MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7efdfb08c05985a68a39a826f929dfe6fbb815f3da3ac2143ba3c778336833e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA 3 File information Comments

SHA256 hash:	7efdfb08c05985a68a39a826f929dfe6fbb815f3da3ac2143ba3c778336833e0
SHA3-384 hash:	d525e59a22c4f1bcae127444bacb5b2f8df9486455028e82ae9bc171d71622db12edb6252dec048447c747f464b0c834
SHA1 hash:	c942a9f41ee035c3941602cfa9c5af0bfb9b9366
MD5 hash:	60289fffe8f25cd1740d36dbd00a1bfd
humanhash:	skylark-steak-moon-pip
File name:	Memtest86.Pro.v11.1.1000.iso
Download:	download sample
File size:	17'000'448 bytes
First seen:	2024-11-03 09:23:58 UTC
Last seen:	2024-11-03 10:40:12 UTC
File type:	iso
MIME type:	application/x-iso9660-image
ssdeep	196608:gdshW/syiInzQaSh13SQ7AGggHdshW/syiInz:1GkcC3xAGSGkc
TLSH	T1C5075901F3FD210AF1BA6B745A7B61742E767CB5AB31C10F2254925E2AB6B409D31B33
TrID	88.5% (.NULL) null bytes (2048000/1) 11.0% (.HTP) HomeLab/BraiLab Tape image (256000/1) 0.2% (.ATN) Photoshop Action (5007/6/1) 0.1% (.ISO) ISO 9660 CD image (2545/36/1) 0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
Magika	iso
Reporter	Anonymous
Tags:	iso

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 22 file(s), sorted by their relevance:

File name:	MEMTEST
File size:	103'308 bytes
SHA256 hash:	813c46b1108342d5a63cd7e667ff5e64d2a5352aec5a903ff0c8bee1cd4606c8
MD5 hash:	eef9743a4ac5b029b8dafad4c33c949a
MIME type:	application/octet-stream

File name:	2-Boot-NoEmul.img
File size:	7'368'704 bytes
SHA256 hash:	e85a75ea55e288ef7b6e9a7d24476d410ddfa4c842e3077d58aee8216f3a38af
MD5 hash:	03a3cf7c6896c00ceb004e9789e3f481
MIME type:	application/octet-stream

File name:	UNIFONT.BIN
File size:	2'355'408 bytes
SHA256 hash:	7c66b80e6c5fe645be02e580ec9f86f8aed5508e7a9d84553c864021c9e29b54
MD5 hash:	fbfedbc9eeeced1a46a005e87550ccf9
MIME type:	application/octet-stream

File name:	BOOTIA32.EFI
File size:	1'666'008 bytes
SHA256 hash:	4f6c560687e150fb06d24b3993d71a8dd1e3014d022f32024d7d4fdf43f3bc59
MD5 hash:	c7d8b5d13420a5dd1382bb79aa0b2d34
MIME type:	application/x-dosexec

File name:	ISOLINUX.BIN
File size:	24'576 bytes
SHA256 hash:	2676dd9e6c9cedfe5082518aeb127e087c527affda04797ce32e024fbc3ae66e
MD5 hash:	35dfa40074c232ec2c0e76aacb6a8279
MIME type:	application/octet-stream

File name:	BOOTAA64.EFI
File size:	1'517'080 bytes
SHA256 hash:	3a16e9ec310ce6e5cb01082fe4bd9d8c75295c473510212cd3a01b1a3a678643
MD5 hash:	d4b3d65b31b4119d4f73fa2b4ed93227
MIME type:	application/x-dosexec

File name:	1-Boot-NoEmul.img
File size:	24'576 bytes
SHA256 hash:	c4993d6544aa5eab3db21c0bd9fcdff8372a97d9f04159074ba969a412affada
MD5 hash:	0c028a9a2ef47013c08c280425b70a27
MIME type:	application/octet-stream

File name:	BOOTX64.EFI
File size:	1'743'576 bytes
SHA256 hash:	242ea177fa0f767a080fff1b3ecef5185fb278d7c400fc0a24292ddb29831ad2
MD5 hash:	f0db4d791b08d49b34ae0850599d9af4
MIME type:	application/x-dosexec

File name:	LICENSE.RTF
File size:	10'546 bytes
SHA256 hash:	a65438bac21035a7943e7eebe7626152f81522840b152522223ae68379778228
MD5 hash:	a667b2178c0bcccd836bf9a77c78fc50
MIME type:	text/rtf

File name:	SPD.SPD
File size:	1'566 bytes
SHA256 hash:	f0f0671d75165c3080eb18bf09b31d2c4d1b7df0f6e43f36bbf70d9f380e5fb8
MD5 hash:	1809242bf3869db3f932ad3dcf787de1
MIME type:	text/plain

File name:	MT86.PNG
File size:	4'546 bytes
SHA256 hash:	dca8b848a4da01c7368a69cefd2d773eab818e0d59281a5e4e12ee7496884d51
MD5 hash:	f973c042a7725cfb129c759fc6a75a09
MIME type:	image/png

File name:	GUIDE.PDF
File size:	236'695 bytes
SHA256 hash:	1c2600fe9c96e884bfe9afe6f6cfdf9d58f74ce583129bdfac7be92331d8692c
MD5 hash:	8c85790e2bcba9a16fa6ce8e50142a4c
MIME type:	application/pdf

File name:	CUSTOMTESTS.CFG
File size:	1'374 bytes
SHA256 hash:	684dc67be36f43b9eb739429e4e41cb7a7d9e0fba22bc8a49613c87ad0a08380
MD5 hash:	0dca6e984f9618c4a09a25f05084e5a8
MIME type:	text/plain

File name:	BOOT.CAT
File size:	2'048 bytes
SHA256 hash:	636aa6463062e37a9735a23140242c0255ea9cfbe223f1f284df69b2eb79fc1e
MD5 hash:	722cf050efc7e121928fd32f131a8fc3
MIME type:	application/x-dbt

File name:	MT86FOOT.HTM
File size:	1'186 bytes
SHA256 hash:	6f87144b7d08282afa9b91a15357c93581cc7369dc3b8c6e07205bf4dca6a0bf
MD5 hash:	7c4c2ad5522e12cf42c2c7f2d9551dfe
MIME type:	text/html

File name:	ISOLINUX.CFG
File size:	271 bytes
SHA256 hash:	ef53f2af07d3e7fba4146136ba10cb762ce0ea24cbe8b1dfea929988c77f6b9b
MD5 hash:	d5336cc02f4b025be5aeb477c9c81c76
MIME type:	text/plain

File name:	MEMTEST86_USER_GUIDE_UEFI.PDF
File size:	1'832'760 bytes
SHA256 hash:	898ced7afd11b5d8fcbfc61655adc72b3bdb3a33664a1ff2d0dae16b669c6941
MD5 hash:	12317ae63ad19692c8908ea7fcd1e6f8
MIME type:	application/pdf

File name:	MT86HEAD.HTM
File size:	550 bytes
SHA256 hash:	4163fd2c978ca4d6dc5a1554e02c0a2d75730d97ada5fc6b697366987101d3b7
MD5 hash:	4b5782b330b4ef2687d95240063cc383
MIME type:	text/html

File name:	REPORT.CSS
File size:	21'516 bytes
SHA256 hash:	7c83ee0c127d2c42e21492fd1cc4e638c59bc24d9c5ee4b78f25b3bf5acdf128
MD5 hash:	3130c6751fe8f932b770e87e755a7561
MIME type:	text/plain

File name:	BOOT.TXT
File size:	379 bytes
SHA256 hash:	a3a95785c240029a929a46e6c58a5e8ed880e36f50d86e034862f9674499e26e
MD5 hash:	24873f91e916d5a479e2757096c2abda
MIME type:	text/plain

File name:	BLACKLIST.CFG
File size:	5'834 bytes
SHA256 hash:	0d92ab36d5f559dbcb7918652cb7368d746b1b69c8f91483b38d18aacef3353c
MD5 hash:	adb8d41df62bebcb44061dc6b210f987
MIME type:	text/plain

File name:	MT86.CFG
File size:	2'371 bytes
SHA256 hash:	2643229ba663431747dee6a07b151cbf1832fab134c2d8254dfd4e6ec5948717
MD5 hash:	a38584ac644b163b3d46192199e1dfe3
MIME type:	text/plain

Vendor Threat Intelligence

Verdict:

Suspicious

Score:

50%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6727413d8d23d9049133112b

Tags:

infosteal

Verdict:

Unknown

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6727413322fbc7a07d888d94/reports/c4049dc8-0483-403b-acc5-b724452c7885/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/7efdfb08c05985a68a39a826f929dfe6fbb815f3da3ac2143ba3c778336833e0

Result

Verdict:

UNKNOWN

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7efdfb08c05985a68a39a826f929dfe6fbb815f3da3ac2143ba3c778336833e0/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=p367wcgalgc2ncrzvatpsko74353qfpt3i5mefb3updxqm3igpqa._file

Result

Malware family:

n/a

Score:

4/10

Tags:

discovery link pdf

Link:

https://tria.ge/reports/241103-p476qsxmcl/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7efdfb08c05985a68a39a826f929dfe6fbb815f3da3ac2143ba3c778336833e0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	malware_PlugX_config Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	detect PlugX in memory
Reference:	internal research

Rule name:	PlugX Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	detect PlugX in memory
Reference:	internal research

Rule name:	vmdetect Create hunting rule
Author:	nex
Description:	Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample