MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ef5daa2a2fae50d0290b88598b4ee0edc2b608cf4df93d7f379f87ed91e3214. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ef5daa2a2fae50d0290b88598b4ee0edc2b608cf4df93d7f379f87ed91e3214
SHA3-384 hash: 8eabbaa8d734de1b94727a51eb91efbafd59f6ee76992a7f37a7b3d1d25381bf5733863ca4ee9b9c50271e67010810ed
SHA1 hash: 1969744a5996f31e9b512780b17f2459b6b460c3
MD5 hash: 493cd7b9473e0b7a1f4b072b888d02f8
humanhash: kitten-india-lactose-victor
File name:M.LNk
Download: download sample
File size:1'664 bytes
First seen:2026-04-13 14:18:02 UTC
Last seen:Never
File type:Shortcut (lnk) lnk
MIME type:application/x-ms-shortcut
ssdeep 48:8HmPhTBeEmp0fh30Aix9BVEjzdvI5Za4tBRoKpGMK:8Afe5CfB0bfV+dvCZa0Fwz
TLSH T1FB3110E4B402970DC70222BE88F98565C8FACB51530EDFD2B2E012E385756198F5F6CE
Magika html
Reporter Mr128BitOff
Tags:https://pdfplugout.com lnk

Intelligence

File Origin
# of uploads :
1
# of downloads :
48
Origin country :
FR FR
Vendor Threat Intelligence
Malware configuration found for:
LNK
Details
Link:
https://research.acce.ciphertechsolutions.com/results/72fc4782-2d80-4b76-8dfa-0bdd458eddb3/
Detection(s):
Win.Exploit.CVE_2026_21513-10059610-0
Create hunting rule

Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69dcfb42f68adfe100396a92
Tags:
n/a
Result
Verdict:
Malicious
File Type:
LNK File
Link:
https://app.docguard.net/4ef5daa2a2fae50d0290b88598b4ee0edc2b608cf4df93d7f379f87ed91e3214/results/dashboard
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
aidetect phishing
Link:
https://www.filescan.io/uploads/69dcfb3d5ea31bc68a264cb6/reports/37113b65-7c06-4248-9a46-f9c950542abe/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/4ef5daa2a2fae50d0290b88598b4ee0edc2b608cf4df93d7f379f87ed91e3214
Verdict:
Malicious
File Type:
lnk
First seen:
2026-04-13T11:25:00Z UTC
Last seen:
2026-04-14T15:10:00Z UTC
Hits:
~10
Detections:
HEUR:Exploit.WinLNK.CVE-2026-21513.a HEUR:Exploit.JS.CVE-2026-21513.a
Link:
https://opentip.kaspersky.com/4ef5daa2a2fae50d0290b88598b4ee0edc2b608cf4df93d7f379f87ed91e3214/results?tab=lookup
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4ef5daa2a2fae50d0290b88598b4ee0edc2b608cf4df93d7f379f87ed91e3214/
Verdict:
Malicious
Threat:
Exploit.WinLNK.CVE-2026-21513
Link:
https://tip.neiki.dev/file/4ef5daa2a2fae50d0290b88598b4ee0edc2b608cf4df93d7f379f87ed91e3214
Threat name:
Win32.Exploit.Manguden
Create hunting rule
Status:
Suspicious
First seen:
2026-04-13 14:18:41 UTC
File Type:
Binary
Extracted files:
2
AV detection:
12 of 38 (31.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j325vivc7lsq2auqxcczrnhob3ocwyem6tpzhv7tph4h5wi6gika._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260413-rmk1zsb13t/
Behaviour
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/4ef5daa2a2fae50d0290b88598b4ee0edc2b608cf4df93d7f379f87ed91e3214

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Download_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies download artefacts in shortcut (LNK) files.
Rule name:Script_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies scripting artefacts in shortcut (LNK) files.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments