MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e645a6143a2ce1ce7db369dab07f24095485fcccbe345033f604f1a524b974f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Vidar

Vendor detections: 2

Intelligence 2 IOCs YARA 39 File information Comments

SHA256 hash:	7e645a6143a2ce1ce7db369dab07f24095485fcccbe345033f604f1a524b974f
SHA3-384 hash:	f6bfc04e5c962c51b59b781a29252059873d3c4748b6a4c31efcc17bef16a044092784470695afe38e44825b991dc522
SHA1 hash:	4bbaf7eab926ca4f97f44efd4b4dd31bc699436a
MD5 hash:	38911430e097181aa24c41f0157e20c8
humanhash:	batman-michigan-cardinal-snake
File name:	AutomáticosWin-lnstaIIer.rar
Download:	download sample
Signature	Vidar Create hunting rule
File size:	20'536'494 bytes
First seen:	2026-03-31 13:22:50 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
Note:	This file is a password protected archive. The password is: 1212
ssdeep	393216:U2nqjnv8ToWdyFvr8P8XBKacS31YB9rmyVpC42LSUc1o:U2ninv898R892YLrbyzLSUYo
TLSH	T11B27331814E189C18CF27283E2774F5F50ECB4673FFD6925CEBE645468ED8E08AE6129
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	aachum
Tags:	file-pumped gratisexpert-com pw-1212 rar vidar

iamaachum

https://www.youtube.com/post/UgkxS2q1rBH1yn0fNSNfdwdSY7MkxQWiEgp7 => https://www.mediafire.com/folder/4lefd9b94ygpm/Documents

Vidar Build ID: 6f09aabbac0c817ee125dec600e16c73
Vidar C2:
https://telegram.me/p74kol
https://steamcommunity.com/profiles/76561198721902688
https://pot.codetohaven.com/

Intelligence

File Origin

# of uploads :

# of downloads :

150

Origin country :

File Archive Information

This file is a password protected archive. The password is: 1212

This file archive contains 139 file(s), sorted by their relevance:

File name:	coachmark.png
File size:	512'349 bytes
SHA256 hash:	63cc41fa1e8006193905ffff29e8591d920fa3efd1d8e643caa7fa25d6e70f8b
MD5 hash:	f3697339c01d81b89c13b3409488c720
MIME type:	image/png
Signature	Vidar

File name:	sqllang.dll
File size:	25'967'192 bytes
SHA256 hash:	f51cf85cfe31f0b447ad5d6000d176b64de50b5e7a09a0af9f59c0a23cbc729c
MD5 hash:	29f692b545d0493d4d2257439c6969e7
MIME type:	application/x-dosexec
Signature	Vidar

File name:	SqlPackage.exe.config
File size:	803 bytes
SHA256 hash:	811e339d7dba2ae86d54101a98a29d8ac8606d770f312d0e70026f34727b0095
MD5 hash:	ffe0695e7763fdb4feabf9fc57681c5f
MIME type:	text/xml
Signature	Vidar

File name:	Microsoft.Data.Tools.Schema.Tasks.Sql.11.resources.dll
File size:	25'576 bytes
SHA256 hash:	26bd54cdea64076a8d0218a2de4b4027cfb214b8e8ed2af07b666afdba06f98f
MD5 hash:	4853a157fce27514d39aa95677473028
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.ServiceBrokerEnum.xml
File size:	6'177 bytes
SHA256 hash:	e63fd633020b5bd198fab9f70ffcfe5307bc36e46cbd2e84492b6037288191b4
MD5 hash:	8b9153e2f28f69dfd5c700c717dfc5a0
MIME type:	text/xml
Signature	Vidar

File name:	CreativeCloud_icon.svg
File size:	1'366 bytes
SHA256 hash:	e6ea0ed1b3b944efaec9db8a460c80b17f3a9615d62e480abe27f11f193f4970
MD5 hash:	6a64e1497b1b02f66585f92cb447214a
MIME type:	image/svg+xml
Signature	Vidar

File name:	sqltses.dll
File size:	8'154'200 bytes
SHA256 hash:	ab859a1d945cb99e2e52e218ef442234d1436f9aa9a81b76ebf85068ccdebc05
MD5 hash:	344479af61cacc9c64bca055297afec1
MIME type:	application/x-dosexec
Signature	Vidar

File name:	IA2Marshal.dll
File size:	78'848 bytes
SHA256 hash:	70db8976911089b12d584faa1bc48cbbccffa8e79afc70273cc4a8352a0dc615
MD5 hash:	31fcd15b9a06ac591b130921b0b006c8
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.SmoExtended.dll
File size:	232'536 bytes
SHA256 hash:	82e20463ecbe2eb8d1439a7d5bb98eddfdbeb40ce49347c9cd8df199ae7d3079
MD5 hash:	9cacccbbdf4d35ebea8344779ed7130a
MIME type:	application/x-dosexec
Signature	Vidar

File name:	MissingLinkedElement_Light.svg
File size:	1'035 bytes
SHA256 hash:	939148072ad83c2e2654434872629f63fba42d54fc0d490fa6959cab9c190e4d
MD5 hash:	6b734b0cd51b85dd6ff9346b90bbab8e
MIME type:	image/svg+xml
Signature	Vidar

File name:	ScrollUpArrow_lighter.svg
File size:	510 bytes
SHA256 hash:	57d6656956b4394e3d2ce980869023e924640b23906895f1e33b1a44a9838a29
MD5 hash:	8bb0b63065fc6aebaab0b8a8b517ee7e
MIME type:	image/svg+xml
Signature	Vidar

File name:	sqlncli11.lib
File size:	6'592 bytes
SHA256 hash:	ff52761730b58b81857dfe330bb240b90e948910025d92eb3369eae3af18f8fa
MD5 hash:	1fa6ee9c2e84b4a46127df1af4c09b7d
MIME type:	application/x-archive
Signature	Vidar

File name:	Microsoft.SqlServer.ConnectionInfo.dll
File size:	171'096 bytes
SHA256 hash:	d8a81e198a721ad8baaab4e4f90103a8407965454ca4ff46c966e9b0d948526d
MD5 hash:	72b11c28883297caafe65e7812266375
MIME type:	application/x-dosexec
Signature	Vidar

File name:	sqllangsvc.dll
File size:	52'312 bytes
SHA256 hash:	b5108ecfc1dd73e8023d609d5edd8e6dbc5279991a0ae1628f0ca2932b61010b
MD5 hash:	fe645bdecf22601e9fdc293aed23ba0c
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.Dmf.Adapters.resources.dll
File size:	40'024 bytes
SHA256 hash:	5efb3de427e369bdbdadb01d7f8f72f4d76a086b68af148e8771b43303b99a53
MD5 hash:	6547e53eff377a7fe5927150db6894e9
MIME type:	application/x-dosexec
Signature	Vidar

File name:	MissingLinkedElement_Dark.svg
File size:	1'054 bytes
SHA256 hash:	16f2efcbb0246a503a86f50b8f966fc250a72a8ab8c3736bc0cf79cd7ed957d7
MD5 hash:	29f044467dde443be87dcdf7518f9b9c
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.Management.XEvent.resources.dll
File size:	48'216 bytes
SHA256 hash:	b0be14db54d5416c19214a9d134f611dd100871cdc8d2639cb2fa123b09de8f9
MD5 hash:	aeaf10add3973e83f837fca0b228d849
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.Management.Utility.resources.dll
File size:	72'792 bytes
SHA256 hash:	3b3283f8813584aef08a8c1267821f50e0b781a1a01ce64e4dc3c92924434962
MD5 hash:	3f6240a971fe3591c283f75ed6214dd7
MIME type:	application/x-dosexec
Signature	Vidar

File name:	qtmultimedia_m3u.dll
File size:	34'584 bytes
SHA256 hash:	dae45e4b553bdb471bb97b75060829d78f98dd824ebd765ceb9347af7697addc
MD5 hash:	e5edd622c8db0f7caca1fc1bd58a0c48
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.Data.Tools.Utilities.resources.dll
File size:	30'608 bytes
SHA256 hash:	78a34f5c3644894c5d99e8c37d769252105f08c5522c20aba33c259d42373430
MD5 hash:	8ddb03bc77e767df5a18f3c42cb72409
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.RegSvrEnum.resources.dll000
File size:	22'104 bytes
SHA256 hash:	376ae73797be14f549dd624c42cb2fc912668edd30fd65e2e2525b884020ba03
MD5 hash:	c9cbba1cad4aa5a26387e74636fb81c3
MIME type:	application/x-dosexec
Signature	Vidar

File name:	scroll_triangle_up_dark.svg
File size:	499 bytes
SHA256 hash:	61a32cad395d42a95e21df9d8a0e01b01ce6f538068a8a1f2359f84f80e07a8d
MD5 hash:	e8adf0e474a5848212311147654fd4c9
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.TransactSql.ScriptDom.Resources.dll
File size:	39'000 bytes
SHA256 hash:	1a7b8128d6ac2c1338c999d9fbceffe41de1a258ef348885943c08276b4e46ad
MD5 hash:	8f6441e89bc570ef2a2f70ce84503823
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.WmiEnum.dll
File size:	56'408 bytes
SHA256 hash:	e57d10b38aba9ed41f17409e5478554674bf92382991581436325d6ad3dc00fb
MD5 hash:	d576355d5dd6e02dd2c683fc67b6b3c2
MIME type:	application/x-dosexec
Signature	Vidar

File name:	NewUserEmpty_light.svg
File size:	2'728 bytes
SHA256 hash:	488e48d504cff2f5c9d589c11ff4226bb64db3da5aa59bbbb2652a434d0cb2ec
MD5 hash:	d5a58cc52c3244bdc70039ab96dd415d
MIME type:	image/svg+xml
Signature	Vidar

File name:	ScrollUpArrow_darker.svg
File size:	510 bytes
SHA256 hash:	c4013e0df4edcffc65859194176d683d6bd740a3d45d6aeac964d5cfaa0ce4d5
MD5 hash:	b34c2f03e784153382757df0fa260b1f
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.TransactSql.ScriptDom.dll
File size:	2'380'376 bytes
SHA256 hash:	4efdc459492b8a3ede761cb733f7d69a0dc94215f94812542741110f40abd094
MD5 hash:	515a692785f4f9a59ed8174cf2f7b3e8
MIME type:	application/x-dosexec
Signature	Vidar

File name:	aiff_filetype_256.svg
File size:	3'671 bytes
SHA256 hash:	9a828e56cb6632d867ace968b66b337ab4d574ca3f67f5b2f55d85865ce6eb61
MD5 hash:	ee5b7a43f1e84e8289c88aa15ca6a116
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.ConnectionInfoExtended.xml
File size:	71'527 bytes
SHA256 hash:	af62e11a7e65b0d168a36bf350f05d8ba19f583f97f8730f7e10b59fe20ef54b
MD5 hash:	dc0173e14682196f8efc27b79074affd
MIME type:	text/xml
Signature	Vidar

File name:	Microsoft.SqlServer.Management.Utility.dll
File size:	330'840 bytes
SHA256 hash:	bea7f1daf7be52b25eecc290f7c493b1d6dbc105d47ac8a688b048e9c8ed3876
MD5 hash:	8364112dd878e1431ba9ec985cc29930
MIME type:	application/x-dosexec
Signature	Vidar

File name:	NewUserEmpty_dark.svg
File size:	2'725 bytes
SHA256 hash:	a41c4492dfba858f85e90cc6ec78132c67a53c3612db3a4241d509b4276ff9c8
MD5 hash:	e0b69de845834f4a42e18775209cfeb5
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.Data.Tools.Schema.Utilities.Sql.11.dll
File size:	1'201'640 bytes
SHA256 hash:	f566507f94911651b4258bcb64408c7ae748892f7c0ea1782ef358c73027e193
MD5 hash:	725d060649c1b9727f45d9c712c5a915
MIME type:	application/x-dosexec
Signature	Vidar

File name:	icons.svg
File size:	114'069 bytes
SHA256 hash:	d2a3bf87819506c2c753d13da43b9a21bf2aed71f040fb2e0cac8ddac4fd010b
MD5 hash:	1ba23cdfb7059c77db84c52342ece3ba
MIME type:	image/svg+xml
Signature	Vidar

File name:	SqlUserInstance.rll.mui
File size:	28'248 bytes
SHA256 hash:	e6d60c5b7eb4ad78d1eeb5ed06039e769bdb77d1f91935dce75cf6cce99a8fa3
MD5 hash:	86d55bd2bace7a81239146494e573ed1
MIME type:	application/x-dosexec
Signature	Vidar

File name:	xe.dll
File size:	409'176 bytes
SHA256 hash:	0ec09cd7d58aeb260fe82ca79ad16c353d7053a665d98f4deb26eba5e2b6e9d3
MD5 hash:	063ca314262d277a92189028a9e094fd
MIME type:	application/x-dosexec
Signature	Vidar

File name:	ScrollDownArrow_darker.svg
File size:	513 bytes
SHA256 hash:	d5b9c4e856cfe146aba59ad8654a757f68333ef766692a0a762e2fc84edb4aff
MD5 hash:	9de5f6c80862b02ebdaf5586048dbaa1
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.Management.Collector.xml000
File size:	77'710 bytes
SHA256 hash:	7a5a288d52896d3a0dc0cb042053ff9fe2a78004e3e43c4ccdb01dcbff7fbb14
MD5 hash:	af5f85be422b5b0552d5a484039a521d
MIME type:	text/xml
Signature	Vidar

File name:	Redist_TSqlLanguageService.txt
File size:	25 bytes
SHA256 hash:	b574e73c5c3f65df0099e958fc5b9959738daae7b2b8854e78815ccb08f564a8
MD5 hash:	975f1a1e9506cb4ecf67908349f93d70
MIME type:	text/plain
Signature	Vidar

File name:	License_SQLNCLI_ENU.txt
File size:	14'310 bytes
SHA256 hash:	9cfec87cb1fe913126aa50811a09d34f494d9917b2958ed2b9056744aed26a35
MD5 hash:	3666ab3b60d527211ba53203bef9f911
MIME type:	text/plain
Signature	Vidar

File name:	GroupOnboardingBackground_CCD.png
File size:	288'564 bytes
SHA256 hash:	b5cc8307253d273aa5d89cfed2e216ec9a47db41f52fc1b15a8cc4790933efb1
MD5 hash:	5fc4323989820ca53d5e7ec7ddb5975a
MIME type:	image/png
Signature	Vidar

File name:	Microsoft.SqlServer.RegSvrEnum.dll
File size:	85'080 bytes
SHA256 hash:	84aa625ce6e72edc3a6c59630117ef35ef4951f53f828a96026dba10b653e1fa
MD5 hash:	67373cc732008e4994d7cfa9394cb0e0
MIME type:	application/x-dosexec
Signature	Vidar

File name:	sqlos.dll
File size:	24'152 bytes
SHA256 hash:	c8fe018e57adbb1a5328192e8e9be4a5eb15829ff5ab2713b00c6be7dca98e1e
MD5 hash:	d5678b23d062bd0acdc4b6d9e88c9585
MIME type:	application/x-dosexec
Signature	Vidar

File name:	scroll_triangle_right_dark.svg
File size:	509 bytes
SHA256 hash:	102aaea163b7253f2267cb0a2276e2f8bc50659623a25f510ef4afed69c4a810
MD5 hash:	3aba77de82ba18a43c5667fdb1e75039
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.SqlWmiManagement.xml
File size:	107'118 bytes
SHA256 hash:	60cbfcb1f4c55b80e8c7a6bc249380e918dcd1ae5c8f92ce5807b3661bc95ee0
MD5 hash:	3160c8e820e8c8c02b2575b9246a01af
MIME type:	text/xml
Signature	Vidar

File name:	sharedmanagementobjects_keyfile.dll
File size:	23'640 bytes
SHA256 hash:	f7e5cae32e2ec2c35346954bfb0b7352f9a697c08586e52494a71ef00e40d948
MD5 hash:	5e54cb9759d1a9416f51ac1e759bbccf
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.SqlEnum.xml
File size:	847'393 bytes
SHA256 hash:	1d5ff14ea0baf17b2a1dbc9d0ebd768ba0234bfb9c75d2d42cb73ee833e4e082
MD5 hash:	aa8dde32613cb1ca52c25a52da397c15
MIME type:	text/xml
Signature	Vidar

File name:	aif_filetype_256.svg
File size:	3'391 bytes
SHA256 hash:	363fbc62ff46d1462e1d74c4446e4bddefcf2616d32114cacb2cb59203c797d9
MD5 hash:	7e407b4f280ece8797ac13c8a278c71e
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.Management.UtilityEnum.xml
File size:	156 bytes
SHA256 hash:	5ba31a46176fb73a065ec88fcad2058ceafff5000af329cd88e61923d5be0817
MD5 hash:	da938c42876ddba8011792eb7df56ad9
MIME type:	text/xml
Signature	Vidar

File name:	Microsoft.SqlServer.WmiEnum.xml
File size:	6'363 bytes
SHA256 hash:	fea48685c688b7e014b0bdcf81b4b199fef07d400d6abddf94d6f89066dddd8b
MD5 hash:	bf6781f6b0d3140443c7d6692b22e41e
MIME type:	text/xml
Signature	Vidar

File name:	Microsoft.SqlServer.Dmf.xml
File size:	667'167 bytes
SHA256 hash:	696e051ef2ce74216db8dc6c4f02781e282d9b468afa466904f331134d0305f6
MD5 hash:	d46ab0c0c89152b70920c989fc3bc55e
MIME type:	text/xml
Signature	Vidar

File name:	Microsoft.SqlServer.SString.dll
File size:	44'120 bytes
SHA256 hash:	e72db19c34536428706409e1e5c4bb41e8d22492d6076854f565db19fa6c3b19
MD5 hash:	5441b981c0893e8f5766257bbb85170a
MIME type:	application/x-dosexec
Signature	Vidar

File name:	SqlUserInstance.dll
File size:	153'688 bytes
SHA256 hash:	b62fab3be134e7765720c0eb579be5a65ae719771b1e39c14ac39958d554b90e
MD5 hash:	423671a408eedd5e51f4d4f6a3de4589
MIME type:	application/x-dosexec
Signature	Vidar

File name:	sqlncli.h
File size:	175'473 bytes
SHA256 hash:	c456a690db999e90100b20ba464ba06670310fc16959553cd6991ff411387b67
MD5 hash:	e18728306ff50e10128b78b1996c8fec
MIME type:	text/x-c
Signature	Vidar

File name:	checkerboard.png
File size:	1'905 bytes
SHA256 hash:	12ef1bb525527de9fdcfde40982cf46fce7f5f2d93005e35ee732770b2aac59a
MD5 hash:	9a9c60039ea575ee17e75bc9d6d4ecbc
MIME type:	image/png
Signature	Vidar

File name:	mp3_filetype_64.svg
File size:	3'638 bytes
SHA256 hash:	9db3c0792df964c18bf1ba19c5d42ec17d339d15b98f5ed793027d8d9a0fc632
MD5 hash:	30049e2cf1eb9f4b46db7068ea615361
MIME type:	image/svg+xml
Signature	Vidar

File name:	scroll_triangle_right_light.svg
File size:	524 bytes
SHA256 hash:	389cb8ec31bd7644d8bc86b3285e41bb76d697f2115ac19c77a07947b1255ee2
MD5 hash:	dfddf884b7c890b4d3eb62904ede2fac
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.Management.UtilityEnum.dll
File size:	64'600 bytes
SHA256 hash:	96a9d99d31c5190e3880a7e9d6961cd4996cc76d5a3d560d1fb9c558228fc807
MD5 hash:	85730af402ff84288706edb626e726fa
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.Data.Tools.Schema.Sql.dll
File size:	7'321'984 bytes
SHA256 hash:	4766b371110ea2677d3338ce6d70a08857076419c8e28c660eb274e15c74baea
MD5 hash:	a63b6868f74d9d5217a6403ff6d431c2
MIME type:	application/x-dosexec
Signature	Vidar

File name:	wait_32.gif
File size:	613 bytes
SHA256 hash:	e1f054e0b00ecc690bbe35a8f945db9b50f1c0ff55df376dfe6d5e3ba4064f24
MD5 hash:	65d6cf08fe060e6d6e81d22d7eaac66b
MIME type:	image/gif
Signature	Vidar

File name:	Microsoft.SqlServer.Management.RegisteredServers.dll
File size:	89'176 bytes
SHA256 hash:	1bf101e47535042c85354c0fede653d6363b0742858375000cff3371e0eeb503
MD5 hash:	e4a0bd5bd0b815998e91740e528d0cd1
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.Management.CollectorEnum.resources.dll
File size:	44'120 bytes
SHA256 hash:	22ee683d767ab6db0720368f492a702df0bf66508b4ab4f20cb5aa0d1439b3c8
MD5 hash:	d635bf17d8e0d92cf5e241986013e81a
MIME type:	application/x-dosexec
Signature	Vidar

File name:	lssyscat.dat
File size:	1'051'559 bytes
SHA256 hash:	7cb429032be391e6f01065bb772aaf00f979ce7f1766b71d541fa53c58988f27
MD5 hash:	8079e21b5980d3089761d2366d1c0828
MIME type:	application/octet-stream
Signature	Vidar

File name:	Microsoft.SqlServer.SqlEnum.dll
File size:	1'317'976 bytes
SHA256 hash:	08b6bc199d9fbe5720906cc2dcac17ca7f18154f1254299c0b278caa20be537f
MD5 hash:	443d02f94074380ae287280cdf9d7d03
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.Management.Sdk.Sfc.resources.dll
File size:	162'904 bytes
SHA256 hash:	b8d37fadc38ad42c60a001f2e1068f1cf60678a2325a53f73b46563e3c1d314c
MD5 hash:	f5c22ca3d5b02e055be2c2ce3a9db1e7
MIME type:	application/x-dosexec
Signature	Vidar

File name:	mp2_filetype_256.svg
File size:	3'901 bytes
SHA256 hash:	ed45766d88e40e8212ff97f9478dd5c78c524f9a244a10753cf69dc9bfe565e3
MD5 hash:	88e515457918562ee5bb153c2c08d04e
MIME type:	image/svg+xml
Signature	Vidar

File name:	Engine_x32.dll
File size:	110'592 bytes
SHA256 hash:	bb77efde7a4596b880cb995f863f371ae212736a9cc694ea093dff5bcf6a6c67
MD5 hash:	4f2712e0d78459a1e9d9940015505b52
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.ServiceBrokerEnum.dll
File size:	56'408 bytes
SHA256 hash:	a22480335f902f373444900d424563df8ee7fe87092c48edcf96ce0c66e2de9a
MD5 hash:	ea2fb6ee4e5da5c05315f80ef4b66db2
MIME type:	application/x-dosexec
Signature	Vidar

File name:	localdbxeventconfig.xml
File size:	1'474 bytes
SHA256 hash:	93185d3e7a527c760f2e9b98704b8c93ae7a7e30ad52dfb21f1e1ea5238be7e2
MD5 hash:	e880d4f5587eb5d0aaa1b3e9b6a67df1
MIME type:	text/plain
Signature	Vidar

File name:	captureCoachMark.png
File size:	149'625 bytes
SHA256 hash:	73ab10ea9765774e600fe6ef7eb2ada4ab1e9d667e1033e0df954fa62c4136c9
MD5 hash:	f189acfc03efc50de1d1e8c86c5c9d30
MIME type:	image/png
Signature	Vidar

File name:	unlock_coachmark.png
File size:	133'116 bytes
SHA256 hash:	2e0d1bd80adbff7c04a1c18eb077b4976963f2f65744fc500b727a15294b13db
MD5 hash:	f1e14fb7a3c338b043fe533f02f45caa
MIME type:	image/png
Signature	Vidar

File name:	SqlPackage.resources.dll
File size:	21'864 bytes
SHA256 hash:	17986b87648aa39be2f8aa72e6e5c9ab5c5a8ed64721935828c8dae756532802
MD5 hash:	5c86fde3a87a62f04b51a247d5f2bb9c
MIME type:	application/x-dosexec
Signature	Vidar

File name:	License_TSqlLangSvc.txt
File size:	18'084 bytes
SHA256 hash:	80a47b479eaa4807a7a0fad4398b65fa830542802e00b9293660107a091d8aae
MD5 hash:	015500391eecb049e857b8b354bb8aa9
MIME type:	text/plain
Signature	Vidar

File name:	License_DACFx.txt
File size:	13'606 bytes
SHA256 hash:	fba02491e20b9de7ed50476145904f4a130aa2ad6de15c4e55b63368263f6fe8
MD5 hash:	5331bac43e1da20a9cf5b9bd4ee4f83a
MIME type:	text/plain
Signature	Vidar

File name:	Microsoft.SqlServer.Management.Collector.dll
File size:	101'464 bytes
SHA256 hash:	9d237665f3f1d3d0b185ec263e35d576a6ff48eec8274de24bb5432032c7ebef
MD5 hash:	580448288c249572eefc0c18f9f85ebe
MIME type:	application/x-dosexec
Signature	Vidar

File name:	SqlPackage.exe
File size:	91'480 bytes
SHA256 hash:	8a29cbbbf112c486f1feb29fd5a1d86bd0a4fb5682ef8600e53f5e83eda0c1a0
MD5 hash:	bc23d166645b4b3aae2c197f7267ed89
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.Management.Sdk.Sfc.xml
File size:	1'152'941 bytes
SHA256 hash:	6a63f6462d698253d0a95387d278ee0cc2ec57af45a47c11a9f109246913b61c
MD5 hash:	cbc260866772459c24f03ed7bd79eb22
MIME type:	text/xml
Signature	Vidar

File name:	Microsoft.SqlServer.Management.Collector.resources.dll
File size:	26'712 bytes
SHA256 hash:	d49808ccc6685f911296f498b82aa56ae2e27ebd191ee52cb01c43baa51de92c
MD5 hash:	d829449eef017a0c9c777e3063cda7da
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Redist_DACFramework.txt
File size:	18 bytes
SHA256 hash:	16f191e6355d32099b7f25945270f621bef6f92b3e5c1da178bc21e60912b470
MD5 hash:	1f2cb924ab7c6c964d77c6a61098ff57
MIME type:	text/plain
Signature	Vidar

File name:	Microsoft.SqlServer.DmfSqlClrWrapper.xml
File size:	1'710 bytes
SHA256 hash:	a85e832209133d641ea1d4ab163a7e1e4d98af4bfeb2f87b8a1887835e3ec7c3
MD5 hash:	cc99959805117ad3f6c38a7cd91d7779
MIME type:	text/xml
Signature	Vidar

File name:	libEGL.dll
File size:	40'432 bytes
SHA256 hash:	d76600edf7a39ee7656f8b49c78d11f82cf9e14c70f9897c863e8933b913ce4d
MD5 hash:	ebc5d564cc5d116bbf21a2e00d4fcc96
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.Data.Tools.Prototype.Dac.Service3.dll
File size:	89'576 bytes
SHA256 hash:	1749d4bcf7c722fca432a7b16e05ca232f9f9e53a6cf9f24eea6be4900d69b5f
MD5 hash:	153adbe7f8fb93f0b5b294f5a4f28928
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.ConnectionInfo.xml
File size:	177'290 bytes
SHA256 hash:	e42e07d5da0b682b1dbfed487bbb443fb50b9a52de67d4055c2182b3ea1061ad
MD5 hash:	405026dc487bd5fc0c3ee23fea55fd72
MIME type:	text/xml
Signature	Vidar

File name:	mpga_filetype_64.svg
File size:	0 bytes
SHA256 hash:	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
MD5 hash:	d41d8cd98f00b204e9800998ecf8427e
MIME type:	inode/x-empty
Signature	Vidar

File name:	Microsoft.Data.Tools.Schema.Tasks.Sql.11.dll
File size:	154'600 bytes
SHA256 hash:	b882a90871bf2d7c9f04a716ad80887b26010066438f1d8eada2a19d37b132f7
MD5 hash:	33ff7073db9201f345351046c93ce196
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.Data.Tools.Utilities.dll
File size:	441'216 bytes
SHA256 hash:	67bf75f01f05c3513eaf0b8c59ba7af2f3c6d16683e35e60611682a3cee11be4
MD5 hash:	ee9325bbffd98406a70232f94d46fa66
MIME type:	application/x-dosexec
Signature	Vidar

File name:	mp2_filetype_64.svg
File size:	3'599 bytes
SHA256 hash:	07344daf0352c16f39746efbd632db9c158efd1a801958bfc3eac39df2652b0f
MD5 hash:	1b33adfab9a1322bf615d7c5f37b3d91
MIME type:	image/svg+xml
Signature	Vidar

File name:	GroupOnboardingGraphic_CCD.png
File size:	154'843 bytes
SHA256 hash:	2cad134452e77c9f25a23fbad663e2f0d8bdbe7fc0155d85b64ff5ad9fcc82d1
MD5 hash:	10615aea053a64f4e10e0b33cbfdfbc4
MIME type:	image/png
Signature	Vidar

File name:	Microsoft.SqlServer.Dac.resources.dll
File size:	17'288 bytes
SHA256 hash:	a5e4e0f7d05602e3b387d4ce63d05505f03e7ab9df0eb22be9c9c36e63f0b654
MD5 hash:	1380d31a38e427c150e727cfb28cf792
MIME type:	application/x-dosexec
Signature	Vidar

File name:	ScrollDownArrow_lighter.svg
File size:	513 bytes
SHA256 hash:	740b0c8374faadd98639b72a76ae9e238df2d7221f85f92c6618b90b5dc146df
MD5 hash:	392596491d185d364db9f745a40a7627
MIME type:	image/svg+xml
Signature	Vidar

File name:	scroll_triangle_left_dark.svg
File size:	509 bytes
SHA256 hash:	2a5b09c872e6e8b834d79dea8f5e05a28bbd89c983110dc37417144078ea1422
MD5 hash:	191e63f31ec5bd58ba3c20e985c084e5
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.Dmf.dll
File size:	363'608 bytes
SHA256 hash:	6a8da5ec5ce0306cd94cca8bfaf2619aa935dbf8674045b3a6a0f1633f39b741
MD5 hash:	ecc11d792b3a559ed1f205db294538ac
MIME type:	application/x-dosexec
Signature	Vidar

File name:	ScrollDownArrow_light.svg
File size:	513 bytes
SHA256 hash:	9160f4307df3a3226b3e43c1a94fa5d3d948aebe8374fc589445113a9b123a03
MD5 hash:	e3ea7f7f1e30adae593120641bc99255
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.Types.Resources.dll
File size:	56'400 bytes
SHA256 hash:	4ee9253f96926c3aeced3f0228aa6540e651885294c9206ea9b790af128ed597
MD5 hash:	338f6249d89d1f08a492a61d9100ab1d
MIME type:	application/x-dosexec
Signature	Vidar

File name:	DacUnpack.exe
File size:	169'048 bytes
SHA256 hash:	8e9dd45d81352c2fe6f6b6ab124ae81d2b6485dba434bd59cfe8ce44f7628b24
MD5 hash:	3f5874528a7d93afd12e0fc8fed57eba
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Léame.txt
File size:	93 bytes
SHA256 hash:	4d2a46ad9f541d4cc2ec8c88a9b5b77de268931205ba472dae3be71c1c5d2f9a
MD5 hash:	7de0065545100f4f789f39e60f9b5854
MIME type:	text/plain
Signature	Vidar

File name:	sqlsysclrtypes_keyfile.dll
File size:	13'664 bytes
SHA256 hash:	c51a51d4e3734765d1352dbf09511e49a2773b3d6bd9a704ee664fb8e3059e42
MD5 hash:	166a4eb063fbff4d85b7647b9b3819b0
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.ConnectionInfoExtended.dll
File size:	109'656 bytes
SHA256 hash:	6e034250b84721dd48cf90eb8b62dabc2a341a340ef7b7061cb4f5050a563628
MD5 hash:	2af76f89fb11cd819f2fb2b7247a6898
MIME type:	application/x-dosexec
Signature	Vidar

File name:	sqldk.dll
File size:	1'641'048 bytes
SHA256 hash:	5ab3dfd1f5c303688593e8779dca3fdeb3075647cc675df4d3a23a0a3f90f84d
MD5 hash:	9284cdf83b7b75720344b616864e8766
MIME type:	application/x-dosexec
Signature	Vidar

File name:	DacUnpack.rll
File size:	136'280 bytes
SHA256 hash:	3e2c37784cc2a3a145bb2b94c7ec3d1c807376ccc849af6dc2e6b44177972c4f
MD5 hash:	12c01da8b06e337f27379286e0cc9955
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.Dac.dll
File size:	166'256 bytes
SHA256 hash:	66f00aa86086642962121fddb44b0c0d44e751b94e67e13136e11045340c45c6
MD5 hash:	a1c9840db0a92154bf04bfe16dceed7a
MIME type:	application/x-dosexec
Signature	Vidar

File name:	m4a_filetype_256.svg
File size:	3'834 bytes
SHA256 hash:	743a5d558dff401bfc553a5159c0cff47787bc3ddf9807807ad3e06ef26acea1
MD5 hash:	cac342da76beab2cf600fbbd914b0088
MIME type:	image/svg+xml
Signature	Vidar

File name:	scroll_triangle_down_light.svg
File size:	516 bytes
SHA256 hash:	3033ac4784bacfd61446b7c027684b629fa1e474b98fcdd5c80917cc10803d4b
MD5 hash:	5c88ec9626b7a838cb5adca88c2411fc
MIME type:	image/svg+xml
Signature	Vidar

File name:	SsdtCompatibility.xml
File size:	143 bytes
SHA256 hash:	ad528ac2cfd8ed91d21630b0704a48a2329384a30742c1a64dba507601041a17
MD5 hash:	c0b33b632c771ed5aca8dd8f4fc3bcf8
MIME type:	text/xml
Signature	Vidar

File name:	scroll_triangle_down_dark.svg
File size:	499 bytes
SHA256 hash:	0ba7c10647e9cfd14c371132d8d6950511c90add3bf3378653a28909bc13a928
MD5 hash:	3f914cc186c1bcfc00f0c8da97602971
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.Management.XEvent.dll
File size:	162'904 bytes
SHA256 hash:	6d5fe7ba1077e37ec47e87b82d68bd49cc614faef72ab36d31b322e5b2bbe9bb
MD5 hash:	9b7a765ce1bdebb515690e72991488a7
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.SmoExtended.xml
File size:	213'675 bytes
SHA256 hash:	6e8f9b8400a81cc79e5d530de91f7924f3940340c3de6def754b193bd1ef7c0c
MD5 hash:	f03a2a39380b39cf235fade7b7305c4e
MIME type:	text/xml
Signature	Vidar

File name:	Microsoft.SqlServer.Types.dll
File size:	383'576 bytes
SHA256 hash:	36c3e5efd0731ccf5ac9a341c488b4fd14c69747f5a3f6e4cd976a7c1288b3b0
MD5 hash:	25656a196ed967bcd4b152a4073b8b44
MIME type:	application/x-dosexec
Signature	Vidar

File name:	mp3_filetype_256.svg
File size:	3'970 bytes
SHA256 hash:	a7c64f3749a8623b2ab5c5da51e82bb03a94d15d635e81589bc95cc938f0ab71
MD5 hash:	f0b0782dcadfbcb9894b6d853bd53f57
MIME type:	image/svg+xml
Signature	Vidar

File name:	instapi110.dll
File size:	48'216 bytes
SHA256 hash:	fc988b3fad95fd8ad36d829c9bfa2f36dcd517de674705a3928ad3384354f34f
MD5 hash:	f9ee4c23a7bdbbb94bbfff3da087b431
MIME type:	application/x-dosexec
Signature	Vidar

File name:	aiff_filetype_64.svg
File size:	3'414 bytes
SHA256 hash:	6ea294b41307c2d6e9def8c12d6654fec6dd39f3c9573249eb87ca17aafc28a7
MD5 hash:	ad271197a69e5ff26ce903a288a859f3
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.SqlWmiManagement.dll
File size:	179'288 bytes
SHA256 hash:	982ebc8d7c9186c7b6a181b308a540dd6cdd1fb2f874cfe5a0c100cb03838a10
MD5 hash:	9cb67c8356e30edf2607f7a21f1c972d
MIME type:	application/x-dosexec
Signature	Vidar

File name:	scroll_triangle_up_light.svg
File size:	516 bytes
SHA256 hash:	25bb13bb5a9b6028753b24e7ffc17c646a3b55fd65edd87e06c2cfeda47a49a4
MD5 hash:	349da26439a9aa4053650dffb41ce299
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.Smo.dll
File size:	3'615'832 bytes
SHA256 hash:	da94df6df6b07b0fa84923c0fea229b8fda2243b10506637d1abee066ba5a0db
MD5 hash:	62afcd9cf3d16c3e6fcfc03bb25ae4bc
MIME type:	application/x-dosexec
Signature	Vidar

File name:	wav_filetype_64.svg
File size:	3'428 bytes
SHA256 hash:	d3e40b9497b6b56be5658f90ed32b2c96f3e063ede2860961087a8397d50f0e5
MD5 hash:	798a3d2b91832928dae01c2476bb4327
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.Data.Tools.Schema.Utilities.Sql.11.resources.dll
File size:	65'000 bytes
SHA256 hash:	5e6872049b828b1a350bcf9fd5f044b8ece7b04c7b9d5459759166bfa11cd43e
MD5 hash:	c758fb67adf62e3167aacb2b2317669b
MIME type:	application/x-dosexec
Signature	Vidar

File name:	wav_filetype_256.svg
File size:	3'795 bytes
SHA256 hash:	c7b06af61a8feb4b64b08a2ec890b74cfb1b3a71192f176e8997d789d52e1d47
MD5 hash:	1b10ba762982abdf242b7f236fa39814
MIME type:	image/svg+xml
Signature	Vidar

File name:	scroll_triangle_left_light.svg
File size:	524 bytes
SHA256 hash:	dbabb6e766b93dfe01415abca826255bb434de8e1c68b80bc60c74aae04f6261
MD5 hash:	7bf67e0585675b193a124e03aedaf3ca
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.DmfSqlClrWrapper.dll
File size:	23'128 bytes
SHA256 hash:	34ff1dbf243ca29aedce198f54be68b9805edaf4716de28c8f172436e18856a9
MD5 hash:	0bdac977b6d6997ce2820b6112ba659d
MIME type:	application/x-dosexec
Signature	Vidar

File name:	LICENSE.txt
File size:	1'320 bytes
SHA256 hash:	dbfa2004255f43828428a26b226e019dd6b08b93fb3d280789945b3f4a8efdf2
MD5 hash:	85a5c1320f7e24ef7dcc9e81d2904e66
MIME type:	text/plain
Signature	Vidar

File name:	Microsoft.SqlServer.Dmf.resources.dll
File size:	56'408 bytes
SHA256 hash:	58bf3f60a6e600b818937b0f04503668258472b466ea35aecdd62e6ade2e1fff
MD5 hash:	7e649c8d1bc71af97cf8c004815b7ab6
MIME type:	application/x-dosexec
Signature	Vidar

File name:	ScrollUpArrow_light.svg
File size:	510 bytes
SHA256 hash:	f670de0a5d653e636fc1801284cd8f7057da075d551bc9e6ad5c8eab32567bc5
MD5 hash:	bc93867d4a2cfdabeeeee4953e469cc1
MIME type:	image/svg+xml
Signature	Vidar

File name:	Microsoft.SqlServer.PolicyEnum.dll
File size:	52'312 bytes
SHA256 hash:	0e5e0d084ed8de6d7160d12155701449e6b23ab3898bce9477f0dfc9491ce3b1
MD5 hash:	bd9b59cfba17d0036cff233327b0fcfd
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.Smo.xml
File size:	6'212'317 bytes
SHA256 hash:	b98e083be658dd8c1ed03e8ab546f3f6dcfaa6c1e9742f57ad6c555becac18ff
MD5 hash:	f06d9b6ad7e9099d4115000f3d56b297
MIME type:	text/xml
Signature	Vidar

File name:	Microsoft.SqlServer.Management.Utility.xml
File size:	166'192 bytes
SHA256 hash:	ef8af5a5a8df5dd376332f98abed42a774fb6f7a779cfbc55388c4ca9a155b26
MD5 hash:	5f431a4926dd446bdb8d806dd0e3fe8e
MIME type:	text/xml
Signature	Vidar

File name:	Microsoft.SqlServer.Dmf.Adapters.dll
File size:	72'792 bytes
SHA256 hash:	58089b6ef0821ceaeb84adf2fa8f77a90e418aafbd0a6ee3d28a8cd6f8a2d74b
MD5 hash:	c022fd9c28c1c415f4bd504fda03d6cc
MIME type:	application/x-dosexec
Signature	Vidar

File name:	UI.txt
File size:	6'968 bytes
SHA256 hash:	26150135b7012938737fc95971b5c93e0cbcc1c1ab5f2f3ea4f358b41b7f00cc
MD5 hash:	073da378c252e721e14fb5ac101a7c35
MIME type:	text/plain
Signature	Vidar

File name:	m4a_filetype_64.svg
File size:	3'463 bytes
SHA256 hash:	9bbd227ad8e20ff3109b05d54308b15c019e7441ba2c5a6ca03575e68654115d
MD5 hash:	8cf000e426ecbbd370090ac59cabf428
MIME type:	image/svg+xml
Signature	Vidar

File name:	DacUnpack.Resources.dll
File size:	157'272 bytes
SHA256 hash:	ce3d817e505741eb8c3fc49ff9220861967b31c7b9815f506d6e4c0946b85ce8
MD5 hash:	9b45eb935ec37a3a549c6c9cb9b6ab67
MIME type:	application/x-dosexec
Signature	Vidar

File name:	DropGraphicFiles.svg
File size:	4'728 bytes
SHA256 hash:	eef63f34e5d56f9b0cd56aa7e79e5b43ca51405e6fa332ffd3bb4dbb81d605b9
MD5 hash:	d75b221927d956d8bc1e740dd3ad68f4
MIME type:	image/svg+xml
Signature	Vidar

File name:	lgpllibs.dll
File size:	38'896 bytes
SHA256 hash:	80e043c258c7f2b00bbdb26268a7a5c4b31875f3864e0e2d71af88ba74932184
MD5 hash:	2f0cb93abebfd247176b5d0527c62ecb
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.Data.Tools.Schema.Sql.resources.dll
File size:	1'224'088 bytes
SHA256 hash:	6bba34da2e35483a00c97d48c646924eca3a8b4b6cbde847b846378ddf0e5c52
MD5 hash:	3c2137b70dbbe7628ddb60e542714b18
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.Management.Sdk.Sfc.dll
File size:	506'968 bytes
SHA256 hash:	28f0ce3aefd6ab09fae7f9bcfd8ae3a1748770eb25f5830291770c042e3a9721
MD5 hash:	3c66719f51c279c7bcacbdf9ec4a1919
MIME type:	application/x-dosexec
Signature	Vidar

File name:	SqlUserInstance.rll
File size:	18'008 bytes
SHA256 hash:	d7d10ad1711329a564b3d20345ea9e69c44cbec7e24403151d709a7b5b586b15
MD5 hash:	dabb199cb733f6236556ef45e68d2be0
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.Management.XEventEnum.dll
File size:	56'408 bytes
SHA256 hash:	7f81c53f48d114e1971bf0d53892af4595b8e9aebaa854a753f8c2a5d08ef8bd
MD5 hash:	9cbf86fbf930b0c7c13869cf61a45169
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Microsoft.SqlServer.RegSvrEnum.xml
File size:	38'113 bytes
SHA256 hash:	44a39b127b33cb8a2826dcdb405ff75478c8b2098ff5eb71aab24e0542bb6038
MD5 hash:	ae0aea529c4de1c3588e0ad5c5cde555
MIME type:	text/xml
Signature	Vidar

File name:	License_SMO.txt
File size:	37'824 bytes
SHA256 hash:	c53071322a5d6e161ef5105fbb5ee4129a848e0bcb1ecb0dbba11d351ad1cf13
MD5 hash:	839cdfa87b30840faaa1d05f3f0014b6
MIME type:	text/plain
Signature	Vidar

File name:	Microsoft.SqlServer.Management.CollectorEnum.dll
File size:	48'216 bytes
SHA256 hash:	8c6a8728609f3cd7c94f08d291593f59234a1019e930b74b2085dc849fff143b
MD5 hash:	c6e10bbbc19a9edd691882550e2aef38
MIME type:	application/x-dosexec
Signature	Vidar

File name:	sqlevn70.rll
File size:	2'894'424 bytes
SHA256 hash:	09c875779139587ede45c49cf14173d7ce1b68246471a4f5b67dad021e5085ff
MD5 hash:	35e743c24d8eda76966acf60ed8b337f
MIME type:	application/x-dosexec
Signature	Vidar

File name:	Setup.exe
Pumped file	This file is pumped. MalwareBazaar has de-pumped it.
File size:	783'263'376 bytes
SHA256 hash:	00c0b21535a5d22849af9f8498427985deede6287b9e84c3422f39f075a36981
MD5 hash:	1ae83fb3a5d0d871df4ec68ad058a3d0
De-pumped file size:	2'072'064 bytes (Vs. original size of 783'263'376 bytes)
De-pumped SHA256 hash:	3b69cb71bc5f350af14b40ea14de18df6c3913223054bae2c6936462a5e49465
De-pumped MD5 hash:	fb67d796202ea6bb8178e48ded107469
MIME type:	application/x-dosexec
Signature	Vidar

Vendor Threat Intelligence

Gathering data

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69cbcac53a18a6e1ddf007cd

Tags:

n/a

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/7e645a6143a2ce1ce7db369dab07f24095485fcccbe345033f604f1a524b974f

Verdict:

Unknown

File Type:

rar

Link:

https://opentip.kaspersky.com/7e645a6143a2ce1ce7db369dab07f24095485fcccbe345033f604f1a524b974f/results?tab=lookup

Verdict:

inconclusive

YARA:

2 match(es)

Tags:

Rar Archive

Link:

https://app.malva.re/file/38911430e097181aa24c41f0157e20c8

Gathering data

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pzsfuykdulhbzz63g2o2wb7sickuqx6mzprukaz7mbhruusls5hq._file

Result

Malware family:

n/a

Score:

4/10

Tags:

adware discovery spyware

Link:

https://tria.ge/reports/260331-qpl6dsdy8x/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/7e645a6143a2ce1ce7db369dab07f24095485fcccbe345033f604f1a524b974f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Any_SU_Domain Create hunting rule
Author:	you
Description:	Detect any reference to .su domains or subdomains

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__RemoteAPI Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerHiding__Active Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries

Rule name:	Detect_Golang_Binary Create hunting rule
Author:	Andrew Morrow
Description:	Detects binaries compiled with Go

Rule name:	Detect_Go_GOMAXPROCS Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata

Rule name:	dgaagas Create hunting rule
Author:	Harshit
Description:	Uses certutil.exe to download a file named test.txt

Rule name:	GoBinTest Create hunting rule

Rule name:	golang Create hunting rule

Rule name:	Golangmalware Create hunting rule
Author:	Dhanunjaya
Description:	Malware in Golang

Rule name:	goLangMatch3 Create hunting rule

Rule name:	goLangMatch4 Create hunting rule

Rule name:	golang_binary_string Create hunting rule
Description:	Golang strings present

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	golang_duffcopy_amd64 Create hunting rule

Rule name:	Golang_Find_CSC846 Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	HiveRansomware Create hunting rule
Author:	Dhanunjaya
Description:	Yara Rule To Detect Hive V4 Ransomware

Rule name:	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA Create hunting rule
Author:	ditekSHen
Description:	Detects Windows executables referencing non-Windows User-Agents

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

Rule name:	ProgramLanguage_Golang Create hunting rule
Author:	albertzsigovits
Description:	Application written in Golang programming language

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)

Rule name:	SUSP_XORed_Mozilla_Oct19 Create hunting rule
Author:	Florian Roth
Description:	Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.
Reference:	https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()

Rule name:	SUSP_XORed_Mozilla_RID2DB4 Create hunting rule
Author:	Florian Roth
Description:	Detects suspicious XORed keyword - Mozilla/5.0
Reference:	Internal Research

Rule name:	SUSP_XORed_URL_In_EXE Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects an XORed URL in an executable
Reference:	https://twitter.com/stvemillertime/status/1237035794973560834

Rule name:	SUSP_XORed_URL_in_EXE_RID2E46 Create hunting rule
Author:	Florian Roth
Description:	Detects an XORed URL in an executable
Reference:	https://twitter.com/stvemillertime/status/1237035794973560834

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.