MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 882c967e87121dbdf5c99ff7be13033893baa2f3efe1dc95ce002aeb8df8c5e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.Techsnab


Vendor detections: 11


Intelligence 11 IOCs YARA 9 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 882c967e87121dbdf5c99ff7be13033893baa2f3efe1dc95ce002aeb8df8c5e5
SHA3-384 hash: f8cc62d5d28e044100120545b36998889ae0c0a99833157d008b8ee692354791825d67344bb79d4a0b006ab9cf506124
SHA1 hash: e428e53a820da8cdac2536a750fe5e43a30caaeb
MD5 hash: 55b587dfd43ebd3eb93cab35f4dcb099
humanhash: lima-seven-enemy-harry
File name:file
Download: download sample
Signature Adware.Techsnab
Create hunting rule
File size:1'082'880 bytes
First seen:2025-12-24 16:20:10 UTC
Last seen:2025-12-24 18:18:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:wP/Bv1NqknCYfFxvHXm81sGmTRBgk7uGMaUgr:wn3NbvHXm81sGmTRGk7uGMaUU
TLSH T1FA35288573E84115E6B77B78D9B201659B727C966B38C7CF028091AD0EB3BC4AD34B63
TrID 41.7% (.EXE) Win64 Executable (generic) (10522/11/4)
17.8% (.EXE) Win32 Executable (generic) (4504/4/1)
8.2% (.EXE) Win16/32 Executable Delphi generic (2072/23)
8.1% (.ICL) Windows Icons Library (generic) (2059/9)
8.0% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter Bitsight
Tags:Adware.Techsnab dropped-by-amadey exe fbf543


Avatar
Bitsight
url: http://178.16.55.189/files/7782139129/IaKQDV5.exe

Intelligence

File Origin
# of uploads :
5
# of downloads :
91
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
PostExploitTool SmartAssembly
Details
SmartAssembly
decrypted strings and a SmartAssembly version number
Link:
https://research.acce.ciphertechsolutions.com/results/5613d191-971d-4b2d-b869-7ea9beb0fb1a/
Malware family:
n/a
ID:
1
File name:
_882c967e87121dbdf5c99ff7be13033893baa2f3efe1dc95ce002aeb8df8c5e5.exe
Verdict:
Suspicious activity
Analysis date:
2025-12-24 16:25:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/013f2014-342a-4558-9f68-f26d6b071c2d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45984/
Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694c12c801c7b4a8fe555a53
Tags:
malware
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context anti-debug base64 expired-cert obfuscated obfuscated packed packed
Link:
https://www.filescan.io/uploads/694c12caa7163552ba04a197/reports/6f196c4b-b399-4844-965e-4ad02d359b12/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/882c967e87121dbdf5c99ff7be13033893baa2f3efe1dc95ce002aeb8df8c5e5
Result
Gathering data
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/950575c5-4e48-442c-9c78-b1d83fa3c790
Score:
79%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/882c967e87121dbdf5c99ff7be13033893baa2f3efe1dc95ce002aeb8df8c5e5
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.41 Win 64 Exe x64
Link:
https://app.malva.re/file/55b587dfd43ebd3eb93cab35f4dcb099
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/882c967e87121dbdf5c99ff7be13033893baa2f3efe1dc95ce002aeb8df8c5e5/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/882c967e87121dbdf5c99ff7be13033893baa2f3efe1dc95ce002aeb8df8c5e5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rawjm7uhcio335ojt7334eydhcj3vixt57q5zfooaavoxdpyyxsq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/251224-ttfqysgw3d/
Behaviour
Suspicious use of AdjustPrivilegeToken
Legitimate hosting services abused for malware hosting/C2
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/683d9732-f37e-496a-a4cb-eca4e946ad8f
Unpacked files
SH256 hash:
882c967e87121dbdf5c99ff7be13033893baa2f3efe1dc95ce002aeb8df8c5e5
MD5 hash:
55b587dfd43ebd3eb93cab35f4dcb099
SHA1 hash:
e428e53a820da8cdac2536a750fe5e43a30caaeb
Link:
https://www.unpac.me/results/48177307-39bc-4b49-98ee-65b534696569/
SH256 hash:
bae6cc8416d88489e4df47936f7b1909981b7fffdb7e68aed01e074f7bf4a50b
MD5 hash:
07229ddb313e860668dd1024194974c9
SHA1 hash:
f12e434878046b0885ae4b08f666dc9a0bda0efd
Link:
https://www.unpac.me/results/48177307-39bc-4b49-98ee-65b534696569/
SH256 hash:
797fd06a1f9436b659e84d6ba9f31df93f1febb25de94c115e8d3b95f636bbb3
MD5 hash:
c0566f339096059283967c635032aeb9
SHA1 hash:
4fedc2b05848d56b41c01fb80be5218fd15fea7e
Link:
https://www.unpac.me/results/48177307-39bc-4b49-98ee-65b534696569/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/882c967e87121dbdf5c99ff7be13033893baa2f3efe1dc95ce002aeb8df8c5e5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerHiding__Thread
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:dgaagas
Create hunting rule
Author:Harshit
Description:Uses certutil.exe to download a file named test.txt
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Adware.Techsnab

Executable exe 882c967e87121dbdf5c99ff7be13033893baa2f3efe1dc95ce002aeb8df8c5e5

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/45984/
  
URLhaus
https://urlhaus.abuse.ch/url/3742634/

Comments