MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79796d2353c695ca0936222634f98890f856db7167dd32c3979cb96c50fde4c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA 22 File information Comments

SHA256 hash:	79796d2353c695ca0936222634f98890f856db7167dd32c3979cb96c50fde4c5
SHA3-384 hash:	e76fd8f965572b66be8b262b07834cfc403812233e5068d3c2c59c0b769182c0625af0fac6f3139ca1038992547697ad
SHA1 hash:	2fa57257085f7e7e0800ba19c53fd2a6d6f00b25
MD5 hash:	13535a2c5413361acb866d73c26dba8e
humanhash:	mars-video-freddie-gee
File name:	oil.zip
Download:	download sample
File size:	13'191'792 bytes
First seen:	2025-12-07 11:25:58 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	393216:aVdI6rD3n/a9BsdoMRAsF0fiCPoQoztyj:abDX/yB+R+f2Qow
TLSH	T196D633CC98C5CF0EBBA1B36A2D24F694B3694B4F481257688FA6F7D6B6C1479201DC13
Magika	zip
Reporter	juroots
Tags:	zip

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 40 file(s), sorted by their relevance:

File name:	_wmi.pyd
File size:	40'288 bytes
SHA256 hash:	426160c18730ef7fe03cb87a82a40fd87e51c20cd37cb3c3b1d6ed68e850fd48
MD5 hash:	a321d1faf2edd0b04f7f892274a1e906
MIME type:	application/x-dosexec

File name:	vcruntime140_1.dll
File size:	49'776 bytes
SHA256 hash:	6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
MD5 hash:	c0c0b4c611561f94798b62eb43097722
MIME type:	application/x-dosexec

File name:	_socket.pyd
File size:	87'256 bytes
SHA256 hash:	949ce38846482507a4e37c7c607e51bb107ed8fbad66342f610cea90bdfec8db
MD5 hash:	be26790cb2568a83cc34e9ba75924dc2
MIME type:	application/x-dosexec

File name:	_asyncio.pyd
File size:	77'800 bytes
SHA256 hash:	024b0704224b92427ca32f66ad1bc040ac4fa4d1cfcdc2ea59de0f363490058d
MD5 hash:	4fd9bcc1893dd257d7a2bf1550e8d5a5
MIME type:	application/x-dosexec

File name:	_ctypes.pyd
File size:	140'776 bytes
SHA256 hash:	e7737fb6b4b2ef8bb5ab1a032d0feb7dc72320e4a5e34b2fdc5cf39efd2243a0
MD5 hash:	165b893d133ff9025c878b9ac3f6a179
MIME type:	application/x-dosexec

File name:	pythonw.exe
File size:	103'912 bytes
SHA256 hash:	dd8cfc583145dc84cc45912746846aa44c4289ebcf5c336df8708e46abefc63b
MD5 hash:	3caf1425cd9d1fe5e84fff49917945cf
MIME type:	application/x-dosexec

File name:	_remote_debugging.pyd
File size:	74'216 bytes
SHA256 hash:	2bdcdf8b082f5ddd43ee74396caa42045a5ed4c03ab9a8b02d4ea7f194d9f2e2
MD5 hash:	244bd17279332e7ec2a1a5872b9c6a35
MIME type:	application/x-dosexec

File name:	_queue.pyd
File size:	35'816 bytes
SHA256 hash:	44958611521fb9e55f14804df0d67acd3ffa7dc1543473d506a9101fac74fb70
MD5 hash:	d0113d29e644f174d99e2be13125813e
MIME type:	application/x-dosexec

File name:	_uuid.pyd
File size:	27'624 bytes
SHA256 hash:	d9c08e5ce521ce2f5ab14b201a620fb63fa351cf33088baf13f2d039e2deb31b
MD5 hash:	e2859f281743dc9db6aeec339423a88b
MIME type:	application/x-dosexec

File name:	_decimal.pyd
File size:	288'096 bytes
SHA256 hash:	548d02e0bdd1f031363aff30bd42fc073f1f5d8fdee58f7337614e9f17129606
MD5 hash:	acbc4b973835b9bdb7885ebd35fb6b2f
MIME type:	application/x-dosexec

File name:	_elementtree.pyd
File size:	138'592 bytes
SHA256 hash:	e5554d7f34986a86594646e711599e5d2ef0ac7e1d181239e45110c14a9f50dc
MD5 hash:	281650eb993c17a2496966440de4b11b
MIME type:	application/x-dosexec

File name:	_hashlib.pyd
File size:	69'464 bytes
SHA256 hash:	00854dc2d4e3c1ec76da47f2987bba38c74fa576967f5450293676231a874e7e
MD5 hash:	c4280eada71a1529145ed3268a8d87a0
MIME type:	application/x-dosexec

File name:	libffi-8.dll
File size:	39'696 bytes
SHA256 hash:	eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
MD5 hash:	0f8e4992ca92baaf54cc0b43aaccce21
MIME type:	application/x-dosexec

File name:	python3.dll
File size:	73'192 bytes
SHA256 hash:	12825fdf936e2386106180139a909ea47462589873c1cfd5dade55dc76de22ef
MD5 hash:	ca1e36e2c7f56f02cc7894119fe6a363
MIME type:	application/x-dosexec

File name:	_multiprocessing.pyd
File size:	37'864 bytes
SHA256 hash:	50f3d5e765163b738c0b848ec3bfd190c538b771172287aa09e3eac15d95b27c
MD5 hash:	d08bdf04547a3471ded32da97f2baa07
MIME type:	application/x-dosexec

File name:	_zstd.pyd
File size:	503'272 bytes
SHA256 hash:	94ad300433c9a55c13b3db3e051999b8f9dd4c227c39440becec1917b9fae8f3
MD5 hash:	428ffbcfc5bce4cc1af6dee3257f896c
MIME type:	application/x-dosexec

File name:	pyexpat.pyd
File size:	205'800 bytes
SHA256 hash:	46056e38a63a2e0aba186ac11b703ee03c4481c3e2bf12d8512b574f51eaeffa
MD5 hash:	56321f481843f476f558074c8bab7c3e
MIME type:	application/x-dosexec

File name:	_bz2.pyd
File size:	87'768 bytes
SHA256 hash:	16de8e7a815800d97b70975f2dd613a579f30fb391ed985bb6556b761e8f8d5e
MD5 hash:	8907cdb7c04f66781d5e1958de627cba
MIME type:	application/x-dosexec

File name:	vcruntime140.dll
File size:	120'400 bytes
SHA256 hash:	052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
MD5 hash:	32da96115c9d783a0769312c0482a62d
MIME type:	application/x-dosexec

File name:	libssl-3.dll
File size:	794'992 bytes
SHA256 hash:	007142039f04d04e0ed607bda53de095e5bc6a8a10d26ecedde94ea7d2d7eefe
MD5 hash:	8d4805f0651186046c48d3e2356623db
MIME type:	application/x-dosexec

File name:	_overlapped.pyd
File size:	57'320 bytes
SHA256 hash:	c47aa405b0f4100450295fc60f824596fd4233ab6f6cf107a4beff7e65d784ff
MD5 hash:	7abbb69eb16b8aff76dfacc920beda1f
MIME type:	application/x-dosexec

File name:	_zoneinfo.pyd
File size:	50'904 bytes
SHA256 hash:	6ff2250a6f9fda46589701d0794dcb581c1f9c75efdcd6d3ebbf6464f91cfc26
MD5 hash:	16c5ce73f21999215bdc4533407973f6
MIME type:	application/x-dosexec

File name:	python314.dll
File size:	6'753'768 bytes
SHA256 hash:	095e408a143422059df960c60d0f17a739d1329ea84ee7ed4199b02f59024953
MD5 hash:	0833d72b17fa1732ed7a52f60833281f
MIME type:	application/x-dosexec

File name:	python.exe
File size:	105'448 bytes
SHA256 hash:	ace3f9af93e51c80b5c85bac549b4e2667f832b467b697bbd96ffc099df0069f
MD5 hash:	7d083e0dcf0526dcf9ce793fa1742343
MIME type:	application/x-dosexec

File name:	_ssl.pyd
File size:	182'760 bytes
SHA256 hash:	c3303bb5d2d02fbb5fa266f5611b00f35dc796f24026b20c97691600b6c9cadc
MD5 hash:	013f822b115afc10cf1ed49b38ab1efc
MIME type:	application/x-dosexec

File name:	libcrypto-3.dll
File size:	5'231'472 bytes
SHA256 hash:	ccfffddcd3defb8d899026298af9af43bc186130f8483d77e97c93233d5f27d7
MD5 hash:	ae5b2e9a3410839b31938f24b6fc5cd8
MIME type:	application/x-dosexec

File name:	sqlite3.dll
File size:	1'586'016 bytes
SHA256 hash:	b133f3b314ea3a23214b9744f8f4b40a41edcbefda59fa2c6ee6bfc26e0f9b3f
MD5 hash:	e33804d249b39e051cdbab2e2724aeb1
MIME type:	application/x-dosexec

File name:	select.pyd
File size:	32'744 bytes
SHA256 hash:	28f8cf3fa41d0b64ace2c4dec1a8a901ff5184a0c7bbac4b37101e262bb2a6f2
MD5 hash:	37439c66708be9baf8c72c11c0650587
MIME type:	application/x-dosexec

File name:	winsound.pyd
File size:	33'120 bytes
SHA256 hash:	1ad98949b32962b5617134a9ef864767cfbc7d858ad3224830611ca04d9aa198
MD5 hash:	3dae88653316b306a5612eeeeae5e79a
MIME type:	application/x-dosexec

File name:	fr.bin
File size:	1'222'914 bytes
SHA256 hash:	b3a3099616849bbe9b2deda7069790d9b3b3ec5bc9f11e6a1f8d7aae7fa534d7
MD5 hash:	0022ff1e0fd1f0ca28b37703be341ed9
MIME type:	application/octet-stream

File name:	python.cat
File size:	587'000 bytes
SHA256 hash:	a7f11ede59f24be38d4df6cb64edc479d38977871c874ea520f294910bf3d882
MD5 hash:	994824e854b80a3ff3b30d4efc430fef
MIME type:	application/octet-stream

File name:	unicodedata.pyd
File size:	757'224 bytes
SHA256 hash:	6d0eb2a7007d31981a54bad971f8a1a491041910010cdcd41dcb51e702c9be2e
MD5 hash:	9c1b0556c67fdffe9463a685bd9386e9
MIME type:	application/x-dosexec

File name:	_sqlite3.pyd
File size:	131'560 bytes
SHA256 hash:	d36e6488f41d29957c6fa31f733ddc8a82fd21f2221ca4724accf5c090f2559d
MD5 hash:	bbe7d13b2ed5029120e76de10a0bf016
MIME type:	application/x-dosexec

File name:	_lzma.pyd
File size:	160'232 bytes
SHA256 hash:	a61cf6ff07aeadb630f7a10fd4d02aa516a171408bd832a93b22942394bc6fbf
MD5 hash:	84402da431b29410e3c6c14fe14dd473
MIME type:	application/x-dosexec

File name:	python314._pth
File size:	80 bytes
SHA256 hash:	2ed7ccda80e9e28ab5877902a9a325586c8a7b7b3e6731d944565bee082e216c
MD5 hash:	fd5220307b5be48ceb9092be8b37598c
MIME type:	text/x-objective-c

File name:	a.txt
File size:	78 bytes
SHA256 hash:	7872ae3fcb62715a9c48f9b3ed487b65c1717049b0d49de5d3f2f54ae8414b35
MD5 hash:	1267886f4f95ca12995ead37ce28df14
MIME type:	text/plain

File name:	python314.zip
File size:	4'075'162 bytes
SHA256 hash:	83e8d7fc854c1181aaa36a1f0546b9bc1daf82870cd5550ac4f863a5dd45ddf9
MD5 hash:	5607c2a9ec332e2a15cf6d92bcdd14a8
MIME type:	application/zip

File name:	nea.py
File size:	3'787 bytes
SHA256 hash:	ab2fa23ad93db3ff3401bd612d6d25c1e5f32f958c4fc9e218568561285b2807
MD5 hash:	4fabf716d4baaca650634ba07e6e0f5e
MIME type:	text/plain

File name:	2
File size:	1'499 bytes
SHA256 hash:	a6bfbf8d5bca6033c9eac8aa511bf4d7d6655f6c9a6046e63c3dc57b10ff3902
MD5 hash:	cc5f24bf41b0c2cb7d441d0f07cd74e7
MIME type:	text/xml

File name:	LICENSE.txt
File size:	35'407 bytes
SHA256 hash:	935cf13e19f8c31b497d20b05d73623431a226b230c3599bc30fa3348979bc68
MD5 hash:	f5220a3766378179dbfb98c1eae9a464
MIME type:	text/plain

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/836b4df2-6490-49ab-ae09-ed907d555878/

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69356472920336450abc1239

Tags:

n/a

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/79796d2353c695ca0936222634f98890f856db7167dd32c3979cb96c50fde4c5

Result

Verdict:

SUSPICIOUS

Link:

https://labs.inquest.net/dfi/sha256/79796d2353c695ca0936222634f98890f856db7167dd32c3979cb96c50fde4c5

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

File Type:

zip

First seen:

2025-11-27T05:30:00Z UTC

Last seen:

2025-11-27T06:04:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/79796d2353c695ca0936222634f98890f856db7167dd32c3979cb96c50fde4c5/results?tab=lookup

Score:

Verdict:

Benign

File Type:

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/251207-vrhcfadp71/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.15

Link:

https://yomi.yoroi.company/submissions/79796d2353c695ca0936222634f98890f856db7167dd32c3979cb96c50fde4c5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BLOWFISH_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for Blowfish constants

Rule name:	CAS_Malware_Hunting Create hunting rule
Author:	Michael Reinprecht
Description:	DEMO CAS YARA Rules for sample2.exe

Rule name:	Check_OutputDebugStringA_iat Create hunting rule

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerException__ConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	ldpreload Create hunting rule
Author:	xorseed
Reference:	https://stuff.rop.io/

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants

Rule name:	upxHook Create hunting rule
Author:	@r3dbU7z
Description:	Detect artifacts from 'upxHook' - modification of UPX packer
Reference:	https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

Rule name:	vmdetect Create hunting rule
Author:	nex
Description:	Possibly employs anti-virtualization techniques

Rule name:	WHIRLPOOL_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for WhirlPool constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 79796d2353c695ca0936222634f98890f856db7167dd32c3979cb96c50fde4c5

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3728659/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3728861/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample