MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24e8c437fd971140b5b616acea1102572d00688d6590caa0d8a335ee4d2189f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA 25 File information Comments

SHA256 hash:	24e8c437fd971140b5b616acea1102572d00688d6590caa0d8a335ee4d2189f4
SHA3-384 hash:	c593449877ebe6b611e0cb13d1c89c01b7e4f16e56226709404434a593467fa54767f9f1354e81fad60bd030e3b7a1e9
SHA1 hash:	6d0747469c6b2fc1f43d62b14a3de6c6084474fc
MD5 hash:	e412530b8eef2c02bdf57a1f03dfd60b
humanhash:	alpha-blossom-grey-pluto
File name:	2oxfordmobilexray.zip
Download:	download sample
File size:	11'243'352 bytes
First seen:	2026-04-01 12:17:27 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	196608:kOVOdlFnsuc6Dnxi/PEkloEePBtKriRbJdDHQZxP3bpoKFZbx:5VOdzsucm3Ge2rKq5rp5n9
TLSH	T15BB633BD89313CB2C6DEF872A0675D287CC8041765AED0FA3B7A36559B477907233A18
Magika	zip
Reporter	JAMESWT_WT
Tags:	nisuwyyyqsafdas-com zip

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 18 file(s), sorted by their relevance:

File name:	wxmsw32u_core_gcc_custom.dll
File size:	5'291'008 bytes
SHA256 hash:	2e681ab8f0907453efff16c6ba2d06cfe5efde800ea6268bd5b574806a3c4ff0
MD5 hash:	23ee6e74759136e495fb8cae9d127823
MIME type:	application/x-dosexec

File name:	libstdc++-6.dll
File size:	2'279'936 bytes
SHA256 hash:	2586bbbca788de5f99b9242a27702baf0ffeb2e02a79340a7639f45459af9b34
MD5 hash:	b0a5b027d0093acfb91a1e7ea00bb152
MIME type:	application/x-dosexec

File name:	libgmp-10.dll
File size:	649'216 bytes
SHA256 hash:	5e234d4bf81ad73dfe342b687a5e6c591688ebd09aab4eb216306d6a935efeb3
MD5 hash:	d747093f789b69936f996d0e77077a05
MIME type:	application/x-dosexec

File name:	wxmsw32u_xrc_gcc_custom.dll
File size:	814'080 bytes
SHA256 hash:	a276817ae582bb8b20922088156e90fec7351cf643a365e5a924c8f15c4dfb39
MD5 hash:	21c15a394c05108868267b1d74ee6b43
MIME type:	application/x-dosexec

File name:	libpng16-16.dll
File size:	240'128 bytes
SHA256 hash:	c3fec619d6e4265889cac85da28e74c995fe7edb06ce6e55384b44b9c073c3c4
MD5 hash:	3f6cd43cc2ed9c69f6d7e692648146d6
MIME type:	application/x-dosexec

File name:	libgcc_s_seh-1.dll
File size:	160'256 bytes
SHA256 hash:	e0be5a5f91843d117b0b42d42605061611482406a4e8be3f42ec9a42cf0cfcf7
MD5 hash:	079c3e1d59e261e51395415a4a8375c4
MIME type:	application/x-dosexec

File name:	wxbase32u_gcc_custom.dll
File size:	1'887'232 bytes
SHA256 hash:	d468646cbc406563abda20e8dc19583bd68c1f71bc844c469c1e7ad2a449f668
MD5 hash:	d699131fa9a9eec0a94fde508be45c52
MIME type:	application/x-dosexec

File name:	filezilla.exe
File size:	4'328'448 bytes
SHA256 hash:	34cc44587089222e09a105494a175191b99061ceccb265389cf58b58f35a0da3
MD5 hash:	6a240a69d27a16daeddde7f71665b2a3
MIME type:	application/x-dosexec

File name:	libfilezilla-50.dll
File size:	1'048'064 bytes
SHA256 hash:	9d3c63954a2599739c169908f6369e6a3ec7fcbb5ef4748b42af433d0f41aee8
MD5 hash:	99fdf6df4e103cb51bd718d3c16b937d
MIME type:	application/x-dosexec

File name:	libfzclient-commonui-private-3-69-5.dll
File size:	3'538'944 bytes
SHA256 hash:	2154678a606be199a523590493f14a0811bd5a08db5114d47b4e6dfe8cc7042f
MD5 hash:	afe7b9ea641c23edf42c7da5fd4f9db8
MIME type:	application/x-dosexec

File name:	libsqlite3-0.dll
File size:	1'278'464 bytes
SHA256 hash:	e74a2b8f591f5f05858d188a629269f5b6f76b1dc67486ab4d3ffccbc9e98f28
MD5 hash:	4a75505e22d9f93e00897aa8b092c3d8
MIME type:	application/x-dosexec

File name:	libgnutls-30.dll
File size:	2'166'272 bytes
SHA256 hash:	c2f1b95e91109c527cb9a87f22c017f73a5ccf3cb6c481aaea0a7cbaf754e3db
MD5 hash:	5c4282ce63466cb85895246e211faabb
MIME type:	application/x-dosexec

File name:	libfzclient-private-3-69-5.dll
File size:	1'457'664 bytes
SHA256 hash:	449a8dd70f0850fec570a3b69fe2eeaef35a54d8d0e1ac231a6c357cb631ae1b
MD5 hash:	1e065839b54d88602a2c954b09fc28a5
MIME type:	application/x-dosexec

File name:	libhogweed-6.dll
File size:	275'968 bytes
SHA256 hash:	8a28b6c508ad1e5dc9d041b07b66ad2929adcbb76eb91fdca5958e2245f15668
MD5 hash:	956a134f61bfcfb1f925086198b3ad0b
MIME type:	application/x-dosexec

File name:	wxmsw32u_aui_gcc_custom.dll
File size:	522'752 bytes
SHA256 hash:	565104e5b2e1740dd4f1214d8cba1c650591f3b9a5ac3c7d19eece68ac8ae56a
MD5 hash:	3218a211aec51885d9669f5b56a817c6
MIME type:	application/x-dosexec

File name:	zlib1.dll
File size:	144'896 bytes
SHA256 hash:	c111d4a8788299fa13abffd126b5679d7bb2e771a419d7f599dd73c2ec1abc92
MD5 hash:	18ab93562077b567182d8a21fe8e0a27
MIME type:	application/x-dosexec

File name:	wxbase32u_xml_gcc_custom.dll
File size:	245'760 bytes
SHA256 hash:	bee0be08d36f2e1cf80877f036264a59a0f1a9e45ea3344259a935a85b811d7c
MD5 hash:	f66121d593647cbb626ac43c3f709599
MIME type:	application/x-dosexec

File name:	libnettle-8.dll
File size:	330'240 bytes
SHA256 hash:	13b735c30eb0ff11e48e0be08b0167a53741aaf2f38a8a5f94bf7c94f02ebe8f
MD5 hash:	3825bea1490810d5e3206a78f6ed0f36
MIME type:	application/x-dosexec

Vendor Threat Intelligence

Gathering data

Verdict:

Suspicious

Score:

50%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69cd0d5f6363ca5d27f08ecc

Tags:

injection obfusc crypt

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/24e8c437fd971140b5b616acea1102572d00688d6590caa0d8a335ee4d2189f4

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/24e8c437fd971140b5b616acea1102572d00688d6590caa0d8a335ee4d2189f4

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

File Type:

zip

Link:

https://opentip.kaspersky.com/24e8c437fd971140b5b616acea1102572d00688d6590caa0d8a335ee4d2189f4/results?tab=lookup

Score:

98%

Verdict:

Malware

File Type:

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/260401-p7nw9scx4m/

Behaviour

Suspicious behavior: LoadsDriver

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Executes dropped EXE

Suspicious use of SetThreadContext

Drops startup file

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BLOWFISH_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for Blowfish constants

Rule name:	Check_OutputDebugStringA_iat Create hunting rule

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants

Rule name:	test_Malaysia Create hunting rule
Author:	rectifyq
Description:	Detects file containing malaysia string

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

Rule name:	win_brute_ratel_c4_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.brute_ratel_c4.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 24e8c437fd971140b5b616acea1102572d00688d6590caa0d8a335ee4d2189f4

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3804620/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample