MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 379b41e3fd94f48d3f1756202fc4e702a98af4f01ca59b1be30cb3e31bc4b3ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	379b41e3fd94f48d3f1756202fc4e702a98af4f01ca59b1be30cb3e31bc4b3ce
SHA3-384 hash:	2b34758c1aa5fe416499ad184206e865e815f9a4fa8407952114dd838db764406ae488e2105b1de43a74d13085869951
SHA1 hash:	df68fc6ff06d12c8e2ff06e0ea737c7ad3e5289e
MD5 hash:	a3c11ef580b554b35231843b2124fd29
humanhash:	california-friend-california-butter
File name:	invoice-1645080830.pdf
Download:	download sample
File size:	38'587 bytes
First seen:	2025-12-22 05:56:06 UTC
Last seen:	Never
File type:	pdf
MIME type:	application/pdf
ssdeep	384:b0sVJqEZkK1osPjFLjhdlCxJPxncS45sJflFbfhfhfhfhfTZZZZZZZZzJlb93fnL:5lpdCxJZnjWsh3bfhfhfhfhf5lJth
TLSH	T11C034D5388884E47E878C7AABF031F6C2F497E4EA5C676FF10264E837B316605C0E169
Magika	pdf
Reporter	JAMESWT_WT
Tags:	147-45-45-132 bocking-netlify-app booking decjan2026-blogspot-com pdf Spam-ITA

Intelligence

File Origin

# of uploads :

# of downloads :

265

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6948dd7ca6c88bb4cc23695e

Tags:

n/a

Result

Verdict:

Clean

File Type:

PDF File

Link:

https://app.docguard.net/379b41e3fd94f48d3f1756202fc4e702a98af4f01ca59b1be30cb3e31bc4b3ce/results/dashboard

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

javascript macros

Link:

https://www.filescan.io/uploads/6948dd7e84afa5547b5bc336/reports/01a91134-ac61-4e5a-b57f-67e0137b9e51/overview

Verdict:

Malicious

Labled as:

Pdf/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/379b41e3fd94f48d3f1756202fc4e702a98af4f01ca59b1be30cb3e31bc4b3ce

Label:

Malicious

Suspicious Score:

6.0/10

Score Malicious:

61%

Score Benign:

39%

Link:

https://www.malware.ai/gui/files/?id=73d38c6f-f5f5-427f-b99b-86e6894d3160

Verdict:

Unknown

File Type:

pdf

First seen:

2025-12-21T18:29:00Z UTC

Last seen:

2025-12-23T16:21:00Z UTC

Hits:

~1000

Link:

https://opentip.kaspersky.com/379b41e3fd94f48d3f1756202fc4e702a98af4f01ca59b1be30cb3e31bc4b3ce/results?tab=lookup

Score:

65%

Verdict:

Susipicious

File Type:

PDF

Link:

https://malprob.io/report/379b41e3fd94f48d3f1756202fc4e702a98af4f01ca59b1be30cb3e31bc4b3ce

Verdict:

inconclusive

YARA:

3 match(es)

Tags:

PDF /Javascript PDF /OpenAction PDF Contains AutoAction PDF Contains Javascript

Link:

https://app.malva.re/file/a3c11ef580b554b35231843b2124fd29

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/379b41e3fd94f48d3f1756202fc4e702a98af4f01ca59b1be30cb3e31bc4b3ce/

Threat name:

Win32.Trojan.PhishLeonem

Status:

Malicious

First seen:

2025-12-21 21:29:59 UTC

File Type:

Document

Extracted files:

AV detection:

7 of 24 (29.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=g6nudy75st2i2pyxkyqc7rhhakuyv5hqdsszwg7dbsz6gg6ewpha._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.30

Link:

https://yomi.yoroi.company/submissions/379b41e3fd94f48d3f1756202fc4e702a98af4f01ca59b1be30cb3e31bc4b3ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample