MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA 4 File information Comments

SHA256 hash:	7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36
SHA3-384 hash:	caef1f3da79385d39e84b0d06f9b5b7ed394fe9b782b0410337f524e467d8ca9d3c62311bfd78246000c4af094b64883
SHA1 hash:	98c8c659488a5782679112e0ffb089422a664ac5
MD5 hash:	14934caca84d5fe0288f27efb31dcbf8
humanhash:	echo-wyoming-solar-pennsylvania
File name:	file
Download:	download sample
File size:	373'656 bytes
First seen:	2025-08-19 14:32:53 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d21794f0d47bb5c7f5977a6500854d85
ssdeep	3072:rbT9vTZFNSlIbVf7o3Cyi7igb/Js0S6uZZspiDbZHNjWOnNxFiKey1ISQlXflY:fRvNvvbhOq7F3S/qpiDlNCONvmXdY
TLSH	T12C84C621E6806071CD26063FE49D5E655127AF421F2B45CBE28C3E5B86BC3E9DB2CF85
TrID	38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 24.6% (.EXE) Win64 Executable (generic) (10522/11/4) 11.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 10.5% (.EXE) Win32 Executable (generic) (4504/4/1) 4.7% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
File icon (PE):
dhash icon	a63168dca46d51a6
Reporter	jstrosch
Tags:	exe signed

Code Signing Certificate

Organisation:	Glarysoft Ltd
Issuer:	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:	sha256WithRSAEncryption
Valid from:	2022-08-17T00:00:00Z
Valid to:	2025-07-29T23:59:59Z
Serial number:	042814369854a85f9b8f901267c03cf2
Intelligence:	3 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	c7c51a6d83f45f94efe47c8dfadde98dc41b197408dc45a5090ab5f16dc948bd
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

jstrosch

Found at hxxps://anonhax[.]site/uploads/6766bad1ef7f4_config.prx by #subcrawl

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

https://mega.nz/file/nRBAhJxQ#iVfoGauv6g80S4eEOa0s5GXWcD3ZmyyJ7bI-o9L1b7o

Verdict:

Malicious activity

Analysis date:

2025-02-21 21:07:51 UTC

Tags:

autoit lumma stealer pastebin autoit-loader

Link:

https://app.any.run/tasks/769223d4-d04b-4d25-8ed1-bbb2ad2e1551

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/22204/

Verdict:

Malicious

Score:

91.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=687d5e582f623871a5f0d886

Tags:

smtp

Result

Verdict:

Clean

Maliciousness:

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

adaptive-context microsoft_visual_cc obfuscated signed threat

Link:

https://www.filescan.io/uploads/68a48c45a4bdac9f5b9e7b8c/reports/5c60a331-3851-460d-94af-3fa32e41fb65/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36

Malware family:

Glarysoft Ltd

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/987921a6-2487-4374-afa3-0cecfc5749f9

Score:

Verdict:

Benign

File Type:

Link:

https://malprob.io/report/7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=p6ugcrydkyt3vy4vo26l4ym5arpjjjemjw4mueyzndbaxng6ji3a._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250819-rzve7adn31/

Behaviour

System Location Discovery: System Language Discovery

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/b610c6d9-530f-4a8a-b282-cd6338050c34

Unpacked files

SH256 hash:

7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36

MD5 hash:

14934caca84d5fe0288f27efb31dcbf8

SHA1 hash:

98c8c659488a5782679112e0ffb089422a664ac5

Link:

https://www.unpac.me/results/81e4b363-fb77-45a9-b4cc-c7d28e2d280e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/22204/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Reviews

ID	Capabilities	Evidence
COM_BASE_API	Can Download & Execute components	ole32.dll::CoCreateInstance
GDI_PLUS_API	Interfaces with Graphics	gdiplus.dll::GdiplusStartup gdiplus.dll::GdiplusShutdown gdiplus.dll::GdipDeleteGraphics gdiplus.dll::GdipAlloc
SHELL_API	Manipulates System Shell	SHELL32.dll::ShellExecuteW
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryW KERNEL32.dll::GetStartupInfoW KERNEL32.dll::GetCommandLineW
WIN_REG_API	Can Manipulate Windows Registry	ADVAPI32.dll::RegOpenKeyExW ADVAPI32.dll::RegQueryValueExW
WIN_SOCK_API	Uses Network to send and receive data	WS2_32.dll::FreeAddrInfoW WS2_32.dll::GetAddrInfoW WS2_32.dll::WSACloseEvent WS2_32.dll::WSAConnect WS2_32.dll::WSACreateEvent WS2_32.dll::WSAEnumNetworkEvents
WIN_USER_API	Performs GUI Actions	USER32.dll::AppendMenuW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample