MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ce7dd2c8f694f2dd4f5571e8e294508cc81aa0f04fdcfaded9c1a27c44895f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA 10 File information Comments

SHA256 hash:	7ce7dd2c8f694f2dd4f5571e8e294508cc81aa0f04fdcfaded9c1a27c44895f4
SHA3-384 hash:	ae688574be44fff58c4e6e55106b5d6f863e38cd409339b0ee0d3b0b3936b1bacc2fa662f3a0547f57959ab3de376027
SHA1 hash:	28e29c31c8c0c0f9e08cfba96bb82beddbcb70c8
MD5 hash:	7b64208e56baf5066faf85039275f85b
humanhash:	video-mango-kitten-october
File name:	SecuriteInfo.com.Variant.Fragtor.483665.982.24477
Download:	download sample
File size:	466'432 bytes
First seen:	2026-02-13 06:22:10 UTC
Last seen:	2026-02-13 07:23:24 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9cb9dff2cc09de0470e97faa96d810c8
ssdeep	12288:iAFJZiohwKLF+m+C53zWoiXm0nmSQOgmH86:iAPZzpP53zhiW02J8v
TLSH	T19EA4DE609608B6DAC85811F7A4E67B4C581AEE0471D41CC67DCF32BA6E38BE1EED7D40
TrID	68.2% (.EXE) UPX compressed Win32 Executable (27066/9/6) 11.3% (.EXE) Win32 Executable (generic) (4504/4/1) 5.2% (.EXE) Win16/32 Executable Delphi generic (2072/23) 5.1% (.EXE) OS/2 Executable (generic) (2029/13) 5.0% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe UPX

UPX packed

This file is packed with UPX. We have therefore unpacked the file. Below is furhter information about the unpacked (de-compressed) file.

File size (compressed) :	466'432 bytes
File size (de-compressed) :	1'306'112 bytes
Format:	win32/pe
Unpacked file:	cf6a96a3d5f4a41f7087caec1e4fe86cac1e30a35f57ab7c31d92f050878e349

Intelligence

File Origin

# of uploads :

# of downloads :

104

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

PEPacker

Details

PEPacker

a UPX version number and an unpacked binary

Link:

https://research.acce.ciphertechsolutions.com/results/85651d19-73aa-4ad2-bf26-0e82193670ab/

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Variant.Fragtor.483665.982.24477

Verdict:

Malicious activity

Analysis date:

2026-02-13 06:25:36 UTC

Tags:

auto-sch delphi upx

Link:

https://app.any.run/tasks/07870dec-b708-40aa-8cfa-902aefc67dfe

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/53192/

Detection(s):

SecuriteInfo.com.Variant.Fragtor.483665.982.24477.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=698ec3151c4b7b977f66126b

Tags:

autorun dropper shell sage

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm borland_delphi fingerprint packed packed packed unsafe upx

Link:

https://www.filescan.io/uploads/698ec315930564ff3c9eb135/reports/ff5c9ce8-68db-4a15-ba09-c6ad95a6cf9d/overview

Verdict:

Malicious

Labled as:

Fragtor.Generic

Link:

https://www.hybrid-analysis.com/sample/7ce7dd2c8f694f2dd4f5571e8e294508cc81aa0f04fdcfaded9c1a27c44895f4

Result

Gathering data

Verdict:

Unknown

File Type:

exe x32

First seen:

2026-02-13T03:12:00Z UTC

Last seen:

2026-02-13T03:16:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/7ce7dd2c8f694f2dd4f5571e8e294508cc81aa0f04fdcfaded9c1a27c44895f4/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/c9d8012c-53c9-43bb-9e15-119b7f8521a5

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/7ce7dd2c8f694f2dd4f5571e8e294508cc81aa0f04fdcfaded9c1a27c44895f4

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/7b64208e56baf5066faf85039275f85b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7ce7dd2c8f694f2dd4f5571e8e294508cc81aa0f04fdcfaded9c1a27c44895f4/

Threat name:

Win32.Malware.Heuristic

Status:

Malicious

First seen:

2026-02-13 06:15:31 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

10 of 37 (27.03%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ptt52lepnfhs3vhvk4pi4kkfbdgidkqpat647lpntqncprcisx2a._file

Result

Malware family:

n/a

Score:

5/10

Tags:

discovery execution persistence upx

Link:

https://tria.ge/reports/260213-g4y9tses8h/

Behaviour

Scheduled Task/Job: Scheduled Task

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

UPX packed file

Unpacked files

SH256 hash:

7ce7dd2c8f694f2dd4f5571e8e294508cc81aa0f04fdcfaded9c1a27c44895f4

MD5 hash:

7b64208e56baf5066faf85039275f85b

SHA1 hash:

28e29c31c8c0c0f9e08cfba96bb82beddbcb70c8

Link:

https://www.unpac.me/results/0403beb3-dfe2-40f7-bfc7-8406f8160045/

SH256 hash:

53837616a1823a6de61d2e9374bb3e73791b22d78693e12365c013cc3a60ca3c

MD5 hash:

d1a1d9e742990b5027f489f2aaadbd3c

SHA1 hash:

6f69ed2c030e707cf6ec1ce0dd78bd45e6389792

Link:

https://www.unpac.me/results/0403beb3-dfe2-40f7-bfc7-8406f8160045/

SH256 hash:

cf6a96a3d5f4a41f7087caec1e4fe86cac1e30a35f57ab7c31d92f050878e349

MD5 hash:

8bf8ed302b9607fff95ae68d8f14f84f

SHA1 hash:

131b0435290b6a04b95cb82d565fea41b2ef3210

Link:

https://www.unpac.me/results/0403beb3-dfe2-40f7-bfc7-8406f8160045/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Borland Create hunting rule
Author:	malware-lu

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

Rule name:	UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser Create hunting rule
Author:	malware-lu

Rule name:	UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser Create hunting rule
Author:	malware-lu

Rule name:	upx_3 Create hunting rule
Author:	Kevin Falcoz
Description:	UPX 3.X

Rule name:	upx_largefile Create hunting rule
Author:	k3nr9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 7ce7dd2c8f694f2dd4f5571e8e294508cc81aa0f04fdcfaded9c1a27c44895f4

(this sample)

exe cf6a96a3d5f4a41f7087caec1e4fe86cac1e30a35f57ab7c31d92f050878e349

Cape

https://www.capesandbox.com/analysis/53192/

Dropping

SHA256 cf6a96a3d5f4a41f7087caec1e4fe86cac1e30a35f57ab7c31d92f050878e349

Dropping

MD5 8bf8ed302b9607fff95ae68d8f14f84f

URLhaus

https://urlhaus.abuse.ch/url/3776832/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample