannaCry ransomware. REF: - AUTHOR: ReversingLabs MATCHES: Str1: a064f6400056576a408885f4feffff5933c08dbdf5fefffff3ab66abaa8d85f4feffff68040100005053ff15ac8040008b35248140008d85f4feffff6a5c50ffd6598 ... (truncated)

smb-zlm7d8hi.tmp

[SIG: 140]  

Verdict DANGEROUS
Signature Score 140
File Type EXE
File Size 120.0KB
MD5 Hash 558b05e59b333aef5224e1da7d03f2e9 [VT]
SHA1 Hash d68e616cbf0b22680de34c4d3615cbfc866176bc [VT]
SHA256 Hash 55120454e6afa0416c07b905d38434768542cd93b36279bcdbc0a894854b7d11 [VT]
File Imports
 
  1. kernel32.dll
  2. advapi32.dll
  3. ws2_32.dll
  4. netapi32.dll
  5. mpr.dll
  6. msvcrt.dll
Reasons
 
  1. Yara Rule MATCH: WannaCry_Ransomware SUBSCORE: 70 DESCRIPTION: Detects WannaCry Ransomware REF: https://goo.gl/HG2j5T AUTHOR: Florian Roth (with the help of binar.ly) MATCHES: Str1: 09ff763050ff562c5959473b7e0c7c Str2: c1ea1dc1ee1e83e20183e6018d1456 Str3: 8d48fff7d18d4410ff23f123c1
  2. Yara Rule MATCH: Win32_Ransomware_WannaCry SUBSCORE: 70 DESCRIPTION: Yara rule that detects WannaCry ransomware. REF: - AUTHOR: ReversingLabs MATCHES: Str1: a064f6400056576a408885f4feffff5933c08dbdf5fefffff3ab66abaa8d85f4feffff68040100005053ff15ac8040008b35248140008d85f4feffff6a5c50ffd6598 ... (truncated)

20151011_bb69fce88e81433b11fc6d519df98a55.js

[SIG: 120]  

Verdict DANGEROUS
Signature Score 120
File Type UNKNOWN
File Size 10.35KB
MD5 Hash 3a6df83ee2cd2e8c976114f46fd42b36 [VT]
SHA1 Hash 26dd9cb2fd4467265916b04a473ed95bf966d2bc [VT]
SHA256 Hash ae6b82b37c48b04fb1512a153a752056e68fcfca528f0de9a936c23b974f0b32 [VT]
Reasons
 
  1. Anomaly detected ANOMALIES: 'symbol count of ';' very high', 'symbol count of '{' very high', 'symbol count of '}' very high' SIG: 120

1585c4c34a86b13dacc3fbadb95c5c2065ccfa4084b66f10b3da6b5fb11e9ce0.php

[SIG: 80]  

Verdict DANGEROUS
Signature Score 80
File Type UNKNOWN
File Size 20.85KB
MD5 Hash 83a4c070668c9c930b44ae68e48dacfd [VT]
SHA1 Hash 3abd0adf79ab01de5febd25dbcd515e13548025d [VT]
SHA256 Hash 1585c4c34a86b13dacc3fbadb95c5c2065ccfa4084b66f10b3da6b5fb11e9ce0 [VT]
Reasons
 
  1. Anomaly detected ANOMALIES: 'more symbols than alphanum chars', 'symbol count of ',' very high' SIG: 80

a497aca3c4321e9ed7b437aca33b823a5905b1a6dcc0e52da8f5a5ad38ef48d7.ps1

[SIG: 80]  

Verdict DANGEROUS
Signature Score 80
File Type UNKNOWN
File Size 1512.9KB
MD5 Hash a89167e3878eb3c1d77e6aa0503eb108 [VT]
SHA1 Hash 7a377cbacdb226209e4a0b8e266183c344707275 [VT]
SHA256 Hash a497aca3c4321e9ed7b437aca33b823a5905b1a6dcc0e52da8f5a5ad38ef48d7 [VT]
Reasons
 
  1. Anomaly detected ANOMALIES: 'symbol count of '"' very high', 'symbol count of ',' very high' SIG: 80

smb-e7_udot9.tmp

[SIG: 70]  

Verdict DANGEROUS
Signature Score 70
File Type EXE
File Size 32.0KB
MD5 Hash 6be1469c40cc9ed1f511f16329dd5517 [VT]
SHA1 Hash 0452c7919790930df7f0755e221ef8a9910848a0 [VT]
SHA256 Hash a1c3eca09d4f390a729baf3f30db068ff12cb29e170337223d58696428a2fc61 [VT]
File Imports
 
  1. kernel32.dll
  2. advapi32.dll
  3. ws2_32.dll
  4. netapi32.dll
  5. mpr.dll
  6. msvcrt.dll
Reasons
 
  1. Yara Rule MATCH: Win32_Ransomware_WannaCry SUBSCORE: 70 DESCRIPTION: Yara rule that detects WannaCry ransomware. REF: - AUTHOR: ReversingLabs MATCHES: Str1: 83ec1057683f000f006a006a00ff150c6040008bf885ff7432535668ff010f00688c67410057ff15106040008b1d146040008bf085f6740e6a3c56e880feffff83c40 ... (truncated)

72d4375c5fe2533acb5e378ddbd3c55f87c61003a492caffdcb40db988c49503.exe

[SIG: 0] [ML]

Verdict DANGEROUS
Signature Score 0
ML Prediction DANGEROUS
File Type EXE
File Size 148.5KB
MD5 Hash 6ed3e3327246cc457d22bb92bd3bba8b [VT]
SHA1 Hash 1329a6af26f16bb371782ff404d526eec1af9d22 [VT]
SHA256 Hash 72d4375c5fe2533acb5e378ddbd3c55f87c61003a492caffdcb40db988c49503 [VT]
File Imports
 
  1. mscoree.dll

7ea5079109de884c386bdc186fad9ce93b68e8012150eea42aa55fe73dbdf0b0.exe

[SIG: 0] [ML]

Verdict DANGEROUS
Signature Score 0
ML Prediction DANGEROUS
File Type EXE
File Size 892.0KB
MD5 Hash 53b7bd0f846a58a115c568f16f902fd1 [VT]
SHA1 Hash 1d20c7f8105c6bfad4264d7b619cb79213cdd4ba [VT]
SHA256 Hash 7ea5079109de884c386bdc186fad9ce93b68e8012150eea42aa55fe73dbdf0b0 [VT]
File Imports
 
  1. mscoree.dll

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

[SIG: 0] [ML]

Verdict DANGEROUS
Signature Score 0
ML Prediction DANGEROUS
File Type EXE
File Size 149.0KB
MD5 Hash 7d8f0e539e50eb545d094c50aab0ea9e [VT]
SHA1 Hash 9368da690ace5328abc4461cd8322d78c1fdc290 [VT]
SHA256 Hash f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9 [VT]
File Imports
 
  1. mscoree.dll

smb-37n0gip7.tmp

[SIG: 0] [ML]

Verdict DANGEROUS
Signature Score 0
ML Prediction DANGEROUS
File Type EXE
File Size 60.0KB
MD5 Hash 4e66d60069cac452466dcdff165d4d0e [VT]
SHA1 Hash 63a363b562f135fba983db62e29cad9cc18098a7 [VT]
SHA256 Hash 5ccd1fb51860bd9f51fb69b18a40063e801a0370226e0bccafd85a17f9578502 [VT]
File Imports
 
  1. kernel32.dll
  2. advapi32.dll
  3. ws2_32.dll
  4. netapi32.dll
  5. mpr.dll
  6. msvcrt.dll

eicar.com.txt

[SIG: 40]  

Verdict SAFE
Signature Score 40
File Type UNKNOWN
File Size 0.07KB
MD5 Hash 44d88612fea8a8f36de82e1278abb02f [VT]
SHA1 Hash 3395856ce81f2b7382dee72602f798b642f14140 [VT]
SHA256 Hash 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f [VT]
Reasons
 
  1. Yara Rule MATCH: SUSP_Just_EICAR SUBSCORE: 40 DESCRIPTION: Just an EICAR test file - this is boring but users asked for it REF: http://2016.eicar.org/85-0-Download.html AUTHOR: Florian Roth MATCHES: Str1: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

a9cf916a02ba38176cc73391c4711c1e20a3559adf1023754d6f52124114c6e7.ps1

[SIG: 20]  

Verdict SAFE
Signature Score 20
File Type UNKNOWN
File Size 773.84KB
MD5 Hash 799abd9870fb9dd90a130c153d0628fe [VT]
SHA1 Hash c85951c12e61e7e109d8261f989faccdb098cc1c [VT]
SHA256 Hash a9cf916a02ba38176cc73391c4711c1e20a3559adf1023754d6f52124114c6e7 [VT]
Reasons
 
  1. Anomaly detected ANOMALIES: 'upper to lower ratio' SIG: 20

2021-08-17-formbook.pcap

[SIG: 0]  

Verdict SAFE
Signature Score 0
File Type WINPCAP
File Size 1620.48KB
MD5 Hash 05b6a4fdcf3d44b8048542c57b3c84d3 [VT]
SHA1 Hash befd7b9f0ed47f5a350262d281de9a9cc7422af7 [VT]
SHA256 Hash 36d1c8ac99beecb5c3a7a04e6cfed6e08d70f07b67b80609caa72f52ef58c32b [VT]

bdcamih.dll

[SIG: 0] [ML]

Verdict SAFE
Signature Score 0
ML Prediction SAFE
File Type EXE
File Size 111.39KB
MD5 Hash cab4e83dc11f07336b9717399c73429e [VT]
SHA1 Hash b722cf8672c3426123dd0d931698e95d8852bbb3 [VT]
SHA256 Hash 6ec3c3b72d6a151382e8a02f0e3f95e013836faa818da55eacd89c0ae99795b5 [VT]
File Imports
 
  1. kernel32.dll
  2. user32.dll

safe1.exe

[SIG: 0] [ML]

Verdict SAFE
Signature Score 0
ML Prediction SAFE
File Type EXE
File Size 1393.73KB
MD5 Hash fe198308a57848727e8341e305d19995 [VT]
SHA1 Hash ce22bc0113c7e0a5580bf5b71acb05d45de1e9fd [VT]
SHA256 Hash 26503fc13feafc67e28b6b40d0515863500f76a5db29b3d6c1ea156615a0dc71 [VT]
File Imports
 
  1. kernel32.dll
  2. shlwapi.dll
  3. ole32.dll
  4. shell32.dll
  5. user32.dll

SpotifySetup.exe

[SIG: 0] [ML]

Verdict SAFE
Signature Score 0
ML Prediction SAFE
File Type EXE
File Size 910.96KB
MD5 Hash d61d294e1af064d864dfd67e1ead5848 [VT]
SHA1 Hash e8ec9bc0708afd10937565582dcfdb7cc8c9bbb5 [VT]
SHA256 Hash 5e1296785023a9deb84a7d1695213543a5bfc345e3588dbb1ef6e9828fa1a542 [VT]
File Imports
 
  1. comctl32.dll
  2. shell32.dll
  3. kernel32.dll
  4. user32.dll
  5. gdi32.dll
  6. ole32.dll
  7. advapi32.dll