MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01fbad5536413581e293f3aaafe461ca28599430c226b3c0ec46c662e707bfc4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA 10 File information Comments

SHA256 hash:	01fbad5536413581e293f3aaafe461ca28599430c226b3c0ec46c662e707bfc4
SHA3-384 hash:	9bad522895e19eb2925640a03fcc842ce86ba313d0a6c44901dcbd078b53015de45c5683cb9b16253ff7d61d317baede
SHA1 hash:	6ba58dc42042c9bebf076a6b5eb5de02573cecb9
MD5 hash:	e1ef59c11e475befabe7037b82323adc
humanhash:	september-six-fanta-muppet
File name:	skeletal.bin
Download:	download sample
File size:	13'814'559 bytes
First seen:	2025-03-11 17:33:22 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	393216:FvyjA1IuWmA4j1bhhl7iQYafCgQtkwf+R8vi4Rej54XI:qAmMJ1riQY1gQUdmw54XI
TLSH	T129D6334F7792DC44562E8B3B8E25CE47BD68B58F89961094B6F45E386CBFB8B010F421
Magika	zip
Reporter	aachum
Tags:	HIjackLoader IDATLoader zip

iamaachum

https://www.mediafire.com/file_premium/tgt65hk2h8vsbrn/skeletal.bin/file

Intelligence

File Origin

# of uploads :

# of downloads :

625

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

81.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67d078334fd7d3fd0e084b9f

Tags:

injection obfusc

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/01fbad5536413581e293f3aaafe461ca28599430c226b3c0ec46c662e707bfc4

Result

Verdict:

SUSPICIOUS

Link:

https://labs.inquest.net/dfi/sha256/01fbad5536413581e293f3aaafe461ca28599430c226b3c0ec46c662e707bfc4

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Score:

Verdict:

Benign

File Type:

Result

Malware family:

n/a

Score:

5/10

Tags:

discovery

Link:

https://tria.ge/reports/250311-yss24st1ax/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/01fbad5536413581e293f3aaafe461ca28599430c226b3c0ec46c662e707bfc4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CAS_Malware_Hunting Create hunting rule
Author:	Michael Reinprecht
Description:	DEMO CAS YARA Rules for sample2.exe

Rule name:	Check_OutputDebugStringA_iat Create hunting rule

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	RedOctoberPluginCollectInfo Create hunting rule

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)