MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36a4f484969a4e9037ba398e6349164643cd58cea5568534dcbb0af2c32014c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA 4 File information Comments

SHA256 hash:	36a4f484969a4e9037ba398e6349164643cd58cea5568534dcbb0af2c32014c5
SHA3-384 hash:	ee598b1c8fb5990214bc02ba9670d3c993556684110dbfc477e6fd9c822efe1783ab6d0f698bf300d1bc5d91ea5b2df5
SHA1 hash:	98e7898509be64bb7a1fe75f179591866829f19b
MD5 hash:	4673c75fbae5b05b85a5cf0ef93c6447
humanhash:	december-equal-harry-pasta
File name:	Scan_3_12_5_1759_10.04.2026.rar
Download:	download sample
File size:	96'439 bytes
First seen:	2026-04-13 06:30:45 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	1536:10lI3JeMsjVqMOOOOOOOOO6bbbbbbbbbbbbbbbbRaaaaaaaaaaaaaaaaaaaaaaa5:ilIZepLOOOOOOOOOKaaaaaaaaaaaaaaW
TLSH	T126936D3B996A3C76EB507C51FCA1BC095211E4F656AFC7080576C730BAAD2CA1F0EAD1
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	smica83
Tags:	CVE-2025-8088 rar UKR

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:	Scan_3_12_5_1759_10.04.2026.pdf:.._.._.._.._.._.._AppData_Roaming_Microsoft_Windows_.._.._Microsoft_Windows_Start Menu_Programs_.._Programs_.._Programs_Startup_3_12_5_1759_10.04.2026.vbs
File size:	30'202 bytes
SHA256 hash:	460621fff09cebcbd2ded09dd933ed66952d98c787548131136f3692d504fb44
MD5 hash:	08bec164c35eeba768b37770030b31ed
MIME type:	text/plain

File name:	Scan_3_12_5_1759_10.04.2026.pdf
File size:	1'607 bytes
SHA256 hash:	6ead1591da8b6b55edafb0ba89a3c08a5a63c9c3217ab0259f7ba973cf815a8e
MD5 hash:	98b1d6c3494769a09ed3360fb8838d4d
MIME type:	text/plain

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/7df6b9a9-b7d2-4767-a9b6-c7975878df4f/

Detection(s):

TwinWave.EvilRAR.GhettoSuperstream.20241120.UNOFFICIAL

TwinWave.EvilRAR.HongKongGarden_CVE-2025-8088.20250812.UNOFFICIAL

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69dc8dd2f68adfe10039466e

Tags:

n/a

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/69dc8dcb799d5bf325faae3d/reports/9bcad623-6448-475d-a8a9-26846eea9ca2/overview

Verdict:

Malicious

Labled as:

CVE-2025-8088

Link:

https://www.hybrid-analysis.com/sample/36a4f484969a4e9037ba398e6349164643cd58cea5568534dcbb0af2c32014c5

Verdict:

Malicious

File Type:

rar

First seen:

2026-04-13T04:01:00Z UTC

Last seen:

2026-04-13T04:28:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/36a4f484969a4e9037ba398e6349164643cd58cea5568534dcbb0af2c32014c5/results?tab=lookup

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/36a4f484969a4e9037ba398e6349164643cd58cea5568534dcbb0af2c32014c5/

Threat name:

Win32.Exploit.CVE-2025-8088

Status:

Suspicious

First seen:

2026-04-13 06:31:47 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

8 of 24 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=g2spjbewtjhjan52hghggsiwizb42wgouvlikng4xmfpfqzactcq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

adware discovery spyware

Link:

https://tria.ge/reports/260413-k5rg6abv8v/

Behaviour

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/36a4f484969a4e9037ba398e6349164643cd58cea5568534dcbb0af2c32014c5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	detect_tiny_vbs Create hunting rule
Author:	daniyyell
Description:	Detects tiny VBS delivery technique

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

Rule name:	SUSP_RAR_NTFS_ADS Create hunting rule
Author:	Proofpoint
Description:	Detects RAR archive with NTFS alternate data stream
Reference:	https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats

Rule name:	WinRAR_CVE_2025_8088_Exploit Create hunting rule
Author:	marcin@ulikowski.pl
Description:	Detects RAR archives exploiting CVE-2025-8088 in WinRAR
Reference:	https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample