MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 612d940023d8530377f0571cb839d667e172dcbe307878ffd31b20f534c1169d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 612d940023d8530377f0571cb839d667e172dcbe307878ffd31b20f534c1169d
SHA3-384 hash: 25a5876ed1b9e67528eac2861d378a3d530c0f8b8e203e9f395d8c5edeed343178a26558d296c414818611f7fe7ad9b5
SHA1 hash: 0a696f30cb8b949597cd4b51ece5a52de966af39
MD5 hash: e15887561e7b57b2276e800e842194ed
humanhash: kitten-yankee-emma-india
File name:fscan32.exe
Download: download sample
File size:6'132'736 bytes
First seen:2026-02-13 09:59:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (357 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 98304:1uwVNE+m2EO9L2jwhoTZpDNUUuhGckwjNBW5HYMObuxv3tXmff:1dNgaL2MhoTZpDNu/pCHYMbxftWff
TLSH T191563377470203B7A77A893F3B656C21E65F2C7A44D3052A9BBE4CD204B67D0273962B
TrID 60.5% (.EXE) UPX compressed Win32 Executable (27066/9/6)
11.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.0% (.EXE) Win32 Executable (generic) (4504/4/1)
4.6% (.ICL) Windows Icons Library (generic) (2059/9)
4.5% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter juroots
Tags:exe UPX
File size (compressed) :6'132'736 bytes
File size (de-compressed) :27'772'416 bytes
Format:win32/pe
Unpacked file: c8d78e0d38a5be0964355e0d1018210ea0aa58969ee166a6a39e499782420ed8

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
PEPacker
Details
PEPacker
a UPX version number and an unpacked binary
Link:
https://research.acce.ciphertechsolutions.com/results/76ac5854-cf2b-4de0-9548-ae845e4a93f3/
Malware family:
n/a
ID:
1
File name:
https://github.com/shadow1ng/fscan/releases/tag/1.8.4
Verdict:
No threats detected
Analysis date:
2025-10-13 00:31:55 UTC
Tags:
github
Link:
https://app.any.run/tasks/09854de5-56f0-4cef-b570-6e26fab854c4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/53239/
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=698ef64776589225f6664cba
Tags:
virus
Verdict:
Malicious
Labled as:
Dump:Generic.FScan.Marte.A
Link:
https://www.hybrid-analysis.com/sample/612d940023d8530377f0571cb839d667e172dcbe307878ffd31b20f534c1169d
Verdict:
Malicious
File Type:
exe x32
First seen:
2024-05-23T11:11:00Z UTC
Last seen:
2026-02-13T10:39:00Z UTC
Hits:
~1000
Detections:
HEUR:Worm.Win32.Generic HEUR:HackTool.Win32.Agent.gen HEUR:HackTool.Multi.Fscan.a BSS:Exploit.Java.Generic
Link:
https://opentip.kaspersky.com/612d940023d8530377f0571cb839d667e172dcbe307878ffd31b20f534c1169d/results?tab=lookup
Malware family:
N-able Technologies, Ltd.
Create hunting rule
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/86e461df-c4bb-4c2d-b933-67f3d1f49de8
Score:
58%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/612d940023d8530377f0571cb839d667e172dcbe307878ffd31b20f534c1169d
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/e15887561e7b57b2276e800e842194ed
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/612d940023d8530377f0571cb839d667e172dcbe307878ffd31b20f534c1169d/
Verdict:
Malicious
Threat:
HackTool.Multi.Fscan
Link:
https://tip.neiki.dev/file/612d940023d8530377f0571cb839d667e172dcbe307878ffd31b20f534c1169d
Threat name:
Win32.Exploit.CVE-2018-13379
Create hunting rule
Status:
Malicious
First seen:
2024-06-18 10:30:41 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
23 of 36 (63.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mewziabd3bjqg57qk4olqoowm7qxfxf6gb4hr76tdmqpkngbc2oq._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
discovery upx
Link:
https://tria.ge/reports/260213-l1w3hsbs9g/
Behaviour
System Location Discovery: System Language Discovery
UPX packed file
Unpacked files
SH256 hash:
612d940023d8530377f0571cb839d667e172dcbe307878ffd31b20f534c1169d
MD5 hash:
e15887561e7b57b2276e800e842194ed
SHA1 hash:
0a696f30cb8b949597cd4b51ece5a52de966af39
Link:
https://www.unpac.me/results/8774b90f-70ca-4eaa-ad9e-cf0ae6a2452f/
SH256 hash:
dbe840ed1ca5cc9bf91893474c5e5aa7958b1378f43c84095badb81ab83dd277
MD5 hash:
86d9795dfc919c5d4c57712f9a78e43d
SHA1 hash:
e61fca520f51299693ad4453a92147f91d8b23c9
Detections:
EXPL_POC_SpringCore_0day_Indicators_Mar22_1
Create hunting rule
INDICATOR_TOOL_EXP_ApacheStrusts
Create hunting rule
INDICATOR_TOOL_FScan
Create hunting rule
Link:
https://www.unpac.me/results/8774b90f-70ca-4eaa-ad9e-cf0ae6a2452f/
SH256 hash:
155222d6c02f488b5cd83979e3899a623c7cc1b73b32a7eb43103173c0d678cf
MD5 hash:
23f9fd18c38c5724ccff327662379f14
SHA1 hash:
598f602716b1f83f8c1fdb829e355c859975f364
Detections:
EXPL_POC_SpringCore_0day_Indicators_Mar22_1
Create hunting rule
INDICATOR_TOOL_EXP_ApacheStrusts
Create hunting rule
INDICATOR_TOOL_FScan
Create hunting rule
Link:
https://www.unpac.me/results/8774b90f-70ca-4eaa-ad9e-cf0ae6a2452f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.81
Link:
https://yomi.yoroi.company/submissions/612d940023d8530377f0571cb839d667e172dcbe307878ffd31b20f534c1169d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DetectGoMethodSignatures
Create hunting rule
Author:Wyatt Tauber
Description:Detects Go method signatures in unpacked Go binaries
Rule name:GoBinTest
Create hunting rule
Rule name:golang_binary_string
Create hunting rule
Description:Golang strings present
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:upx_largefile
Create hunting rule
Author:k3nr9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 612d940023d8530377f0571cb839d667e172dcbe307878ffd31b20f534c1169d

(this sample)

Executable exe c8d78e0d38a5be0964355e0d1018210ea0aa58969ee166a6a39e499782420ed8

Cape
Cape
https://www.capesandbox.com/analysis/53239/
  
Dropping
SHA256 c8d78e0d38a5be0964355e0d1018210ea0aa58969ee166a6a39e499782420ed8
  
Dropping
MD5 ad5c3a5993accd42137694a589deee02
  
URLhaus
https://urlhaus.abuse.ch/url/3777084/
  
Delivery method
Distributed via web download

Comments