MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88aa280ce4103acb3ff4eae8a2f74196acebdeb5cef2f7cacedc6a93a6777b28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88aa280ce4103acb3ff4eae8a2f74196acebdeb5cef2f7cacedc6a93a6777b28
SHA3-384 hash: b3e77fbfa4c9ee694d3f84b60f217a33bd0238b2187ac63efc0170227609aecc35b9c4472cf250a4256e379901d165ea
SHA1 hash: ba3ac0c0f65b08c58658823e06435ad7b296afa0
MD5 hash: fd80b95e598326355ef026ba1aaedecc
humanhash: alaska-football-crazy-jersey
File name:unikeyNT.zip
Download: download sample
File size:562'492 bytes
First seen:2026-02-04 02:02:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: infected
ssdeep 12288:IQ2VF6VKge4MBCPdsVkGe7ruWvUPIRD2imrNEbkWiZbj:IxVFkKghsVKruM92gyP
TLSH T153C423494EFAA0506784F02D82A7C2056FFB67136DF3B71F5E6551F30C2A66980CA68E
Magika zip
Reporter hunter_huang

Intelligence

File Origin
# of uploads :
1
# of downloads :
49
Origin country :
VN VN
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:unikeyNT.exe
File size:995'328 bytes
SHA256 hash: 170d460ce782db112fb942ba75d033896b7b09d3e7d2df2392b64e9a12141fa6
MD5 hash: 341be978cd468ffad5d47d4f35bd29b4
MIME type:application/x-dosexec
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/b77fc40a-f2cb-4faf-b061-7b2523947b80/
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6982a8e79a60ec70d92c9a01
Tags:
nymeria autorun autoit emotet
Result
Verdict:
Suspicious
File Type:
PE File
Link:
https://app.docguard.net/88aa280ce4103acb3ff4eae8a2f74196acebdeb5cef2f7cacedc6a93a6777b28/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/88aa280ce4103acb3ff4eae8a2f74196acebdeb5cef2f7cacedc6a93a6777b28
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/88aa280ce4103acb3ff4eae8a2f74196acebdeb5cef2f7cacedc6a93a6777b28
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/88aa280ce4103acb3ff4eae8a2f74196acebdeb5cef2f7cacedc6a93a6777b28/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/88aa280ce4103acb3ff4eae8a2f74196acebdeb5cef2f7cacedc6a93a6777b28
Verdict:
Malware
YARA:
3 match(es)
Tags:
AutoIt Decompiled DeObfuscated Executable PDB Path PE (Portable Executable) PE File Layout PowerShell Suspect Zip Archive
Link:
https://app.malva.re/file/fd80b95e598326355ef026ba1aaedecc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88aa280ce4103acb3ff4eae8a2f74196acebdeb5cef2f7cacedc6a93a6777b28/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rcvcqdheca5mwp7u5lukf52bs2woxxvvz3zppswo3rvjhjtxpmua._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery execution persistence
Link:
https://tria.ge/reports/260204-hfwpgafw5h/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Windows directory
AutoIT Executable
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/88aa280ce4103acb3ff4eae8a2f74196acebdeb5cef2f7cacedc6a93a6777b28

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments