MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fd14cc4fce97709aa937cb5e718559411d1c3676d3c357497d40cd8c18beb19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fd14cc4fce97709aa937cb5e718559411d1c3676d3c357497d40cd8c18beb19
SHA3-384 hash: a647b3cb09579b36c0c0c6f161364b4beaebced6e11166a68730b3048af09ab0d5f12e040bcb0e67f352a051b1f56d0a
SHA1 hash: 94e437e41bd0b37823c264e75e65fdd02c25aad9
MD5 hash: bcd4b5f15a7872b87c1615eec217811e
humanhash: eleven-solar-lactose-dakota
File name:app-asar.zip
Download: download sample
File size:790'495 bytes
First seen:2025-09-23 15:27:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:+LCKPfp66DdQegswyUme+LCKPfp66EJRaP5xU:2X1Zbg6de2X1SRIxU
TLSH T1B1F4222A7D4E42B2D15F613AE52F6EF6C492FAC89C19590CE22C7A1734F0E17B50B874
Magika zip
Reporter JAMESWT_WT
Tags:App-asar LootRush zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
IT IT
File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:app.asar
File size:94'519 bytes
SHA256 hash: de6f71662bc5e0c8c7860a4910f9ec35569014872ae7a2124819c3f7fee816d8
MD5 hash: 1f1852da7c8b84f14c7149984756397f
MIME type:application/octet-stream
File name:app (2).asar
File size:288'562 bytes
SHA256 hash: 27fb90af8ddea78213468aa29c0ddebc36be8cbe47924727e19d9b84dc286d29
MD5 hash: a7909c6c90b33e3c87365197ed90e04e
MIME type:application/octet-stream
File name:app (6).asar
File size:292'789 bytes
SHA256 hash: 7e5bdf7660ea3ce8be2da05f4eceaef9e2e2f0dc9de4250e8d0404dd84c9e2e4
MD5 hash: e7c98245d091400edd7ab1d402618db4
MIME type:application/octet-stream
File name:app (4).asar
File size:294'939 bytes
SHA256 hash: 92f87b6a0e369e4a7d599969b323c057a5249654e0c33d0c0addc67ff1cccf9d
MD5 hash: 9ab55d8391a80efd4898f8586210f1fe
MIME type:application/octet-stream
File name:app (3).asar
File size:312'334 bytes
SHA256 hash: 45b82a5e338fd9780ae15d9cada419750f55d3a0c4277fe18687a72fcef8507e
MD5 hash: 5bef71ff009df93327e054102e971ee9
MIME type:application/octet-stream
Vendor Threat Intelligence
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68d2baeca8481b7a76abd2ca
Tags:
spawn
Result
Verdict:
Unknown
File Type:
ZIP File
Link:
https://app.docguard.net/0fd14cc4fce97709aa937cb5e718559411d1c3676d3c357497d40cd8c18beb19/results/dashboard
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68d2bc74c24f53840f2eeaa0/reports/0da497c7-48f8-44c3-976d-a47711fa7b29/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0fd14cc4fce97709aa937cb5e718559411d1c3676d3c357497d40cd8c18beb19
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/0fd14cc4fce97709aa937cb5e718559411d1c3676d3c357497d40cd8c18beb19
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/0fd14cc4fce97709aa937cb5e718559411d1c3676d3c357497d40cd8c18beb19/results?tab=lookup
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Zip Archive
Link:
https://app.malva.re/file/bcd4b5f15a7872b87c1615eec217811e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0fd14cc4fce97709aa937cb5e718559411d1c3676d3c357497d40cd8c18beb19/
Threat name:
Script-JS.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-09-23 15:28:47 UTC
File Type:
Binary (Archive)
Extracted files:
150
AV detection:
5 of 24 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b7iuzrh45f3qtkutps26ogcvsqi5dq3hnu6dk5ex2qgnrqml5mmq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
execution
Link:
https://tria.ge/reports/250923-s44p4aszgs/
Behaviour
Command and Scripting Interpreter: JavaScript
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/0fd14cc4fce97709aa937cb5e718559411d1c3676d3c357497d40cd8c18beb19

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:PowerShell_Susp_Parameter_Combo_RID336F
Create hunting rule
Author:Florian Roth
Description:Detects PowerShell invocation with suspicious parameters
Reference:https://goo.gl/uAic1X
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:SUSP_obfuscated_JS_obfuscatorio
Create hunting rule
Author:@imp0rtp3
Description:Detect JS obfuscation done by the js obfuscator (often malicious)
Reference:https://obfuscator.io
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments