MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70c93d4a95eccb5822334fac8eb8fec51e43ed2477893dee9e033f4adbb14ef3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70c93d4a95eccb5822334fac8eb8fec51e43ed2477893dee9e033f4adbb14ef3
SHA3-384 hash: 258a8065387b6104acfc05642327a5e8c7ef45af1c0ecf2f07a8102c163a8cc5604caff09e131dd035254e1ee43e5083
SHA1 hash: da2f18767d29731e94b1e2354de09d2058512abf
MD5 hash: aa621152fc6840c1ea4aa2542e247625
humanhash: ceiling-zulu-river-enemy
File name:70c93d4a95eccb5822334fac8eb8fec51e43ed2477893dee9e033f4adbb14ef3.dll
Download: download sample
File size:175'880 bytes
First seen:2026-02-27 13:44:37 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 902004cf7fff8197f1cccd171ce69e91
ssdeep 3072:C+x/YbS65+FxIN2VVV5F6xNcx8h3gkcapXkLpklNLJol8eugYTC2nCeQ4hd75i+:C+xwS65kFVtIj3Xcap0NkldC8TbY8J
TLSH T106041233E3005588C88DE03492DF6A79A270B635C091EC4B6A68EE5D3D35B7BDC9752A
TrID 35.7% (.EXE) UPX compressed Win32 Executable (27066/9/6)
35.0% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.9% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter Anonymous
Tags:dll signed UPX

Code Signing Certificate

Organisation:CodeSignCert2
Issuer:产品根证书
Algorithm:sha1WithRSAEncryption
Valid from:2001-11-05T07:45:29Z
Valid to:2031-11-05T07:45:29Z
Serial number: 05636399
Thumbprint Algorithm:SHA256
Thumbprint: 504aca1842123a73fd7a885805a6ab8f40bb10e2d6128b80a1f5480c164c2bb8
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform
File size (compressed) :175'880 bytes
File size (de-compressed) :395'016 bytes
Format:win32/pe
Unpacked file: 3f545682955d876b5a5ed6ef9e2b5ebd0eba3573a5bed86928eba8ec1c1f26e1

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
PEPacker
Details
Link:
https://research.acce.ciphertechsolutions.com/results/547ed720-c6d0-4529-adad-da98becfb079/
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/54865/
Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a19ffa8fffa866e3b2c898
Tags:
injection dropper obfusc madi
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/70c93d4a95eccb5822334fac8eb8fec51e43ed2477893dee9e033f4adbb14ef3
Verdict:
Clean
File Type:
PE/Dll
First seen:
2010-07-23T09:17:00Z UTC
Last seen:
2026-02-13T16:14:00Z UTC
Hits:
~10000
Link:
https://opentip.kaspersky.com/70c93d4a95eccb5822334fac8eb8fec51e43ed2477893dee9e033f4adbb14ef3/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/e6a34b08-6191-49ee-9da0-52bfc5086e3b
Score:
4%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/70c93d4a95eccb5822334fac8eb8fec51e43ed2477893dee9e033f4adbb14ef3
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/70c93d4a95eccb5822334fac8eb8fec51e43ed2477893dee9e033f4adbb14ef3/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/70c93d4a95eccb5822334fac8eb8fec51e43ed2477893dee9e033f4adbb14ef3
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=odet2suv5tfvqirtj6wi5oh6yupeh3jeo6et33u6am7uvw5rj3zq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
bootkit discovery persistence upx
Link:
https://tria.ge/reports/260227-q2l16aax4h/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in System32 directory
UPX packed file
Writes to the Master Boot Record (MBR)
Unpacked files
SH256 hash:
70c93d4a95eccb5822334fac8eb8fec51e43ed2477893dee9e033f4adbb14ef3
MD5 hash:
aa621152fc6840c1ea4aa2542e247625
SHA1 hash:
da2f18767d29731e94b1e2354de09d2058512abf
Link:
https://www.unpac.me/results/ec4e26c3-ac48-4aa8-815e-4026e81ec8f2/
SH256 hash:
3f545682955d876b5a5ed6ef9e2b5ebd0eba3573a5bed86928eba8ec1c1f26e1
MD5 hash:
3749d57b840f865a7590b6b3de63c6c0
SHA1 hash:
e2c21e6f1e9dfd37e0a5c4833979d3b7fcdc72c9
Detections:
SUSP_XORed_URL_In_EXE
Create hunting rule
Link:
https://www.unpac.me/results/ec4e26c3-ac48-4aa8-815e-4026e81ec8f2/
Parent samples :
3f545682955d876b5a5ed6ef9e2b5ebd0eba3573a5bed86928eba8ec1c1f26e1
70c93d4a95eccb5822334fac8eb8fec51e43ed2477893dee9e033f4adbb14ef3
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.25
Link:
https://yomi.yoroi.company/submissions/70c93d4a95eccb5822334fac8eb8fec51e43ed2477893dee9e033f4adbb14ef3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

DLL dll 70c93d4a95eccb5822334fac8eb8fec51e43ed2477893dee9e033f4adbb14ef3

(this sample)

DLL dll 3f545682955d876b5a5ed6ef9e2b5ebd0eba3573a5bed86928eba8ec1c1f26e1

Cape
Cape
https://www.capesandbox.com/analysis/54865/
  
Dropping
SHA256 3f545682955d876b5a5ed6ef9e2b5ebd0eba3573a5bed86928eba8ec1c1f26e1
  
Dropping
MD5 3749d57b840f865a7590b6b3de63c6c0

Comments