MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 029dc26d4627bc47076118d312dfabce771ae2daf05ce13ecb710f3024cd4ce3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 029dc26d4627bc47076118d312dfabce771ae2daf05ce13ecb710f3024cd4ce3
SHA3-384 hash: b3058e46ef596766a711b254461a2e567112af624cac07554936403bcfcd23d45efc7cd899961d46147cf740298cab40
SHA1 hash: cbf938e308075037229d0758e969646a2f284795
MD5 hash: 21d3c3b3bc5072558e09b6bfa252288f
humanhash: oxygen-angel-chicken-seventeen
File name:25080523754.zip
Download: download sample
File size:273'455 bytes
First seen:2026-05-15 14:47:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: infected
ssdeep 6144:hBSMTwvoPhXfyAEuQ6psxeJz4PqbQpau1HWq27:1MA5sEsxw47su83
TLSH T15944233BBC70966C98F67DA83BC443ED842FA2DD49AE244305FC8BB0BA49097165F654
Magika zip
Reporter Anonymous
Tags:NSISPacker zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
DE DE
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:986011efb401d8e711b35820e4d31c73975cc3e6c680c1be5892ee69c9f24faf
File size:293'504 bytes
SHA256 hash: 986011efb401d8e711b35820e4d31c73975cc3e6c680c1be5892ee69c9f24faf
MD5 hash: 95a14b8ce0e233a8693edeb089d8bda7
MIME type:application/x-dosexec
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/af7b3664-efc8-44e0-b9db-b024e2d87846/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a073247953bbcef1c907f73
Tags:
injection obfusc crypt
Result
Verdict:
Malicious
File Type:
PE File
Link:
https://app.docguard.net/029dc26d4627bc47076118d312dfabce771ae2daf05ce13ecb710f3024cd4ce3/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-debug evasive installer installer installer-heuristic microsoft_visual_cc nsis reconnaissance signed similar-threat
Link:
https://www.filescan.io/uploads/6a07323fefbd399b39b13322/reports/2f71867f-68c8-4935-a911-d8d14593367e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/029dc26d4627bc47076118d312dfabce771ae2daf05ce13ecb710f3024cd4ce3
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/029dc26d4627bc47076118d312dfabce771ae2daf05ce13ecb710f3024cd4ce3
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/029dc26d4627bc47076118d312dfabce771ae2daf05ce13ecb710f3024cd4ce3/results?tab=lookup
Score:
96%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/029dc26d4627bc47076118d312dfabce771ae2daf05ce13ecb710f3024cd4ce3
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Zip Archive
Link:
https://app.malva.re/file/21d3c3b3bc5072558e09b6bfa252288f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/029dc26d4627bc47076118d312dfabce771ae2daf05ce13ecb710f3024cd4ce3/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-05-15 14:48:42 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ako4e3kge66eob3bddjrfx5lzz3rvyw26boocpwloehtajgnjtrq._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/029dc26d4627bc47076118d312dfabce771ae2daf05ce13ecb710f3024cd4ce3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_NSIS_Nullsoft_Installer
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects NSIS installers by .ndata section + NSIS header string
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 029dc26d4627bc47076118d312dfabce771ae2daf05ce13ecb710f3024cd4ce3

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments