MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 081b2455cbf464eee43082d023137137eaf43b7a6e1f475feeb75b7cdaaa4cac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 081b2455cbf464eee43082d023137137eaf43b7a6e1f475feeb75b7cdaaa4cac
SHA3-384 hash: f5252ec5773c188f1b0fe6bbc13fb14122fd1ff616989c81881f4313fa54d37be5fd5636e01c27d25349b9ede465ce77
SHA1 hash: 93e54785137b1471ed7530ae0e8da5640dd0cdb0
MD5 hash: 7c9de4d2c78e006f11ad8f1c44966fb4
humanhash: sweet-virginia-early-video
File name:Sora - OpenAi v1.1.1.zip
Download: download sample
File size:28'177'989 bytes
First seen:2024-04-16 09:06:10 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 786432:lBr8b3ZUrQ6cc59A8Y6/EW1H3XDPs1S693nokIuWjw:lqkQ6cGm8Y6nnTs1lnPIuWjw
TLSH T1A857332ED5AD09DED02722173B30AAB0C5BF619E8463635AF82D93897CFF79D4325244
TrID 58.3% (.MAFF) Mozilla Archive Format (gen) (7000/1/1)
33.3% (.ZIP) ZIP compressed archive (4000/1)
8.3% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter g0njxa
Tags:Facebook Vietnam zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
ES ES
File Archive Information

This file archive contains 23 file(s), sorted by their relevance:

File name:libssh2.dll
File size:166'912 bytes
SHA256 hash: ed0db696c2ae8b896eab6fd8c71e5fa4c88e6a90b98fffc354593288d59fe119
MD5 hash: 73f95c1b2a23be7a80aa75250b8f25ad
MIME type:application/x-dosexec
File name:php_mbstring.dll
File size:1'233'920 bytes
SHA256 hash: 6653e52f3a7d12afc5e1d5922a73d56a9d914864a1f882004e986ea210005b61
MD5 hash: 91e97c0ebbe5a7053b9396b1e376283d
MIME type:application/x-dosexec
File name:php_openssl.dll
File size:88'064 bytes
SHA256 hash: 673596e0945d61b3f5ff71d293ff8c2cc38464142bdde00387a87ea9af646aed
MD5 hash: 7b404ba96f7f535fee77b97e0e45de2c
MIME type:application/x-dosexec
File name:msvcr110.dll
File size:875'472 bytes
SHA256 hash: b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
MD5 hash: 4ba25d2cbe1587a841dcfb8c8c4a6ea6
MIME type:application/x-dosexec
File name:php_curl.dll
File size:402'432 bytes
SHA256 hash: 05c99429e208bc9f345c791e16dd3f68ec628186d64e2acbc7f2f6dcc877bf11
MD5 hash: c8cce26e1f5c4ebcaf7d4f6f9cf6f994
MIME type:application/x-dosexec
File name:php_gd2.dll
File size:1'394'176 bytes
SHA256 hash: ddc10933f9d057fbb929f59997f5913182ce928dc8ffad8963eed74c2ef50256
MD5 hash: 6b5a11b8724dbb00f921d0d3adddc0f8
MIME type:application/x-dosexec
File name:ssleay32.dll
File size:274'944 bytes
SHA256 hash: df5ca94869c6532d6db6c2aafddc4eab93e867670ce5964728248df68e07ce20
MD5 hash: a24016af3e4cb13139f7904fd1fd847d
MIME type:application/x-dosexec
File name:php_ioncube.dll
File size:798'208 bytes
SHA256 hash: 4b6f679ab3da317ee310d5bd482b41a77f5ebf1fc0d514d3595c3d16db6e7327
MD5 hash: c57d5f4ec2992e6b06e891d09dcc3e32
MIME type:application/x-dosexec
File name:WDSync.dll
File size:15'360 bytes
SHA256 hash: 12e633b25946133b8c6bdb12029a6705dbde6a0b58a8fb028dbc80697c2f14ba
MD5 hash: a0aae6000f5d7a2abc603afe54d284b5
MIME type:application/x-dosexec
File name:php.exe
File size:65'024 bytes
SHA256 hash: 702d09e982e2af6bf5d828bb1d27bd3a48efcab7cf8837b023953354c4026550
MD5 hash: a1fe2fe70b38f91230cb5f4ca22b2c0c
MIME type:application/x-dosexec
File name:rhc.exe
File size:1'536 bytes
SHA256 hash: 22e7528e56dffaa26cfe722994655686c90824b13eb51184abfe44d4e95d473f
MD5 hash: abc6379205de2618851c4fcbf72112eb
MIME type:application/x-dosexec
File name:php_fileinfo.dll
File size:2'869'760 bytes
SHA256 hash: 1132e7e1cd973f0d44da001bc64ac36a061b69192c9d8ea175cd73e94100bcc0
MD5 hash: f53c9423bd798be924215b6d50dd57e1
MIME type:application/x-dosexec
File name:php_pdo_sqlite.dll
File size:486'400 bytes
SHA256 hash: 8b46ab99dad214f30ff11daf08d6b77041165875a04b3d4dc16cdfcfe73ca625
MD5 hash: 233fa83055777dfc5602c15e049e381b
MIME type:application/x-dosexec
File name:php_bz2.dll
File size:66'048 bytes
SHA256 hash: d1457076b72d629f0af7e98cd6fe5be4fb0b18fb9c15675f2995b4c5e88a8106
MD5 hash: 2e83d3a008f9d9bf6c6785d4feba5c75
MIME type:application/x-dosexec
File name:php5.dll
File size:6'982'144 bytes
SHA256 hash: 36179be42a85e363099ab57852f6fd1cd12e602e1475841ab169d13fc8955065
MD5 hash: 0f9246f67611db06b9082a03e2680aba
MIME type:application/x-dosexec
File name:libeay32.dll
File size:1'297'408 bytes
SHA256 hash: fe5ceefedcec83d40bd63a7cc2d4ae4012b3f59f1098638056fdc1a477d405f7
MD5 hash: d02143376cdea15b313a398a4caf3735
MIME type:application/x-dosexec
File name:Sora - OpenAi Beta v.1.1.exe
File size:157'552 bytes
SHA256 hash: cb807472bb6d4d1113fcbc209d6a08fa80ff9e53c83b1aa37f9d6f549affd68c
MD5 hash: 37932fd952d6d845927f25f42cb3c628
MIME type:application/x-dosexec
File name:php_com_dotnet.dll
File size:71'168 bytes
SHA256 hash: e7acc59480842e662351c2026f08ab67971ee33c34c663ce509a4c9473e643fa
MD5 hash: e6356bb0442e22f4c833c8f3faa12e54
MIME type:application/x-dosexec
File name:php.ini
File size:72'532 bytes
SHA256 hash: 9d2acec331a9e21ac406c8c469f68d943bca1503f9034a1bdd81664c993a9235
MD5 hash: dc20e139ccdcf3ab7037a18e52a00755
MIME type:text/plain
File name:index.php
File size:10'373 bytes
SHA256 hash: 996e0e86a18d0b129d48fac97ef3c7a74cfcdfca89f38ea24af92bddb07f7f74
MD5 hash: e1829b8350d861ff3a3bce5f167a4db3
MIME type:text/x-php
File name:PlayVideoFull.mp4
File size:21'093'317 bytes
SHA256 hash: dac5c406f82c5d2c2f6473b6b864f23cd36055be91d01a4670ac1d4b797ffa42
MD5 hash: 9804131e8c787e4cbe2dcb43f2a3ff17
MIME type:video/mp4
File name:openai.api
File size:88 bytes
SHA256 hash: fcfaf39e980b6fd20b1c27dae0565145b4e52dad257a780dcc2919800f8856b7
MD5 hash: 850952b67ab0c698657c3d908f559816
MIME type:text/plain
File name:include.php
File size:9'590 bytes
SHA256 hash: 0d78ba7e8a43f92511616c5be20197a2ad2d78b108cd68cad9a8005fde7d80df
MD5 hash: 273bd3d5da3cfcf66b62c219138dff27
MIME type:text/x-php
Vendor Threat Intelligence
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/081b2455cbf464eee43082d023137137eaf43b7a6e1f475feeb75b7cdaaa4cac
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/081b2455cbf464eee43082d023137137eaf43b7a6e1f475feeb75b7cdaaa4cac
Score:
14%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/081b2455cbf464eee43082d023137137eaf43b7a6e1f475feeb75b7cdaaa4cac
Gathering data
Threat name:
Script-PHP.Trojan.IonCubeLoader
Create hunting rule
Status:
Malicious
First seen:
2024-03-29 19:37:17 UTC
File Type:
Binary (Archive)
Extracted files:
66
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bansivol6rso5zbqqlicge3rg7vpio32nypuox7ow5nxzwvkjswa._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/240416-myfs7aad7s/
Behaviour
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Patched UPX-packed file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/081b2455cbf464eee43082d023137137eaf43b7a6e1f475feeb75b7cdaaa4cac

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BLOWFISH_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for Blowfish constants
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:pe_imphash
Create hunting rule
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments