MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8be4ac2cb964340cba2cf2306f1c7212072abe2c7cfea9f1cea0c183db1d109. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8be4ac2cb964340cba2cf2306f1c7212072abe2c7cfea9f1cea0c183db1d109
SHA3-384 hash: 86a63cf69ae75e4d9559edb766a8d48c9051e680e7db1b3196cf43ddc992e781194240fcad3c3529f6b55ce8308d581d
SHA1 hash: 101e00fce64101efbd49f104222c4e1d002cd1eb
MD5 hash: 0ef171438cfdc47e28eab156c92299c5
humanhash: spaghetti-mountain-iowa-queen
File name:龙争虎斗V2.1.4.rar
Download: download sample
File size:12'603'467 bytes
First seen:2025-11-23 12:09:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 393216:NKj9QD3lgnl6ntemILMGvwAxnFYh9YBoHT:N6CD3lw6tezYg1ne9YBoz
TLSH T142C633E598ED566F34D163F68E6F1D1F8E05BE8A146948CCA9E24688C97E50F80C1CF3
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter juroots
Tags:rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
RO RO
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:龙争虎斗V2.1.4.exe
File size:13'419'504 bytes
SHA256 hash: d989737345cbd106b523a07242a37a73cdce04474196865b43d831b1d24abb71
MD5 hash: c53f1948030fb8c9960cc28636d222cd
MIME type:application/x-dosexec
Vendor Threat Intelligence
Gathering data
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug crypto fingerprint installer-heuristic keylogger obfuscated overlay overlay packed packed redcap vmprotect
Link:
https://www.filescan.io/uploads/6922f9ef5d3feebe12d81fbe/reports/7818fa28-2f32-44bc-b6b0-8279f0d8e49d/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/b8be4ac2cb964340cba2cf2306f1c7212072abe2c7cfea9f1cea0c183db1d109
Result
Gathering data
Verdict:
Unknown
File Type:
rar
Link:
https://opentip.kaspersky.com/b8be4ac2cb964340cba2cf2306f1c7212072abe2c7cfea9f1cea0c183db1d109/results?tab=lookup
Verdict:
inconclusive
YARA:
1 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Rar Archive
Link:
https://app.malva.re/file/0ef171438cfdc47e28eab156c92299c5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b8be4ac2cb964340cba2cf2306f1c7212072abe2c7cfea9f1cea0c183db1d109/
Threat name:
Win32.Trojan.Woool
Create hunting rule
Status:
Malicious
First seen:
2025-11-22 19:53:00 UTC
File Type:
Binary (Archive)
Extracted files:
26
AV detection:
20 of 36 (55.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xc7evqwlszbubs5cz4rqn4oheeqhfk7cy7h6vhy45igbqpnr2eeq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/251123-tn781sylas/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

rar b8be4ac2cb964340cba2cf2306f1c7212072abe2c7cfea9f1cea0c183db1d109

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3715188/
  
Delivery method
Distributed via web download

Comments