MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f43fa626eba192e3e4d0ea1b7c1741cc9d4adbd20d640fd3e4c659fc416f954. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f43fa626eba192e3e4d0ea1b7c1741cc9d4adbd20d640fd3e4c659fc416f954
SHA3-384 hash: bc97be8db6dcbafcba9eb857a6d57eb8ab0a89228654e61ebcbb66ed7e823a7e3c870693ccef0e15917f5b2fdec91196
SHA1 hash: 168c6ed8f50e8506c251cf4fdfd7f954cb2c798b
MD5 hash: f738370349ed023ac570c8bf014d312d
humanhash: blossom-seven-fish-winter
File name:SecuriteInfo.com.Win32.Malware-gen.13042.650
Download: download sample
File size:271'360 bytes
First seen:2025-06-07 17:29:38 UTC
Last seen:2025-06-07 18:33:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9834aee0b65415f8983a3b3a5285fe81
ssdeep 3072:whtdotqU3wzwhisYGC24tqwcK43o4Id8LRBfooTf434NhV/bVjhSAg0Fuj0D1Vh0:wvVUA0hRv4t7bdcRBAoUMtSAOk6+g
TLSH T157448D21B591C432D57211375D78DB6A653DB9200B668AEF93EC0A3ECF341C16B32A77
TrID 32.2% (.EXE) Win64 Executable (generic) (10522/11/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4504/4/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
609
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7920/
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=684477ec07b5e8c1cfe5724a
Tags:
shellcode virus sage
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Running batch commands
Verdict:
Malicious
Labled as:
ShellCode.PE.Marte.1.Generic
Link:
https://www.hybrid-analysis.com/sample/2f43fa626eba192e3e4d0ea1b7c1741cc9d4adbd20d640fd3e4c659fc416f954
Malware family:
pe2shc
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/3cbb610b-b2f1-472f-bb9e-69d34f677b5b
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1708989
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1708989 Sample: SecuriteInfo.com.Win32.Malw... Startdate: 07/06/2025 Architecture: WINDOWS Score: 56 12 Antivirus / Scanner detection for submitted sample 2->12 14 Multi AV Scanner detection for submitted file 2->14 6 SecuriteInfo.com.Win32.Malware-gen.13042.650.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started        10 cmd.exe 1 6->10         started       
Score:
88%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/2f43fa626eba192e3e4d0ea1b7c1741cc9d4adbd20d640fd3e4c659fc416f954
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f43fa626eba192e3e4d0ea1b7c1741cc9d4adbd20d640fd3e4c659fc416f954/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/2f43fa626eba192e3e4d0ea1b7c1741cc9d4adbd20d640fd3e4c659fc416f954
Threat name:
Win32.Hacktool.PEShellCode
Create hunting rule
Status:
Malicious
First seen:
2021-02-03 16:46:23 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
20 of 36 (55.56%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f5b7uytoxims4psnb2q3pqludte5jln5edleb7j6jrsz7raw7fka._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250607-v28x5syny3/
Behaviour
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d36c82b2-5d55-4e70-b545-0f6cd7959979
Unpacked files
SH256 hash:
2f43fa626eba192e3e4d0ea1b7c1741cc9d4adbd20d640fd3e4c659fc416f954
MD5 hash:
f738370349ed023ac570c8bf014d312d
SHA1 hash:
168c6ed8f50e8506c251cf4fdfd7f954cb2c798b
Detections:
win_svcready_a0
Create hunting rule
Link:
https://www.unpac.me/results/7ee7445e-367f-43ee-836d-a460823fc359/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2f43fa626eba192e3e4d0ea1b7c1741cc9d4adbd20d640fd3e4c659fc416f954

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:malware_shellcode_hash
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect shellcode api hash value
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2f43fa626eba192e3e4d0ea1b7c1741cc9d4adbd20d640fd3e4c659fc416f954

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3559025/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/7920/

Comments