MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2874868daf6660876cec6a903d2bbb9b437d8d2ff173d8bc39e6f18a016ed838. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2874868daf6660876cec6a903d2bbb9b437d8d2ff173d8bc39e6f18a016ed838
SHA3-384 hash: 1e48fedfa7a5940e62540741589c8672b51da01d1042c0547ff17986d06fea5bd3d0a2e44a2cb88b8478360000123753
SHA1 hash: 4fd4b0f0ec7f9869c5a341dd3e11f76a1b611efa
MD5 hash: dbfbfb159bf14e53d74aa9152bca09c3
humanhash: lima-four-lion-comet
File name:2874868daf6660876cec6a903d2bbb9b437d8d2ff173d8bc39e6f18a016ed838
Download: download sample
File size:1'754'704 bytes
First seen:2026-05-28 06:44:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 82b407bd94ace9b3a0545d370731833c
ssdeep 49152:g/rq4vbuBqQ+53khTgLl5ZmbX67L7SAvV:g/tbm44wWX6e2
TLSH T1178523FBE7A2BD17D4AD0C71405769896C50EC17AA584B373662307FBC732B26602C7A
TrID 35.7% (.EXE) UPX compressed Win32 Executable (27066/9/6)
35.0% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.9% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon f0cccccc9cf8f8f0 (1 x RedLineStealer, 1 x Adware.Generic, 1 x AllcomeClipper)
Reporter JAMESWT_WT
Tags:82-39-86-48 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
IT IT
Vendor Threat Intelligence
Malware configuration found for:
PEPacker
Details
PEPacker
a UPX version number and an unpacked binary
Link:
https://research.acce.ciphertechsolutions.com/results/456349ad-0494-4156-b387-964935c0bf7c/
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/68234/
Detection(s):
SecuriteInfo.com.UntrustedCertificate.OpenCandy7AF.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Adware.Certificate-1243.UNOFFICIAL
Create hunting rule

Win.Virus.Sality-9953059-1
Create hunting rule

Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a17e4a333dfa243d40a4d0f
Tags:
downloader dropper extens lien
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% directory
DNS request
Creating a window
Creating a file in the %AppData% subdirectories
Сreating synchronization primitives
Searching for the window
Moving a file to the %AppData% subdirectory
Connection attempt
Sending an HTTP GET request
Launching a process
Creating a process with a hidden window
Loading a suspicious library
Moving a file to the %temp% directory
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context microsoft_visual_cc obfuscated overlay packed packed upx
Link:
https://www.filescan.io/uploads/6a17e49c099ef368af077ff0/reports/28ad75c3-0269-45f3-9030-ae476dad658c/overview
Verdict:
Malicious
Labled as:
UTorrent.C potentially unwanted application
Link:
https://www.hybrid-analysis.com/sample/2874868daf6660876cec6a903d2bbb9b437d8d2ff173d8bc39e6f18a016ed838
Verdict:
Malicious
File Type:
exe x32
First seen:
2021-02-07T23:54:00Z UTC
Last seen:
2024-06-19T11:44:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/2874868daf6660876cec6a903d2bbb9b437d8d2ff173d8bc39e6f18a016ed838/results?tab=lookup
Malware family:
OpenCandy
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/2fa2799c-75d5-415c-8c9f-ddf4e6d257b1
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/2874868daf6660876cec6a903d2bbb9b437d8d2ff173d8bc39e6f18a016ed838
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2874868daf6660876cec6a903d2bbb9b437d8d2ff173d8bc39e6f18a016ed838/
Threat name:
Win32.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2015-04-12 06:16:00 UTC
File Type:
PE (Exe)
Extracted files:
372
AV detection:
22 of 38 (57.89%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fb2indnpmzqio3hmnkid2k53tnbx3djp6fz5rpbz43yyualo3a4a._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
adware defense_evasion discovery spyware trojan upx
Link:
https://tria.ge/reports/260528-hjgpqaax6z/
Behaviour
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Modifies registry class
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
UPX packed file
Checks installed software on the system
Executes dropped EXE
Identifies Wine through registry keys
Downloads MZ/PE file
Unpacked files
SH256 hash:
2874868daf6660876cec6a903d2bbb9b437d8d2ff173d8bc39e6f18a016ed838
MD5 hash:
dbfbfb159bf14e53d74aa9152bca09c3
SHA1 hash:
4fd4b0f0ec7f9869c5a341dd3e11f76a1b611efa
Link:
https://www.unpac.me/results/c04d44b0-0f7c-4fda-8a40-884868d26d2f/
SH256 hash:
cb3bf4320d88e3b9caefd04bf799f102cae9d2d03259c4b7aee1bed52fbeff55
MD5 hash:
c533c9066f6caad770e5eb09f6fa0a0c
SHA1 hash:
886bd43b075d75c9e4deb07d44574302a439f5ce
Link:
https://www.unpac.me/results/c04d44b0-0f7c-4fda-8a40-884868d26d2f/
SH256 hash:
909e950489b1cd3d4483cf8ad69699e6fbea8d5688016ce56620512e0f28bcf3
MD5 hash:
127e8ad319d5a252da0e722d061c346a
SHA1 hash:
dc97c37178c3413a1ae00b4d40bbd90d160b663c
Link:
https://www.unpac.me/results/c04d44b0-0f7c-4fda-8a40-884868d26d2f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2874868daf6660876cec6a903d2bbb9b437d8d2ff173d8bc39e6f18a016ed838

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:detect_RWS_pe_rule
Create hunting rule
Author:wonderkun
Description:Detects RWX-S signed binaries. This only verifies that the image contains a signature, not that it is valid.
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:UPX293300LZMAMarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXv20MarkusLaszloReiser
Create hunting rule
Author:malware-lu
Rule name:upx_largefile
Create hunting rule
Author:k3nr9
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/68234/

Comments