MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a4dadb297beb324ae1aacb95df8796bda783ae28c6a8910139bd1180958e97c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a4dadb297beb324ae1aacb95df8796bda783ae28c6a8910139bd1180958e97c
SHA3-384 hash: 06b0b19f361e90eeab64fadfcf8ec9e4852c5ab8e39ae5505ae340400dfd3e4bb8147e5d20959ab0ad72307c95301117
SHA1 hash: c855b6afea02a8915db2cd0c90f68931e5041d68
MD5 hash: d50837ac4d14b50613ac91b63e8e8fe2
humanhash: summer-black-angel-maryland
File name:unitv_4.8.4.apk
Download: download sample
File size:30'339'445 bytes
First seen:2025-12-03 08:13:11 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 786432:auzWq3Ifx5zWq3IfDAXv/9eHAW7EINLMVcWpiIyhjwEtg5rakTm+Iqm:aqn3e1n3EAXN+A1IdMVqIpgghO
TLSH T16E673363D34DF81BE1B7A17282F306577A7141D0B605F6667A18E1BCAEB7E40DB04AC8
TrID 36.4% (.APK) Android Package (27000/1/5)
18.2% (.JAR) Java Archive (13500/1/2)
14.8% (.CATROBAT) Pocket Code/Catroid Catrobat Project (11000/1/2)
14.1% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
10.8% (.IMZ) WinImage compressed disk image (8003/2/1)
Magika apk
Reporter juroots
Tags:apk

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
RO RO
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
evasive fingerprint icrypt ijiami obfuscated packed pandora signed
Link:
https://www.filescan.io/uploads/692ff123ddcd694c78ba1971/reports/597151d0-dde1-478c-891d-f722a1f30290/overview
Result
Link:
https://incinerator.cloud/#/public/report/d50837ac4d14b50613ac91b63e8e8fe2/detail
Application Permissions
display system-level alerts (SYSTEM_ALERT_WINDOW)
read external storage contents (READ_EXTERNAL_STORAGE)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
modify global system settings (WRITE_SETTINGS)
mount and unmount file systems (MOUNT_UNMOUNT_FILESYSTEMS)
retrieve running applications (GET_TASKS)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
read phone state and identity (READ_PHONE_STATE)
full Internet access (INTERNET)
prevent phone from sleeping (WAKE_LOCK)
view network status (ACCESS_NETWORK_STATE)
view Wi-Fi status (ACCESS_WIFI_STATE)
force-stop other applications (FORCE_STOP_PACKAGES)
delete applications (DELETE_PACKAGES)
directly install applications (INSTALL_PACKAGES)
change your UI settings (CHANGE_CONFIGURATION)
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/3a4dadb297beb324ae1aacb95df8796bda783ae28c6a8910139bd1180958e97c
Details
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Verdict:
Unknown
File Type:
apk
First seen:
2023-03-29T20:20:00Z UTC
Last seen:
2025-12-01T23:51:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/3a4dadb297beb324ae1aacb95df8796bda783ae28c6a8910139bd1180958e97c/results?tab=lookup
Score:
88%
Verdict:
Malware
File Type:
APK
Link:
https://malprob.io/report/3a4dadb297beb324ae1aacb95df8796bda783ae28c6a8910139bd1180958e97c
Gathering data
Threat name:
Linux.PUA.Pandora
Create hunting rule
Status:
Malicious
First seen:
2023-03-23 14:47:11 UTC
AV detection:
4 of 36 (11.11%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hjg23muxx2zsjlq2vs4v36dznpnhqoxcrrviseattpirqcky5f6a._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
android
Link:
https://tria.ge/reports/251203-j4467avlhz/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3a4dadb297beb324ae1aacb95df8796bda783ae28c6a8910139bd1180958e97c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk 3a4dadb297beb324ae1aacb95df8796bda783ae28c6a8910139bd1180958e97c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3724030/
  
Delivery method
Distributed via web download

Comments