MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30577961b8385513744ff7dadade82b2a63f8fb2f4355dfa7ff13a067119d281. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SilverFox


Vendor detections: 12


Intelligence 12 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30577961b8385513744ff7dadade82b2a63f8fb2f4355dfa7ff13a067119d281
SHA3-384 hash: 9e71484cf681f1aecbcc9930ab0c5f160e4a518ec8083f380fb6ad9a07806762ae72e0a10d02f427dc23d285cfd981ad
SHA1 hash: ccf2cdec7ac1e602b424c9c73c262e3d4e115086
MD5 hash: d197c687159d564efb78db9c4fb4d29b
humanhash: river-carpet-seven-michigan
File name:165-018gx安装.exe
Download: download sample
Signature SilverFox
Create hunting rule
File size:3'440'096 bytes
First seen:2026-03-01 03:19:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b484b52df60e8d823b647a09bb1e39f9 (1 x DonutLoader, 1 x SilverFox)
ssdeep 98304:vcKxvQv/wuMiNwjDc/cpeMJAwsSInZ48EQNCekd:mGYXws/a
Threatray 53 similar samples on MalwareBazaar
TLSH T119F53391F0249F21C51BB074F423E9F07783EE78092EAA057C6F97816DC3A742755AAE
TrID 28.6% (.EXE) UPX compressed Win32 Executable (27066/9/6)
28.1% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
17.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
6.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
5.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
Reporter Ling
Tags:exe SilverFox


Avatar
CNGaoLing
SilverFox IOC (Domain slong.help)

Intelligence

File Origin
# of uploads :
1
# of downloads :
156
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
Archives PEPacker
Details
Archives
an extracted 7-zip archive from the overlay data and SFX commands
Archives
a valid ZIP archive
Archives
extracted archive contents
Archives
extracted contents of the ZIP archive
PEPacker
a UPX version number and an unpacked binary
Link:
https://research.acce.ciphertechsolutions.com/results/b9d52fa6-94e9-4a9b-bced-ca0743117cef/
Malware family:
n/a
ID:
1
File name:
165-018gx安装.exe
Verdict:
Malicious activity
Analysis date:
2026-03-01 02:35:41 UTC
Tags:
donutloader loader
Link:
https://app.any.run/tasks/b869c0b4-c9e8-4044-8f04-bdfca5ae5b21

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/55046/
Detection(s):
Win.Malware.Generic-9867923-0
Create hunting rule

SecuriteInfo.com.Variant.Kazy.574451.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a3b03a8fffa866e3b38235
Tags:
autorun madi
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context fingerprint installer installer installer-heuristic overlay packed packed packed unsafe upx
Link:
https://www.filescan.io/uploads/69a3b03691ad9169e534ea1f/reports/e3921166-326e-491f-bf81-406d018bc722/overview
Verdict:
Malicious
Labled as:
Win/grayware_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/30577961b8385513744ff7dadade82b2a63f8fb2f4355dfa7ff13a067119d281
Verdict:
Malicious
File Type:
exe x32
Detections:
UDS:DangerousObject.Multi.Generic Trojan-Dropper.Win32.SFX.zj
Link:
https://opentip.kaspersky.com/30577961b8385513744ff7dadade82b2a63f8fb2f4355dfa7ff13a067119d281/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/47396d06-2461-45e5-8b09-96326b4c838b
Score:
24%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/30577961b8385513744ff7dadade82b2a63f8fb2f4355dfa7ff13a067119d281
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/30577961b8385513744ff7dadade82b2a63f8fb2f4355dfa7ff13a067119d281/
Verdict:
Malicious
Threat:
Family.EMMENHTAL
Link:
https://tip.neiki.dev/file/30577961b8385513744ff7dadade82b2a63f8fb2f4355dfa7ff13a067119d281
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gblxsynyhbkrg5cp67nnvxucwktd7d5s6q2v36t76e5am4iz2kaq._file
Verdict:
malicious
Label(s):
donutloader
Create hunting rule
Similar samples:
23a0b90422e4f7615090907bdc55953e14e9bd1b427e82523ef01bb14d7eccde
SilverFox
30577961b8385513744ff7dadade82b2a63f8fb2f4355dfa7ff13a067119d281
SilverFox
930236706dac79e929ed51a0bc993b528e1efa6254a86ac653d49306fd078246
SilverFox
94410509bb5ff92426768ce7bb5b85f85680e556cc2563ebc37776b092710a6e
SilverFox
e31d446c7b1f28b034ba1cdf43522c598ab670f8a706a048b4be68bdb2492487
SilverFox
ed7cda62c9864ed30aa2501b6e7cc549f8ebbe372080f4a6f1d9de144fb3f631
SilverFox
error
SilverFox
f1a69a7e4493c308beb6b041368f1ad58ae49884789249e684c37672417f8cc5
SilverFox
+ 43 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery upx
Link:
https://tria.ge/reports/260301-dvbwdsa17e/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
UPX packed file
Checks computer location settings
Unpacked files
SH256 hash:
30577961b8385513744ff7dadade82b2a63f8fb2f4355dfa7ff13a067119d281
MD5 hash:
d197c687159d564efb78db9c4fb4d29b
SHA1 hash:
ccf2cdec7ac1e602b424c9c73c262e3d4e115086
Link:
https://www.unpac.me/results/2c064c28-13ce-4629-8898-512d83441d14/
SH256 hash:
50f60b5402e931fea3ffafee2b2ed0030b900e8783b040b63406616b6ecf0e64
MD5 hash:
d11d8c2da38021d8635ee19d893bd20e
SHA1 hash:
4a1b1e59a21af8b7606426ce013fb861fa3f3adc
Link:
https://www.unpac.me/results/2c064c28-13ce-4629-8898-512d83441d14/
Malware family:
DonutLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/30577961b838/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/30577961b8385513744ff7dadade82b2a63f8fb2f4355dfa7ff13a067119d281

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXv20MarkusLaszloReiser
Create hunting rule
Author:malware-lu
Rule name:upx_largefile
Create hunting rule
Author:k3nr9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SilverFox

Executable exe 30577961b8385513744ff7dadade82b2a63f8fb2f4355dfa7ff13a067119d281

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/55046/

Comments