MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d4b5dee59d7ae364e5ce6d74917e1eff94cd000fcf62c6f22c8cc494f98db9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 14

Intelligence 14 IOCs YARA 6 File information Comments

SHA256 hash:	7d4b5dee59d7ae364e5ce6d74917e1eff94cd000fcf62c6f22c8cc494f98db9a
SHA3-384 hash:	e4a6b1198df9620cbc740e84099a8b8c225fc5e387b7ef361063165237c1052d6f96d612d7a15a54d80cee4880e26377
SHA1 hash:	ab100eec3d3e719a6f2be77c18ab576bde575188
MD5 hash:	008b4ce967afd4768a13687e78f3e457
humanhash:	moon-kitten-connecticut-wolfram
File name:	alpha_silverfox_scanner.exe
Download:	download sample
File size:	16'707'635 bytes
First seen:	2026-01-07 05:14:00 UTC
Last seen:	2026-01-07 07:26:02 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	c58a6fdd5514cc5114ad09dc07384b11 (1 x BlankGrabber)
ssdeep	393216:4Yfhg3o85vFF9v1j665oN1ZMGXBRfemBbpc9z8qlAEOe:Dgp11xoN1bPbG9z8qm0
TLSH	T149F633032680A57FC1DEF435696A7218803C5C90CB66B38FE3E5BAF4DC65EC17660B5A
TrID	40.3% (.EXE) Win64 Executable (generic) (10522/11/4) 19.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 17.2% (.EXE) Win32 Executable (generic) (4504/4/1) 7.7% (.EXE) OS/2 Executable (generic) (2029/13) 7.6% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
dhash icon	70f89a9a9adcf871
Reporter	zhuzhu0009
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

133

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/3f6ab151-f388-4da7-a35c-af1eca15fe9d/

Malware family:

n/a

ID:

File name:

alpha_silverfox_scanner.exe

Verdict:

Malicious activity

Analysis date:

2026-01-06 22:12:57 UTC

Tags:

python

Link:

https://app.any.run/tasks/b0296a69-a35f-4ab3-8250-7f118a2db71f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

multi-family

Link:

https://www.capesandbox.com/analysis/48021/

Detection(s):

Win.Packed.Zusy-10014517-0

SecuriteInfo.com.Win32.Trojan.Agent.ALRO1E.UNOFFICIAL

Verdict:

Malicious

Score:

97.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=695debb1f50945831dfe2d13

Tags:

ransomware vmdetect extens sage

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Creating a window

Searching for the window

Сreating synchronization primitives

Searching for synchronization primitives

Creating a file in the %temp% subdirectories

Creating a process from a recently created file

Sending a UDP request

Creating a file

DNS request

Connection attempt

Delayed reading of the file

Sending an HTTP GET request

Sending a custom TCP request

Running batch commands

Creating a process with a hidden window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug anti-vm anti-vm base64 base64 expand expired-cert finger fingerprint fingerprint installer installer installer-heuristic keylogger lolbin lolbin microsoft_visual_cc miner obfuscated overlay overlay packed regsvr32 sfx short-lived-cert tracker unsafe zusy

Link:

https://www.filescan.io/uploads/695debac6c34f71773c4717e/reports/bbb98e5a-09ef-431d-bc97-7d99a422a7f3/overview

Verdict:

Malicious

Link:

https://www.hybrid-analysis.com/sample/7d4b5dee59d7ae364e5ce6d74917e1eff94cd000fcf62c6f22c8cc494f98db9a

Verdict:

Clean

File Type:

exe x32

First seen:

2026-01-06T12:57:00Z UTC

Last seen:

2026-01-06T13:30:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/7d4b5dee59d7ae364e5ce6d74917e1eff94cd000fcf62c6f22c8cc494f98db9a/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/7f7c275e-ddfe-44ef-83a5-4fe8f1e9d7b4

Score:

85%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/7d4b5dee59d7ae364e5ce6d74917e1eff94cd000fcf62c6f22c8cc494f98db9a

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.25 SOS: 0.26 SOS: 0.30 SOS: 0.31 SOS: 0.34 Win 32 Exe x86

Link:

https://app.malva.re/file/008b4ce967afd4768a13687e78f3e457

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7d4b5dee59d7ae364e5ce6d74917e1eff94cd000fcf62c6f22c8cc494f98db9a/

Verdict:

Malicious

Link:

https://tip.neiki.dev/file/7d4b5dee59d7ae364e5ce6d74917e1eff94cd000fcf62c6f22c8cc494f98db9a

Threat name:

Win32.Trojan.Malgent

Status:

Malicious

First seen:

2026-01-06 19:29:29 UTC

File Type:

PE (Exe)

Extracted files:

278

AV detection:

21 of 38 (55.26%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pvfv33sz26xdmts443lusf7b574uzuaa7t3cy3zczdgest4y3ona._file

Result

Malware family:

n/a

Score:

7/10

Tags:

defense_evasion discovery trojan

Link:

https://tria.ge/reports/260107-fw5wzafn7t/

Behaviour

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Drops file in Windows directory

Checks whether UAC is enabled

Network Share Discovery

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Verdict:

Malicious

Tags:

Win.Packed.Zusy-10014517-0

YARA:

n/a

Link:

https://app.threat.zone/submission/eb07bb7e-76a2-40d0-b916-1f7389545358

Unpacked files

SH256 hash:

7d4b5dee59d7ae364e5ce6d74917e1eff94cd000fcf62c6f22c8cc494f98db9a

MD5 hash:

008b4ce967afd4768a13687e78f3e457

SHA1 hash:

ab100eec3d3e719a6f2be77c18ab576bde575188

Link:

https://www.unpac.me/results/8c227da6-b592-4f35-80f2-21a0198d2fb5/

SH256 hash:

052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4

MD5 hash:

32da96115c9d783a0769312c0482a62d

SHA1 hash:

2ea840a5faa87a2fe8d7e5cb4367f2418077d66b

Link:

https://www.unpac.me/results/8c227da6-b592-4f35-80f2-21a0198d2fb5/

SH256 hash:

bc752ef7d3adf4ea58a02d082980cf50057de1cee5e9ca7b5ddd43fd0588b549

MD5 hash:

f2b883079770838f76640a064661f9d1

SHA1 hash:

a13cf2e2e4bcc96fdd810379d34f103e53ae7ea0

Link:

https://www.unpac.me/results/8c227da6-b592-4f35-80f2-21a0198d2fb5/

SH256 hash:

cb8c852fcc4ef55d630b64d171dc11538bb25258041ed22cf31735982a2e09e3

MD5 hash:

c334bf0e13293444c1abe63572578fff

SHA1 hash:

abf40cdab606064cadab4b3d255c5d2f7a96ada6

Link:

https://www.unpac.me/results/8c227da6-b592-4f35-80f2-21a0198d2fb5/

SH256 hash:

d204ad74dc18cd07320c8e665bd32ec6549b555ce97e61e4d3cf88437a64988e

MD5 hash:

78ce21de5b188fca28ec79febfd1ffbd

SHA1 hash:

0dada9b4e0def50e91993b626b26ba25550e8e51

Link:

https://www.unpac.me/results/8c227da6-b592-4f35-80f2-21a0198d2fb5/

SH256 hash:

e62056bee28ab094071144b47371009a6fbc162f9aea184719f2e86ed515f7f8

MD5 hash:

a934654c9f25d855091fe5b970f8e95d

SHA1 hash:

77fb3e762f51d41ed8287470308ac7fa985979a8

Link:

https://www.unpac.me/results/8c227da6-b592-4f35-80f2-21a0198d2fb5/

SH256 hash:

e6cb8b51dbd5d5b5548696e6ddf17875af73b8abd99ca1572d32b1df98028591

MD5 hash:

14a6409dc09a3ae3308227b51b52a8ad

SHA1 hash:

bb00449c403ba3b7ccf7e70ae1d4488b7f25ed57

Link:

https://www.unpac.me/results/8c227da6-b592-4f35-80f2-21a0198d2fb5/

SH256 hash:

f6a646470f0e1058224a52e8e2e217501dca46939b30bfc9a5dd4dcdd43f088d

MD5 hash:

3e8485e5896d6d89912ab66fd0038e46

SHA1 hash:

eb79ac9581a9ae19f56fff3354adb1e0257e0216

Link:

https://www.unpac.me/results/8c227da6-b592-4f35-80f2-21a0198d2fb5/

SH256 hash:

f950ce3bf381d5ffae90cf63ec9c9761f1666d9a570e2f203a7f22da6f8e14f3

MD5 hash:

49574e64cbaff0f9f1e9d26aabfe8f1e

SHA1 hash:

e5defed38027a49e30c330dc5328e26bc4e0e855

Link:

https://www.unpac.me/results/8c227da6-b592-4f35-80f2-21a0198d2fb5/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7d4b5dee59d7ae364e5ce6d74917e1eff94cd000fcf62c6f22c8cc494f98db9a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants

Rule name:	SelfExtractingRAR Create hunting rule
Author:	Xavier Mertens
Description:	Detects an SFX archive with automatic script execution

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/48021/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample