MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 829c4334f8a4effeade1679773057d643e06a7ff87b2510b6bfb305f6b64e7c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 829c4334f8a4effeade1679773057d643e06a7ff87b2510b6bfb305f6b64e7c7
SHA3-384 hash: bea87d8d8edbbdeea0120d000ade74fc689d896856ed79aa5a69bb4a772b46018b66bf2d5b6c5017ffde916658448d3e
SHA1 hash: b13347cfff4e7684ac1793a08d44abdd06345935
MD5 hash: 83ff6f9a615e00c039aaa02675a09a50
humanhash: ceiling-stairway-avocado-spaghetti
File name:829c4334f8a4effeade1679773057d643e06a7ff87b2510b6bfb305f6b64e7c7.dll
Download: download sample
File size:56'320 bytes
First seen:2025-12-23 15:09:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6d63c10eb30192d2903e92a7d33fb130
ssdeep 768:FMnha8VM+JEt0kUO8/3IzI59e/Pa495Fpnf/gQX+rMGnmOUWNSCn8m68HiLoVLO3:5Cx/3x9eXRxvXKJrUWNSU8mPzdOHxD
TLSH T1C243DFAA77CA008BE426823CC8A21E61D576FD655322A6CF436290AF0D237F5763D746
TrID 48.7% (.EXE) Win64 Executable (generic) (10522/11/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter JAMESWT_WT
Tags:exe hlsofficeaam

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
2026년_1차_보안교육_프로그램_안내.doc
Verdict:
Suspicious activity
Analysis date:
2025-12-20 07:17:30 UTC
Tags:
macros macros-on-open
Link:
https://app.any.run/tasks/520b9cda-fcc6-4e7d-b602-9b51ea7c3383

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45864/
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694ab0cd038f10550b550ba6
Tags:
virus
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm masquerade microsoft_visual_cc packed
Link:
https://www.filescan.io/uploads/694ab0e43f8fdbf8e95017e0/reports/7e9fc000-9366-4113-bfbc-1ccabf066c2b/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/829c4334f8a4effeade1679773057d643e06a7ff87b2510b6bfb305f6b64e7c7
Verdict:
Malicious
File Type:
dll x64
First seen:
2025-12-20T01:09:00Z UTC
Last seen:
2025-12-23T21:11:00Z UTC
Hits:
~100
Detections:
Trojan.Win64.Agent.smfgeq NetTool.GitHubGetRepoContent.HTTP.C&C NetTool.GitHubGetRepo.HTTP.C&C
Link:
https://opentip.kaspersky.com/829c4334f8a4effeade1679773057d643e06a7ff87b2510b6bfb305f6b64e7c7/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/8abb5b19-29c8-4a9f-93ba-eb1a90a5f622
Score:
93%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/829c4334f8a4effeade1679773057d643e06a7ff87b2510b6bfb305f6b64e7c7
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/83ff6f9a615e00c039aaa02675a09a50
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/829c4334f8a4effeade1679773057d643e06a7ff87b2510b6bfb305f6b64e7c7/
Verdict:
Malicious
Threat:
Trojan.Win64.Agent
Link:
https://tip.neiki.dev/file/829c4334f8a4effeade1679773057d643e06a7ff87b2510b6bfb305f6b64e7c7
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qkoegnhyutx75lpbm6lxgbl5mq7anj77q6zfcc3l7myf623e47dq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-trpwvawmgt/
Behaviour
Badlisted process makes network request
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/5b453914-3594-4ba4-b803-b91dc4e6cc34
Unpacked files
SH256 hash:
829c4334f8a4effeade1679773057d643e06a7ff87b2510b6bfb305f6b64e7c7
MD5 hash:
83ff6f9a615e00c039aaa02675a09a50
SHA1 hash:
b13347cfff4e7684ac1793a08d44abdd06345935
Link:
https://www.unpac.me/results/750c4fb0-89de-4fd0-854d-9f74880c3556/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/829c4334f8a4effeade1679773057d643e06a7ff87b2510b6bfb305f6b64e7c7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/45864/

Comments