MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4daaba19d412cdf3838a0c373cdc9b7cfc26423723307482e4b0f946909c726e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Rhadamanthys


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4daaba19d412cdf3838a0c373cdc9b7cfc26423723307482e4b0f946909c726e
SHA3-384 hash: feae63a2046e70e52513037c53ae78e0e433c968390fbb1625f68d127c13b072bc7e1715da8b33cd3f6da6967e437a1c
SHA1 hash: b5902737cff8946ebc43771a47eca5237b2c6cdc
MD5 hash: 7b1c74e08d42757792cb935800da1e75
humanhash: romeo-double-florida-xray
File name:OBS-project.zip
Download: download sample
Signature Rhadamanthys
Create hunting rule
File size:18'206'870 bytes
First seen:2023-01-15 13:05:08 UTC
Last seen:2023-01-15 18:25:39 UTC
File type: zip
MIME type:application/zip
ssdeep 393216:xsCdwI+MshEZaynVkpk/7Q8BpuiiJKhMFUV28tP33+NM4:AASICshMFE28tvuNM4
TLSH T1F70733096C93BE42D69B62B151A70B27B677C7DC62921303DB3B94782FF6308F6C5918
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter iamdeadlyz
Tags:exe FakeOBS file-pumped Rhadamanthys zip


Avatar
Iamdeadlyz
From a sponsored Google search result -> obs-project.festcommerzblog.com
Rhadamanthys C&C: 77.91.122.230:80

Intelligence

File Origin
# of uploads :
2
# of downloads :
220
Origin country :
n/a
File Archive Information

This file archive contains 96 file(s), sorted by their relevance:

File name:UserDataLanguageUtil.dll
File size:43'520 bytes
SHA256 hash: 4b90fa3ee444af3a34cf176b85fcff55c4d9eb697dada2b12df1532381f4f563
MD5 hash: 91b6efa27608e6e014bae880cf92c2ea
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:unimdm.tsp
File size:296'960 bytes
SHA256 hash: fdde477fb2f2ec1446589f13ab57b1880609c9923d0697ebc6b210a76c19572c
MD5 hash: 5141412f26e6639c4113f01550fe7d94
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:umpoext.dll
File size:108'544 bytes
SHA256 hash: 5891b0d6253022f1c7ca3f3c80e5340f43070439b53c01d724c76e0f423adf39
MD5 hash: 03a28df93ecf146a5a9280eeb923ab52
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:usoapi.dll
File size:109'056 bytes
SHA256 hash: 68da32be0fd17ffe915a00e8ec873b273074c791e9b99196e300cc6ebd489aaf
MD5 hash: a7c07cd3ab0df3a332f28860db8cd960
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:sysdm.cpl
File size:337'408 bytes
SHA256 hash: 56c6e80b6c60d9618cd002b56e6b73f6194edf61fc132740383277ea649e406b
MD5 hash: b4f9df06f300ff7e41ec9872e842d5d0
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:txfw32.dll
File size:12'800 bytes
SHA256 hash: 6503d20c3642ca71d4c2dcb7f30118a4fcbdef80a3839ca298ce4f3abb0a9867
MD5 hash: 793706a375b544051f7ac5819f5bc96c
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:tls_branding_config.xml
File size:23'903 bytes
SHA256 hash: c3b2a8c679b89829b173cd05bdfa46acb1b28a6d4da26fcf0295387a385a9262
MD5 hash: cd447d349388d17b3ac3b9c658a8d075
MIME type:text/xml
Signature Rhadamanthys
File name:tier2punctuations.dll
File size:2'560 bytes
SHA256 hash: cec8f18fc25e16f31a173e1fd1a21d36cd52f9541e6c1f1ae43fff086bf12768
MD5 hash: ff5818380dcc07a70f0cfd7f7edc273d
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:WWAHost.exe.mui
File size:24'064 bytes
SHA256 hash: 901c3781b76c40ddba9cdb986a5ea2307a49b0161d967383398bc6da77aa8201
MD5 hash: 32a99612b26b327e4b8f877cc0eeb695
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:umpo-overrides.dll
File size:18'432 bytes
SHA256 hash: bc6b83999a484e5b61551a77384746d13832d02301af406bd34fde1ecab3eee1
MD5 hash: 3e0afe0c8dd29eff6985c2783148c500
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:tvratings.dll
File size:36'352 bytes
SHA256 hash: 13a1591564bc0cdfdd8c167b3070b4a007f9bd3dd8abdfc7aca36c7021e789e6
MD5 hash: 1116a4a07712a8ecfde00054b4ef87ff
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:UserDataTypeHelperUtil.dll
File size:46'080 bytes
SHA256 hash: 596d8e27d7c718a0f22474c6cc4ba6a649f54e71d8d459fad576e07950ae9ce4
MD5 hash: 40fbac968114023194758698c9195601
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:UserDataPlatformHelperUtil.dll
File size:61'952 bytes
SHA256 hash: 4579a7e36ec6ca686ca2a06d4088a7bb01cf946065762e5d2e3adbcbae1e0917
MD5 hash: 15740a5f882c883db9136dbf217bfb7b
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:userinitext.dll
File size:19'968 bytes
SHA256 hash: f8e9958b4ac8f06eff9ebb05b03447370c50d33c50462ac4f79e70aa8a320cec
MD5 hash: b9450d9f1e9acb75e25fc57027fdde26
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:tlscsp.dll
File size:44'544 bytes
SHA256 hash: 508b1309e0ffdc401460da086c06c46adc92602fad1601606c3620cbcc716ef3
MD5 hash: 51c51a042ccb979906f81b4be5461f76
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:sysmain.dll
File size:1'062'400 bytes
SHA256 hash: 813df799a72cd10976f5d6058e60bb499eb55fa3c207686764ed13baefc54a81
MD5 hash: 1cf6f5aafdc110616037fd2064a43cb5
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:tapisrv.dll
File size:310'784 bytes
SHA256 hash: 1d6a805a9e2ff4e182e7d817eb3f3eddfe2ec626f4d397a55abccd70846704fb
MD5 hash: d9170668b550374ad47036a6afbee07d
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:umrdp.dll
File size:395'264 bytes
SHA256 hash: c58ae91447a3408f0a8ff96409f7ab8383e43b8ab0287575a6fb879783b15d53
MD5 hash: 86f5651c8448134fe32c9b34a9273ebd
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:fms.dll.mui
File size:15'360 bytes
SHA256 hash: fad8f2987505a046b70eb9136e7a1aa86f3c6caaacb36a314dfcb45ed3bbd0ad
MD5 hash: 720eeed8293e619a045c8bce95462c24
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:unenrollhook.dll
File size:78'336 bytes
SHA256 hash: 44a439fcdf03dd6e2d48217e7dc3fd1c3d1a2102419b967630bf21ea8180d97c
MD5 hash: 27d3852e89248aeec3cf63463e257533
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:ttdloader.dll
File size:16'536 bytes
SHA256 hash: 02a081eb86830ddd68803e663f08eea6b4a9840b2d68059960910594920a6b4c
MD5 hash: aeffe889880b88f9def85ac2550f41c1
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:sxssrv.dll
File size:33'792 bytes
SHA256 hash: 17dfd7df1b679e303dc90c836886a42458896c1515e454454ecec95cc0d33965
MD5 hash: 2db4ebc4b49f31fee9dfd323a1bdf7d1
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:TileDataRepository.dll
File size:549'376 bytes
SHA256 hash: 0fbd13774384083882c647fb19aa2b5dc3fa78c303cfad75d44b7bd809852fbd
MD5 hash: 690eed56861e5377e436d45e1f02893f
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:unimdmat.dll
File size:75'776 bytes
SHA256 hash: d8568dbdb645ceaad4601d23f2bda7da65b313688e64b24c3fd3b25dc1f406b5
MD5 hash: 31b7ce342b13691fb5958328aae1aba2
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:UserMgrProxy.dll
File size:281'600 bytes
SHA256 hash: bb259c649d501159d9b40558ef5d2c6bc0d8211c1ba4dbb9c94a28f8d5f58259
MD5 hash: f22ecae2e79eeb94c51a16ab42d3525f
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:SyncInfrastructureps.dll
File size:37'376 bytes
SHA256 hash: 4c73cdd75deae594911b3940f07a8e7e9ccb29a56c8129ecc2e258bc3cf16467
MD5 hash: fe637bf25374b10d237325f2b59f0110
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:tapisnap.dll
File size:388'096 bytes
SHA256 hash: fd380e0ce342de43b32e3d23449565916b63fe648a0aa8a014035bc8fb8b3750
MD5 hash: 7fcb2ccce56f363c574826933254735b
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:umpowmi.dll
File size:88'064 bytes
SHA256 hash: 0ccbbad6aa4d93103526d0be76805a2921805a5d76552020683a2081364c1cd6
MD5 hash: f6df079f19ef6c8a16c47f131c9b51b9
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:UserDataAccountApis.dll
File size:449'536 bytes
SHA256 hash: bb60bbdba19d08bdf80e98a1de146f096e834b60b1e1c772bedfe7b0eeca36cf
MD5 hash: 83e7db1cb8c54ba3faeaf9f2f7b5dfea
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:umdmxfrm.dll
File size:19'968 bytes
SHA256 hash: 4105dca154c59a8d2c6f5c69c1cbe1a14955855e5600c5b570ad95e601cd8a4b
MD5 hash: c80b43dd0e7f29dcca0224fc3cf8e736
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:UserDeviceRegistration.dll
File size:199'680 bytes
SHA256 hash: 8e5f378b64ff90e176122bbe87a2afebf7a317261662f4312af4c1cec51948eb
MD5 hash: 4d7635846eb7cb7d16f6cbb89f0bb048
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:TokenBroker.dll
File size:1'467'904 bytes
SHA256 hash: 1c3776d1100e7b5f5cecf7aa8f1909c27d55b10079efcf060c19d44ce7153e5f
MD5 hash: b04d638ba6ccd104d0f75f3c67ec4493
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:svsvc.dll
File size:13'824 bytes
SHA256 hash: c58dde7bfedcf6e8f37c531a01ec83b67791e1728cd8cb8557f35ccfeca29738
MD5 hash: 304945c08a6b7c680321a01d3b21f39f
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:timedate.cpl
File size:513'536 bytes
SHA256 hash: 7a34eb3b32adc7ecf72a5e8cf61bdf472fc785078b602cc9e41cde34c6efa649
MD5 hash: e5fc164ac714d84535c2416069e20409
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:xpsfilt.dll.mui
File size:2'560 bytes
SHA256 hash: bc502a27aa8ff6bd98698032d583073bef8eeabe3a9793994c46f7ad32aec1ff
MD5 hash: 9b70771d7ce3447a01f3a3df6a01100a
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:sysmon.ocx
File size:484'864 bytes
SHA256 hash: 4ed2bb107e0a06a005b60eb15414681ab0f1f00d8b6bd7e8c3754bbc0d69325a
MD5 hash: 36bd1b003c20310a3d46886718b4ce22
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:tapiui.dll
File size:109'056 bytes
SHA256 hash: a87246c32cbb23280376846d5cbd0672f086aedbcd0abb3599cbfe36357fc458
MD5 hash: e675aee2d67a1772920e56ae878817c2
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:themeui.dll
File size:2'893'312 bytes
SHA256 hash: bb8c8c14a1b6e6db7561ce5d892388bf3cc80032e9a7fdf2aaeff1944aec9113
MD5 hash: 1abc20889142749a88fd7d4b3f81c668
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:TtlsCfg.dll
File size:220'160 bytes
SHA256 hash: 0008961be2aa12eef5c052bfc66fb56df2b7d8620d3f78e8cd948f3c9e179aa9
MD5 hash: 3eafadc9a612221eb37075b3b00b0d39
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:msimsg.dll.mui
File size:95'744 bytes
SHA256 hash: 99622fc2927d01d812161474139b41f705362c385029a9c6f4cd4c5a95ef00f2
MD5 hash: f63bc82f25063b12d467462965427ee5
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:cdosys.dll.mui
File size:52'736 bytes
SHA256 hash: 94ece04b80205b58ff438933fce04a6d701a898288f0ceff289e434610a38a80
MD5 hash: 36e1a70d18aeaa04b02aadaac218d5df
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:ttdplm.dll
File size:67'384 bytes
SHA256 hash: 701bddade70004b459d980a32b97342112c77a8c1515716d45649f5a7b40a5f7
MD5 hash: 528e84dfceecab34dd4a2fc16ac3953a
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:TieringEngineProxy.dll
File size:20'480 bytes
SHA256 hash: 357f5b4071e25a7a2f6d9c362b53ab9b8669af9a46bbd8410f0a2284a05b7f2e
MD5 hash: 13d94d42a665081499cb132bf6b1dd21
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:sxshared.dll
File size:45'568 bytes
SHA256 hash: 88714a816e4ead51a0b8fdc6e2320197e99e0095b39724a4fd169edae506d2cf
MD5 hash: 1be58f5e3cecbf81953c690d2c2066f9
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:TapiMigPlugin.dll
File size:65'024 bytes
SHA256 hash: 9aa23a220cb5f432cf4fddeb9875f24ba6b06f6525b693f72f4008722be5ab98
MD5 hash: 025b021599404c50ebb4be112c4b5065
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:usercpl.dll
File size:1'353'728 bytes
SHA256 hash: b27d41519ed234243ede2c9f96a186ce6c305fe269ba191382e1b8342c4dccde
MD5 hash: 9ee7008d10fc273c0b1e3efe26dc7e8d
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:sxsstore.dll
File size:29'184 bytes
SHA256 hash: c5859e8bfb02cb8eac32130d68d4a0f50f49d6fd16e02e7caf116f2231a1dc10
MD5 hash: adcc7203874e0acf20f5044aba47075c
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:txflog.dll
File size:117'760 bytes
SHA256 hash: c4ab612ea347b7f337dfa53c76221d3b73d9ea2d55777e2e1979a083b742983c
MD5 hash: cb745d02d9cf5a85c0163f2240fab84e
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:sysprint.sep
File size:3'317 bytes
SHA256 hash: 0ab2954acf614db70260aa23f6b5f5ace16d003b7ae97fa248e3ab249e3c6d21
MD5 hash: 81b14f1ad906ac1cf9102796c97a54fe
MIME type:text/plain
Signature Rhadamanthys
File name:thumbcache.dll
File size:386'360 bytes
SHA256 hash: 5d6786fb9d4cca5185cb971ca378b96f4e6fd3cc56a488c5d5ac31c7e9e42f6d
MD5 hash: 906fa5bda346914740f0a608b6e0d017
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:sysntfy.dll
File size:25'088 bytes
SHA256 hash: b03338a81a80d2ef5b8374ea98bac7b7ba361fedf752c71e2bc7dcad08c63802
MD5 hash: 985b3df5a1157080309d3f80d8308531
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:comdlg32.dll.mui
File size:63'488 bytes
SHA256 hash: 68e02546946baaaaf7788192853213bd73905dad50e8ef6ca9f52fc15162025c
MD5 hash: 477bed3e855aa48aba42f86ae9597caa
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:tokenbinding.dll
File size:49'664 bytes
SHA256 hash: 51baf22faea07d1a85b0aa42625ba27388b4530cab9fef542314c69c245f3527
MD5 hash: baba279e10f36c6eda28806a13167ffe
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:uniplat.dll
File size:22'528 bytes
SHA256 hash: a79d449588a775124f0ac8b7df631ac567bdfe969578bc51267e8f79c9002a90
MD5 hash: 35b0b5833ec5bfb9020e27b5c3b9dd0a
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:sxs.dll
File size:629'096 bytes
SHA256 hash: e727dec14a3a29fbf9b67e0a06fb92101975ea063bad4f6784415386556261f1
MD5 hash: 92813d01cd2d19003bdb4b978dfff2a7
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:ttdrecordcpu.dll
File size:1'563'880 bytes
SHA256 hash: c30a88fa3ce4eeba473b762f545dd472afdf3ea7fcf924bb1b1f283767e25b55
MD5 hash: a1974515424b76e33a5c356326f56a35
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:Syncreg.dll
File size:79'872 bytes
SHA256 hash: 96846243c7bca397ddcb5400de08863bcba0cff9b3987bf3dbe3bd808a8cb5b3
MD5 hash: ed880e432131ddd321e5549192f55a3d
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:UserDeviceRegistration.Ngc.dll
File size:254'464 bytes
SHA256 hash: 0002c82c3c7f54fd6c1ae77ecd1e49fd4695e79b3bffb687aa55b5b79b5f903a
MD5 hash: dca6f4440e5ec8a619eae7cff004d3bd
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:usermgrcli.dll
File size:76'944 bytes
SHA256 hash: 1499a910290c1735a1c8f2ae43506023ab79ae9814e672604ffe5eb084780054
MD5 hash: 3b55cc03bf82c34f0c1f1ac2aafc793e
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:tapiperf.dll
File size:12'288 bytes
SHA256 hash: 35201674cc5227cabe37b10600dfc1b20c3d913676e5e25f30fac3c3f82fe52c
MD5 hash: 1137588cfa2b38e98b50ba70afa87b4b
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:comctl32.dll.mui
File size:6'144 bytes
SHA256 hash: 0fb39089ba798a6d8c4cdadedd2a09cfd33bcfdc6df44b152f6bb5bab9d16da4
MD5 hash: 7b90f50d745211c0b1f20f88ee469ca8
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:xpsrchvw.exe.mui
File size:95'744 bytes
SHA256 hash: f21239a4ed1ec24bf8a39dd69197c9b74a595cfac673b20d8e6dfd1172fe2684
MD5 hash: da09fd656a60121f362340bbf39e274b
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:umpo.dll
File size:160'768 bytes
SHA256 hash: 22c0113cd36d6f86a568b10e1aaf00ae0527ab0bb985723c70e2d724704ff779
MD5 hash: 24f20db70c80f84c9ac7b4a2de6625d8
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:TimeDateMUICallback.dll
File size:11'776 bytes
SHA256 hash: 4e36a8f0bec867e3a5172962728ef901bc38f25c0bd55cba81fb3dedd412876b
MD5 hash: 6185143a9fbc0781e1c980accfa61cb2
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:UserLanguageProfileCallback.dll
File size:60'928 bytes
SHA256 hash: 57397bb0a9f4b6f55c141b0e9f7cc360cd0d69c4b1e48e683150d04c98acefdb
MD5 hash: 2ef1eff30a933f22c58c3a292e8e7d92
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:TapiSysprep.dll
File size:13'312 bytes
SHA256 hash: 4548f9d00f58ed7e4232d4eb70dfb0032a1b7921c0fb814c87efa5eee383f230
MD5 hash: f53e6614825c44f294aa8434a1cfe212
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:TlsBrand.dll
File size:166'400 bytes
SHA256 hash: 8bf93a4a8833b677b1273bf60aeee65d3e80705f08a52c2a7bfc3912cec81469
MD5 hash: 9e28512fd8fb0025a5ed5defb60be115
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:TtlsExt.dll
File size:222'208 bytes
SHA256 hash: 3cb9a97fa25f73f2f7b07dc302a5c39343a352416ae591b397546f809e489476
MD5 hash: d2b8370295fb8fc588a6a3441d5000f5
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:SwitcherDataModel.dll
File size:203'776 bytes
SHA256 hash: 9733f425f7a31628898ea526ea60bf9fa8c59dab979264358bef04bb06d82d0d
MD5 hash: 11a441030244d75a7982e552fbc59613
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:UserDataTimeUtil.dll
File size:121'344 bytes
SHA256 hash: a9f2f3301c6e58a2f5e9f11e85c120b73b4cba974b77bb80c4bbbf8bf03d8983
MD5 hash: d7f60a09f690501bd49903f9e99ec2b5
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:twext.dll
File size:185'344 bytes
SHA256 hash: 8d7ae0bbe46a0dd136be6a66ce23116ee8895ceefb04d91de5a0af9dc72de61d
MD5 hash: af8d4da5bce2636dffe40c0b85839963
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:svrmgrnc.dll
File size:74'752 bytes
SHA256 hash: 50cff05a411628198b21148b32f98ed6b574f12c2a6c5e40a268fc0528488399
MD5 hash: 9cfa9e5b52236852e3e1e73f352aaab8
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:SyncInfrastructure.dll
File size:410'624 bytes
SHA256 hash: ab531412f065f0ad8470b571abd645a2712b5bf2590d55b29dcc375984ba90e7
MD5 hash: 161f3fa7c0885e5103b239751c704aec
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:UserDataService.dll
File size:1'541'120 bytes
SHA256 hash: 2a57bc771bb40c9531379a6061342a36efddbd1ccf4882889b87dd23e098494b
MD5 hash: e49dcc2779f71d55b7eb5a7b74571c6b
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:mlang.dll.mui
File size:16'384 bytes
SHA256 hash: 743518159831c2a5511b2a9b5001032422987cc22a0ba8e84c5f787597914005
MD5 hash: 452a8cbf4ffaea2a9705930570f566a6
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:TimeSyncTask.dll
File size:14'848 bytes
SHA256 hash: 01eb3be2be9ff56fbd93ff8eac4296489c60a503315469630e98201dcb488b16
MD5 hash: 18c5ab9d78106ecc6bce997f4364d975
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:umpnpmgr.dll
File size:120'832 bytes
SHA256 hash: a9e8217d7b1554a606d05510d5ce1dde60944922a45401a8652f50218d4ec5cb
MD5 hash: 03ba8bb294ce2b52d9e8f64e94b4b402
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:Windows.Media.Speech.UXRes.dll.mui
File size:8'192 bytes
SHA256 hash: ed2433f78fad328c1c8db7e36698c6d4c5497ad7dd1342b40cd7c4762acf0190
MD5 hash: 3912c051cd716dcd60cf86919c24b9ff
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:OBS.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:762'023'936 bytes
SHA256 hash: 0afc18a6890970fa87b32ea90270db1f723190bba3a4fb24957a901cbacc7de2
MD5 hash: 1f0664bc6de1cb394c6fdcb4e8792d26
De-pumped file size:7'049'216 bytes (Vs. original size of 762'023'936 bytes)
De-pumped SHA256 hash: e809a311f3bbfcfc796b37783b4bdbd76c4bd59657252ee3fd20150f8a76ccea
De-pumped MD5 hash: 0572de40b29c53ebe8df22f6875bba9d
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:swprv.dll
File size:457'728 bytes
SHA256 hash: 0a8a7f59a64aff47820d89d9ffc23529aec480f087f11d7b6c59c80862926911
MD5 hash: 0a8d4a836a0f539c1426d1270aad7589
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:unattend.dll
File size:205'624 bytes
SHA256 hash: 2c383ccd41e21db1b1f7154c9423e7b10d764b81e315de3792a61c9bb51378d0
MD5 hash: 05d0c389962088a9c8d97628037b28d6
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:TtlsAuth.dll
File size:258'560 bytes
SHA256 hash: 36345ce85d5d7f5d6a8455b089abb5b77c0c9ae156652c4b0dc096c2888fb007
MD5 hash: bf00b491c3dd3d36df78d5e4b3c1dbb3
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:twinapi.appcore.dll
File size:2'180'136 bytes
SHA256 hash: 17b3b4bf1e2b851da1f956d5fba2c8a0e60b95ff33c70a10dddfac7b65d5257d
MD5 hash: b638d143ba0ca317b3ea650e86b5f63e
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:msprivs.dll.mui
File size:6'144 bytes
SHA256 hash: 08ade6ef63b596aa50582e88adad81279a8dd357087cd21dbe418e7e8ee7a8d4
MD5 hash: 1f1860f1868b98097109e33621819a05
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:UserDataAccessRes.dll
File size:8'192 bytes
SHA256 hash: 7c77c7ebcb8d691b412cd00353a387bf2e5dd647e30ad600f397dad8093953fd
MD5 hash: 8c29d34c58401c4daccfb698dced3310
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:TimeBrokerClient.dll
File size:35'840 bytes
SHA256 hash: c40307ce1c7cb389cbea56b05f35133c955ebb1efdad904777c8c8ef3e3acc56
MD5 hash: 2d19d3f2091da9dc6d422c80bc4208dc
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:umcRes.dll
File size:185'856 bytes
SHA256 hash: a812101ac4615fe67caa072103698a89453899b800924f084d75b84ebd0b83e5
MD5 hash: cae1c6ba7d232c96a6d9e3bbb53eaac0
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:ttdwriter.dll
File size:330'672 bytes
SHA256 hash: b1828fdb41cc0972607a4831d7a7ca979c4d51c95d18f82a53e71ea8c6926bdb
MD5 hash: 5fd37a0ea967d042fef9c4f9bdbed023
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:ttdrecord.dll
File size:144'288 bytes
SHA256 hash: 874131950b99a6662bf96fbf6fb540923d6b558f51f01a8ec4afd148d31a3064
MD5 hash: 899493c11e397f04daaa5260eeeee7f0
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:twinapi.dll
File size:620'544 bytes
SHA256 hash: 3c4827fe2339b6ac87b3d6be2dcffd011eb91cab505b145b31961fea2a4c4492
MD5 hash: 0cc9109f344c980f9e971a52dabebb7c
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:windows.ui.xaml.dll.mui
File size:17'408 bytes
SHA256 hash: bbbf3d1d5e3d32992e8d851e917d5b143fe1f545dc1d035b075443c99a78120c
MD5 hash: bf230fa08e5ddec0be6808b50335b1d6
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:threadpoolwinrt.dll
File size:68'096 bytes
SHA256 hash: 06eccbf0db942f05bdd27baf7d5eecc0597568e3350279eac07217a8f05c68b4
MD5 hash: 51cb50d02ca7c2f73dc09c6471844c7a
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:sysclass.dll
File size:125'440 bytes
SHA256 hash: 0c9c1d163edd74edc5445adb0603df34aa17b7c029d2ade5ccd080e5ec2576cb
MD5 hash: acec68396b17e1c4a6f213896731f3c9
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:TimeBrokerServer.dll
File size:174'592 bytes
SHA256 hash: a51fef488bedc8fdbf445c08d87bdd7b209c8a28980990d88f3267445bbff4b1
MD5 hash: 6b50241793122402d063a17ffec04c01
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:usermgr.dll
File size:1'257'472 bytes
SHA256 hash: 4e81749fe2194d78c308b0fd7f6a9836c6912aeb8fb7e793f6f116003ffcaee6
MD5 hash: b40a3ea29d29103d5523eb017bbb1b5a
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:Unistore.dll
File size:1'171'968 bytes
SHA256 hash: b25ca937226160fcf72ffa92b4e3c32702a9d99a8b77a0655ad5ddfebfbc2b85
MD5 hash: e8aea5dc2fb405480f259912950111fe
MIME type:application/x-dosexec
Signature Rhadamanthys
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/4daaba19d412cdf3838a0c373cdc9b7cfc26423723307482e4b0f946909c726e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4daaba19d412cdf3838a0c373cdc9b7cfc26423723307482e4b0f946909c726e/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-01-15 00:29:12 UTC
File Type:
Binary (Archive)
Extracted files:
1021
AV detection:
9 of 25 (36.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jwvlugouclg7ha4kbq3tzxe3pt6cmqrxemyhjaxewd4unee4ojxa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230115-qrtcgsfc78/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.21
Link:
https://yomi.yoroi.company/submissions/4daaba19d412cdf3838a0c373cdc9b7cfc26423723307482e4b0f946909c726e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

zip 4daaba19d412cdf3838a0c373cdc9b7cfc26423723307482e4b0f946909c726e

(this sample)

0afc18a6890970fa87b32ea90270db1f723190bba3a4fb24957a901cbacc7de2

Rhadamanthys

zip 9b56f14d9c10d4b98c15bb6c59688e7bf736403d1b048c38958963862d4590e7

  
Dropping
SHA256 9b56f14d9c10d4b98c15bb6c59688e7bf736403d1b048c38958963862d4590e7
  
Dropping
SHA256 0afc18a6890970fa87b32ea90270db1f723190bba3a4fb24957a901cbacc7de2
  
Dropping
SHA256 e809a311f3bbfcfc796b37783b4bdbd76c4bd59657252ee3fd20150f8a76ccea
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2508437/
  
Dropping
MD5 af6b724b261b10c45f916d862b727f90
  
Dropping
MD5 0572de40b29c53ebe8df22f6875bba9d

Comments