MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ac6cb82c8d5f7b2f0ccd73e316729360341942187b5b3c1a704c685af9356ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ac6cb82c8d5f7b2f0ccd73e316729360341942187b5b3c1a704c685af9356ce
SHA3-384 hash: 9ad2af0ba9200386068f4bd9050eeaba2fed933f3cfc9733873c7e9b2c3b624da41b400dc9eb849e6b3ce00954046278
SHA1 hash: 26ff6c4f1aa006247f3b319ae01924ef940fc205
MD5 hash: 435a1cdeeaf15427dd3d2d2560b142a9
humanhash: nitrogen-nineteen-quiet-fillet
File name:window11.zip
Download: download sample
File size:562'761 bytes
First seen:2026-02-04 02:02:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: infected
ssdeep 12288:rrktZlEbDqIW0koF4qvRh+T8XV40vWgbXfjmaj7WMJe1:3Kc5/O8/7WGS
TLSH T1A6C423DCEFD825E8F39144759DB8FE74EF92386B6D92DFCB1C2251231E4A2920158894
Magika zip
Reporter hunter_huang

Intelligence

File Origin
# of uploads :
1
# of downloads :
41
Origin country :
VN VN
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:window11.exe
File size:995'840 bytes
SHA256 hash: 445ba6fae6832f3757cd49a714f1441aa199513c897cbab9167974d9076d1ee1
MD5 hash: 44db8705b20e8e36523d6b9be768c343
MIME type:application/x-dosexec
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/95b83f58-f0b9-414a-8242-993f95cddc95/
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6982a8ea9a60ec70d92c9a18
Tags:
autorun autoit emotet
Result
Verdict:
Malicious
File Type:
PE File
Link:
https://app.docguard.net/4ac6cb82c8d5f7b2f0ccd73e316729360341942187b5b3c1a704c685af9356ce/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/4ac6cb82c8d5f7b2f0ccd73e316729360341942187b5b3c1a704c685af9356ce
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/4ac6cb82c8d5f7b2f0ccd73e316729360341942187b5b3c1a704c685af9356ce
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/4ac6cb82c8d5f7b2f0ccd73e316729360341942187b5b3c1a704c685af9356ce/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/4ac6cb82c8d5f7b2f0ccd73e316729360341942187b5b3c1a704c685af9356ce
Verdict:
Malware
YARA:
3 match(es)
Tags:
AutoIt Decompiled DeObfuscated Executable PDB Path PE (Portable Executable) PE File Layout PowerShell Suspect Zip Archive
Link:
https://app.malva.re/file/435a1cdeeaf15427dd3d2d2560b142a9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4ac6cb82c8d5f7b2f0ccd73e316729360341942187b5b3c1a704c685af9356ce/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jldmxawi2x33f4gm247dczzjgybudfbbq623hqnhatdill4tk3ha._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery execution persistence
Link:
https://tria.ge/reports/260204-hfwz8sfw6a/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Windows directory
AutoIT Executable
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/4ac6cb82c8d5f7b2f0ccd73e316729360341942187b5b3c1a704c685af9356ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments