MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ceab2fee25b4bbfa7e52221b7e9d9c1343af12cc445dd3f380f8498fe95c1d5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	ceab2fee25b4bbfa7e52221b7e9d9c1343af12cc445dd3f380f8498fe95c1d5b
SHA3-384 hash:	ff0281bcf931e90cb63f8c353a354c4fa6463d267e37818c3bab388ef2bf3abef978c2b9658e96e62840d944e0df54fa
SHA1 hash:	56bd3f7c20f1f22e4b3756e6025e53ab1ca4cd44
MD5 hash:	af1f68bd635e402c431c27c7d1897611
humanhash:	lactose-lima-asparagus-fourteen
File name:	svchost.exe
Download:	download sample
File size:	92'820 bytes
First seen:	2025-11-23 09:30:35 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	98aa7065495f35513795744857924eba (17 x Simda)
ssdeep	384:opWy1bj+R14/+kAvFAciwgZYakWw7hTRJlsEKC76HZE:oHIEAvwwgZLkWwRRPsEKi6HZE
TLSH	T1DA936C53535889B3CA142DF894DAE0079C68DF7883625DE32E48290FFD7A9F25A38B54
TrID	30.2% (.EXE) Win64 Executable (generic) (10522/11/4) 18.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 14.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 12.9% (.EXE) Win32 Executable (generic) (4504/4/1) 5.9% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	Hexastrike
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/40876/

Gathering data

Result

Verdict:

Malware

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

adaptive-context

Link:

https://www.filescan.io/uploads/6922e0bff96b58f0dc80b78e/reports/53fe483c-4c67-443b-8866-47b845fba089/overview

Verdict:

Malicious

Labled as:

Ulise.Generic

Link:

https://www.hybrid-analysis.com/sample/ceab2fee25b4bbfa7e52221b7e9d9c1343af12cc445dd3f380f8498fe95c1d5b

Result

Gathering data

Score:

76%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/ceab2fee25b4bbfa7e52221b7e9d9c1343af12cc445dd3f380f8498fe95c1d5b

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE Memory-Mapped (Dump)

Link:

https://app.malva.re/file/af1f68bd635e402c431c27c7d1897611

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ceab2fee25b4bbfa7e52221b7e9d9c1343af12cc445dd3f380f8498fe95c1d5b/

Threat name:

Win32.Trojan.Ulise

Status:

Malicious

First seen:

2025-11-22 16:09:55 UTC

File Type:

PE (Exe)

AV detection:

19 of 36 (52.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=z2vs73rfws57u7sseinx5hm4cnb26ewmiro5h44a7bey72k4dvnq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/251123-mfdk4seq8s/

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/6129002f-85b5-45ac-9156-7b5191d052a8

Unpacked files

SH256 hash:

ceab2fee25b4bbfa7e52221b7e9d9c1343af12cc445dd3f380f8498fe95c1d5b

MD5 hash:

af1f68bd635e402c431c27c7d1897611

SHA1 hash:

56bd3f7c20f1f22e4b3756e6025e53ab1ca4cd44

Link:

https://www.unpac.me/results/d76154ca-4032-4dfa-bae6-154c7656a0e8/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.45

Link:

https://yomi.yoroi.company/submissions/ceab2fee25b4bbfa7e52221b7e9d9c1343af12cc445dd3f380f8498fe95c1d5b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/40876/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample