MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17355179730a16c9a1e4e81b747ae084618c2210c11dcb78b291ca757dacc853. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 17355179730a16c9a1e4e81b747ae084618c2210c11dcb78b291ca757dacc853
SHA3-384 hash: 644e2694c3512492adf06c915bc26fac18619f709b5024866635c9bf3adbdd5cf6a0297e6625ecfcd44dea622baf51ad
SHA1 hash: 8aa4b0fb8d6256dae8a9426722a5bb7865a3d6b1
MD5 hash: a77522fcddd2b67efbc64deb3279a674
humanhash: paris-tennis-pizza-summer
File name:AppSuite-PDF.zip
Download: download sample
File size:2'320'857 bytes
First seen:2025-08-20 15:02:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: infected
ssdeep 49152:dISMOznnAs/VWo2y/Yj/mayzMAOTO67Ov2Int6BQWP516QRY25dU:dIQD5/cRVOxM7Ov22sBz16QK25dU
TLSH T1ACB533ED9E0290D03A6BC72C3070108124299F65F5276E2A3A947FDE5BC1A265D73FD7
Magika zip
Reporter struppigel
Tags:AppSuite-PDF backdoor TamperedChef zip


Avatar
struppigel
software download from pdfreplace.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
DE DE
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:AppSuite-PDF
File size:2'879'488 bytes
SHA256 hash: fde67ba523b2c1e517d679ad4eaf87925c6bbf2f171b9212462dc9a855faa34b
MD5 hash: 213eca72f00563fa2ed788a1212c67e0
MIME type:application/x-msi
Vendor Threat Intelligence
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68a5e3d78fd55a79c5297a59
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug expired-cert installer lolbin revoked-cert rundll32 signed threat wix
Link:
https://www.filescan.io/uploads/68a5e41dabfbaec31826b8a9/reports/c87c7d28-3fa2-4cea-926e-650cd5166de4/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/17355179730a16c9a1e4e81b747ae084618c2210c11dcb78b291ca757dacc853
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/17355179730a16c9a1e4e81b747ae084618c2210c11dcb78b291ca757dacc853
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Score:
0%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/17355179730a16c9a1e4e81b747ae084618c2210c11dcb78b291ca757dacc853
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout PE Memory-Mapped (Dump) SOS: 0.18 SOS: 0.21 SOS: 0.22 SOS: 0.24 SOS: 0.27 Zip Archive
Link:
https://app.malva.re/file/a77522fcddd2b67efbc64deb3279a674
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/17355179730a16c9a1e4e81b747ae084618c2210c11dcb78b291ca757dacc853/
Verdict:
Malicious
Threat:
Trojan.Win32.Agent
Link:
https://tip.neiki.dev/file/17355179730a16c9a1e4e81b747ae084618c2210c11dcb78b291ca757dacc853
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-08-20 15:07:47 UTC
File Type:
Binary (Archive)
Extracted files:
107
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c42vc6ltbilmtipe5anxi6xaqrqyyiqqyeo4w6fsshfhk7nmzbjq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery persistence privilege_escalation
Link:
https://tria.ge/reports/250820-szhxtshj6s/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Event Triggered Execution: Installer Packages
System Location Discovery: System Language Discovery
Loads dropped DLL
Blocklisted process makes network request
Enumerates connected drives
Modifies trusted root certificate store through registry
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/17355179730a16c9a1e4e81b747ae084618c2210c11dcb78b291ca757dacc853

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments