MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1564e19b36ffc4e12becc4fb73359de13191ac8df62def45f045efbd6ef36e79. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 20 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1564e19b36ffc4e12becc4fb73359de13191ac8df62def45f045efbd6ef36e79
SHA3-384 hash: 151261ac98dc0c28c76555ed33438ba5e8b6ec047e108437b6c152fb15596060078ce6235a26f185aa766218cea9a765
SHA1 hash: 9c38f0b44eb206680835ef7c3d65ee571db044d9
MD5 hash: 93f4ef07fd4d202fc95e13878b43dd64
humanhash: uniform-seven-virginia-july
File name:SecurityScan.zip
Download: download sample
File size:861'348 bytes
First seen:2025-09-04 08:09:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:4Zx9izVPpNUeoY2VPCqn8YkKM1bBxt29lZrhj:4ZzGVUeClCo8BKM1bgNj
TLSH T13D05334A021B9833652AC67B1EAA5C5F93D186143C3E0CFE840D9D5DB1EDCBE9D2A3D4
Magika zip
Reporter JAMESWT_WT
Tags:cnmpaui d32tpl7xt7175h-cloudfront-net SecurityScan zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
IT IT
File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:cnmplog.dat
File size:636'928 bytes
SHA256 hash: a7d12712673a4e3b6d62a9d84f124e62689da12f0a3ee6009369ecf469ce8182
MD5 hash: 30e44a7d477e89364b740d04cabcfed3
MIME type:application/octet-stream
File name:cnmpaui.dll
File size:103'424 bytes
SHA256 hash: ee9295fa36e29808ff36beb55be328b68d82f267d2faa54db26e0bf86b78fa56
MD5 hash: 1263bb047f3a83fc6dc90aaf362b34d2
MIME type:application/x-dosexec
File name:cnmpaui.exe
File size:360'112 bytes
SHA256 hash: 4ed76fa68ef9e1a7705a849d47b3d9dcdf969e332bd5bcb68138579c288a16d3
MD5 hash: 0538e73fc195c3b4441721d4c60d0b96
MIME type:application/x-dosexec
Vendor Threat Intelligence
Verdict:
Suspicious
Score:
50%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68b94ac43e988eb6ab83ad3a
Tags:
injection obfusc crypt
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/1564e19b36ffc4e12becc4fb73359de13191ac8df62def45f045efbd6ef36e79/results/dashboard
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
anti-debug expired-cert fingerprint microsoft_visual_cc signed threat
Link:
https://www.filescan.io/uploads/68b949581c81c34281de2642/reports/567493bd-8799-4026-b135-f19c65c20d16/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/1564e19b36ffc4e12becc4fb73359de13191ac8df62def45f045efbd6ef36e79
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/1564e19b36ffc4e12becc4fb73359de13191ac8df62def45f045efbd6ef36e79
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/1564e19b36ffc4e12becc4fb73359de13191ac8df62def45f045efbd6ef36e79/results?tab=lookup
Score:
76%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/1564e19b36ffc4e12becc4fb73359de13191ac8df62def45f045efbd6ef36e79
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Zip Archive
Link:
https://app.malva.re/file/93f4ef07fd4d202fc95e13878b43dd64
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1564e19b36ffc4e12becc4fb73359de13191ac8df62def45f045efbd6ef36e79/
Threat name:
Win32.Trojan.Kepavll
Create hunting rule
Status:
Malicious
First seen:
2025-09-04 08:09:36 UTC
File Type:
Binary (Archive)
Extracted files:
29
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cvsodgzw77cock7myt5xgnm54eyzdlen6yw66rpqixx323xtnz4q._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
adware discovery persistence spyware
Link:
https://tria.ge/reports/250904-j4t18aswdz/
Behaviour
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.68
Link:
https://yomi.yoroi.company/submissions/1564e19b36ffc4e12becc4fb73359de13191ac8df62def45f045efbd6ef36e79

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CAS_Malware_Hunting
Create hunting rule
Author:Michael Reinprecht
Description:DEMO CAS YARA Rules for sample2.exe
Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments