MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 340b93c76e6f489982a23d2e04df0ad05a03c3d744ecb5badc3c041eca945af2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 340b93c76e6f489982a23d2e04df0ad05a03c3d744ecb5badc3c041eca945af2
SHA3-384 hash: 647e84abbe43f9171f6b145b39887b13c7cba8cfb0309435304fbf90210982d99ef69a6292ee65454c7c4532323be869
SHA1 hash: 44b7af1307cc7e6592f171e1369d04310e22fce9
MD5 hash: f4a72f167a5c4efe358002d332d797bc
humanhash: robin-delta-vegan-aspen
File name:plugin-update-studio-193.6626764-windows.exe
Download: download sample
File size:17'407'720 bytes
First seen:2025-03-07 14:59:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash be41bf7b8cc010b614bd36bbca606973 (195 x LummaStealer, 126 x DanaBot, 63 x Vidar)
ssdeep 393216:13M4i0IXN6oCsHoAqdBOe4UA8lfKWpZ6qMEApuLIztsetIM2D04m:PgylLhAUurEAxzWetyDbm
Threatray 732 similar samples on MalwareBazaar
TLSH T1600733737E351681ED46113135BCF870D7625ED9C72226E2C2BAFA941EF0EA84935B2C
TrID 37.3% (.EXE) Win64 Executable (generic) (10522/11/4)
17.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.9% (.EXE) Win32 Executable (generic) (4504/4/1)
7.3% (.ICL) Windows Icons Library (generic) (2059/9)
7.2% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
dhash icon 5b3931b29cd1631d (9 x LummaStealer, 3 x RemcosRAT, 2 x RedLineStealer)
Reporter aachum
Tags:exe Hangzhou Rongyi Network Technology Co. Ltd. signed

Code Signing Certificate

Organisation:Hangzhou Rongyi Network Technology Co., Ltd.
Issuer:Certum Extended Validation Code Signing 2021 CA
Algorithm:sha256WithRSAEncryption
Valid from:2024-09-27T07:50:46Z
Valid to:2025-09-27T07:50:45Z
Serial number: 1616f14fba9c87ab97ad25861ee7a9dc
Intelligence: 12 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:This certificate is on the Cert Central blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 77fc563cabfd503f4387f0903ed6b592c41d5d9b7ee0270dffbe60641c479c52
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
iamaachum
https://github.com/VeraImage/pluginmeet

Intelligence

File Origin
# of uploads :
1
# of downloads :
421
Origin country :
ES ES
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
plugin-update-studio-193.6626764-windows.exe
Verdict:
Malicious activity
Analysis date:
2025-03-07 18:29:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e8f65c9a-c2ea-49ff-b300-1722b9fa23a9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67cb0accc668b65489bfd4f5
Tags:
virus shell nsis blic
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a file
Creating a process from a recently created file
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Changing a file
Modifying an executable file
Creating a file in the Program Files subdirectories
Launching a process
Enabling autorun
Running batch commands
Creating a process with a hidden window
Enabling autorun with the shell\open\command registry branches
Verdict:
Malicious
Labled as:
Trojan[Downloader]/Rugmi.ajr
Link:
https://www.hybrid-analysis.com/sample/340b93c76e6f489982a23d2e04df0ad05a03c3d744ecb5badc3c041eca945af2
Result
Verdict:
UNKNOWN
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/edfeefb1-10fe-47be-a0c2-1e863775e58f
Result
Threat name:
n/a
Detection:
malicious
Classification:
rans.evad
Score:
51 / 100
Link:
https://www.joesandbox.com/analysis/1631902
Signature
AI detected suspicious PE digital signature
Multi AV Scanner detection for submitted file
Possible COM Object hijacking
Writes a notice file (html or txt) to demand a ransom
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Score:
91%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/340b93c76e6f489982a23d2e04df0ad05a03c3d744ecb5badc3c041eca945af2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/340b93c76e6f489982a23d2e04df0ad05a03c3d744ecb5badc3c041eca945af2/
Threat name:
Win32.Trojan.BadCert
Create hunting rule
Status:
Malicious
First seen:
2025-03-07 15:00:19 UTC
File Type:
PE (Exe)
Extracted files:
797
AV detection:
7 of 38 (18.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gqfzhr3on5ejtavchuxajxyk2bnahq6xitwllow4hqcb5suullza._file
Verdict:
malicious
Label(s):
hacktool_uac_dll
Create hunting rule
Similar samples:
02ec55a5a2ad775adccd333edd94ac0bd82129a233736f7240044e085b73b0b3
713a497c8da97c2082758fd31147539f408a72b62041c6c9ed77037021621e94
97fc461fd24104740310bd741f7f8ebf489e640aa93a0556640455e674f82a22
bceed9a182b9324426c40327f10948d0ebdef8c9d4559e476e4f14b9d11a7ea3
eddc999a7e76c2af01abaa813a903686f6f5b7ff94a7587c071bf2d2243b5239
error
fbfe2108631e3ccaa8db2f5c4439009c7a5a53136481b422236eefe2e48b690f
+ 722 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery persistence privilege_escalation
Link:
https://tria.ge/reports/250307-sdenaasns6/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Checks installed software on the system
Checks computer location settings
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/4dd22406-cde8-49ef-a75f-8029bee82a8c
Unpacked files
SH256 hash:
340b93c76e6f489982a23d2e04df0ad05a03c3d744ecb5badc3c041eca945af2
MD5 hash:
f4a72f167a5c4efe358002d332d797bc
SHA1 hash:
44b7af1307cc7e6592f171e1369d04310e22fce9
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
427a1150962518c43f2fcd3e39142a438973b3fb082a5892ec3019cc8f7d4d82
MD5 hash:
ce720b915d12ed8831109aaa7846e416
SHA1 hash:
d6687a1ab530baa8c51cda487c8aab4791096482
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
05a7fac2bca734a21a4ee59bf8d89e26b2cb4b49d4bf2c2430af934ef5126223
MD5 hash:
6e8353fb55e1606e9488f4fe79249611
SHA1 hash:
8c4a2b33b77eb484a4d5c46545a9fac363b7b6eb
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
06539043619032941ea52d0d75e33e878398a7307ed32c662400a2bf8bd7af6b
MD5 hash:
3e5e233f4f9c8115620763da5d53762d
SHA1 hash:
22c9aee60cf0286f22690cf2d8cbf1cdb1f6e394
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
078bc2372ebdccec58857ca5f6c5a28c19c5ea856a0ef113ff8653112a247f28
MD5 hash:
c14010a8f672b188050893d8be839f46
SHA1 hash:
a62ddb82e0a39573b31716707aa1adf5c56ab91a
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
09fa3fb14c3f2d5e0703bb4a7c0294b0fa43d0804e894fc428bcdcde5605cf27
MD5 hash:
1323ccaa656e019b2cf3ce8604527bb1
SHA1 hash:
7c0a04f58cc920aa75d655acfb857cf40fa643f8
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
0b5532f93126db45689d7e3162cfc6951f78738a182e52712bb2c71980468f23
MD5 hash:
ed53eee1623a43e9ae174262169f0f2e
SHA1 hash:
4bf7e9fa40878e19d6d7b8277982ed958681af86
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
11068e1454ed6cc88dddcf78c49637509427ca00a4d7e86ff3b3bfcfb3f15120
MD5 hash:
8599f725e5e0c19de2705c34d06add63
SHA1 hash:
a956446b74e6fc5496e7fa7ab6bbc0dfb3a1626e
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
208a3f3e2a85777b37ebc25d3bdf4eb5c104ead262ffa5df414fdd1d13930aa7
MD5 hash:
469a794aad68e3b2ac771bb5ae9e8df1
SHA1 hash:
5774298104d327e130676d6389a41c887bd4e964
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
258a87740e0780a6a2a36928e33fc19ea7427ea3215d5658e1b91ddebe21235a
MD5 hash:
29346840bb5709a21aedc74c8b5b129a
SHA1 hash:
a0c05558e80e115a17f6e5bf0d7d3aa748f58672
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
2c1bec8aff7cf2c89d9951cb0e647e12b14ba3c383bea2be12cb1e06b95bcb59
MD5 hash:
1bac630056ad7ac0a53e59442b549b5e
SHA1 hash:
eefedf6617950d37ddf6383d11f46dd993544033
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
2c67c856cbac71f4ff00ff2d2a7384b3573a81fb6250072669f563767b550e8c
MD5 hash:
bd5913f699127777398e0125d1e0d1ba
SHA1 hash:
157d0d925df562744c4ae8465c2f50d4f2da28ef
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
2e10d125865572e4969a365999fec16a7157232352f34c9be448114b4c13ebb6
MD5 hash:
0cce95dcd3f3dbae0c957500af6ff7b0
SHA1 hash:
74cf570be9491d5d8abe4fa9c7811879f6612477
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
MD5 hash:
adb29e6b186daa765dc750128649b63d
SHA1 hash:
160cbdc4cb0ac2c142d361df138c537aa7e708c9
Detections:
INDICATOR_TOOL_UAC_NSISUAC
Create hunting rule
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
Parent samples :
f5f3e5658f8ec6c1e7ffa7e7d6df06d04af1f3a5941206ce23b8be979c60ccb1
6e22c0f2732195063cb4984c6520c3b85e1236e967f8bb05b3c1b35139d2917b
713a497c8da97c2082758fd31147539f408a72b62041c6c9ed77037021621e94
dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce
ac142a8087949b5ad4e3a503ca37609845112c4f7e0cd1376669c9d5c8f5cdf2
15d4dbafb6fb1770507db7769b2df6f3857da0ad3203a71c5f82a99688dac2b3
b96862087581adb9ecfb9615a46eedb29d13c606e708b7b532ce6ed3217925a4
4f2e6dc8e4d8e0dfcc44a28d34c10653bd833abb8832e47e609d255f246c67f0
df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3
60b1aa37a4ac40d5c5adf2de28782976934731408b6c2e89511e1bc5947d5bbd
f7ae58f22cbdeb69318f6cb3ff3757a9888e8731febd66e85ee9938f874705c9
fbfe2108631e3ccaa8db2f5c4439009c7a5a53136481b422236eefe2e48b690f
340b93c76e6f489982a23d2e04df0ad05a03c3d744ecb5badc3c041eca945af2
34a5c9c0106b37687fbdd51a60a026d06e7301ec40b1f7fb49384d8fe748e9e6
503c9fae00b047a77059de8e9ff6dddb6d2584f18ccf6480d69d395c65492ad4
SH256 hash:
31cae27b23fd734c71469afdcb1f5c1ae97da95a5d8dc73011347934d91b2855
MD5 hash:
bb553fb3652ab71c96cde8c04284411e
SHA1 hash:
a3143cadcc711615c6f9d588bbc2c72111a4f340
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
3c9ec7e472e63879398440a21ed8d3fbfb66268a24db3c3cba11ad3ebd5f50a4
MD5 hash:
876f5b104dc1d1e0ef605f1ea3a3a43c
SHA1 hash:
825830f366a6a2584725d0c7d290bf9dec16ae37
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
MD5 hash:
4ccc4a742d4423f2f0ed744fd9c81f63
SHA1 hash:
704f00a1acc327fd879cf75fc90d0b8f927c36bc
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
4630af7d655a93784e5669be594a0e7ae534d4626e71c1e6acefa722d34a1117
MD5 hash:
e3f1a7c6d1c185835ceeb3bdf37f9562
SHA1 hash:
ec4b2af33f67f71042c6db751c151fe3c3d56897
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
48c7b9770ae1707c254eb791f8969572fb95a682adda8456eeaae4730e4d4581
MD5 hash:
35a7b8169d9ff324c49d7666d870b8ae
SHA1 hash:
1d1bd5f5288635c9157d86346b62b4624de4a6db
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
516deb34ba8a45ef9dc731698214ae37de746be9be2c6675be925dd1f5b55aa7
MD5 hash:
40ba1c322326489799f54b382ae4243e
SHA1 hash:
8426107c674c11ee4461953d260ce3314882fb19
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
MD5 hash:
9aec524b616618b0d3d00b27b6f51da1
SHA1 hash:
64264300801a353db324d11738ffed876550e1d3
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
5d3f0a9831b2fc1239079168a9986f631e0e877b7e00eeb054f389d7a4cbc7eb
MD5 hash:
0801d020fce1aca36d964aef73300613
SHA1 hash:
5552577178355047a55239afdb92f57dfb766780
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
5e6bfaf6dcd4446ff34a6a385652923c470037963235072e624887d1bca98565
MD5 hash:
f17db40c8253fab8642753677453c49c
SHA1 hash:
db14600290a48153481e5d84a378b08d8c55bcfb
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
60b9fff3a8b1651afc326c2bf08262db8f275777544a980331932cdb993377fa
MD5 hash:
40ff1af5b38d00a8b5d217de4a51c619
SHA1 hash:
6fa95fd3febf15b65fc899ceb50ab470b79e9807
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae
MD5 hash:
c7ce0e47c83525983fd2c4c9566b4aad
SHA1 hash:
38b7ad7bb32ffae35540fce373b8a671878dc54e
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
SH256 hash:
62a1423d59652974ef04f77f92fb39e3e2a54beed00d9762d597dfa9d1e3a45e
MD5 hash:
5286bf3489b7ef21185ada2486eb315e
SHA1 hash:
40c5fc9cfc588d8ac6d3b67688c4971abc49f2ef
Link:
https://www.unpac.me/results/6ea12642-fc1a-465b-b8ee-da94091e4a23/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/340b93c76e6f489982a23d2e04df0ad05a03c3d744ecb5badc3c041eca945af2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 340b93c76e6f489982a23d2e04df0ad05a03c3d744ecb5badc3c041eca945af2

(this sample)

  
Link
https://tria.ge/250307-r42p3asmv5/behavioral3
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteW
SHELL32.dll::SHFileOperationW
SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::OpenProcess
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetDiskFreeSpaceW
KERNEL32.dll::GetCommandLineW
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::GetWindowsDirectoryW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuW
USER32.dll::EmptyClipboard
USER32.dll::FindWindowExW
USER32.dll::OpenClipboard
USER32.dll::PeekMessageW
USER32.dll::CreateWindowExW

Comments