MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94bf3096bc61b186dcdabd32b53b09d6276aeff08acb9b0bec9b3f234b4e4559. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94bf3096bc61b186dcdabd32b53b09d6276aeff08acb9b0bec9b3f234b4e4559
SHA3-384 hash: cc99ea78a1f57da15b9d3d8386d98584aac34988a587eaf4789a26d57016ab96c92671f444f32977bf37cb4673d24c22
SHA1 hash: 4ca8cfb5e06593ef5a267f019cfd242366fd8365
MD5 hash: a928898af6c595c1a95d432b6fb5fd59
humanhash: island-table-march-king
File name:List of Required items and Services.url
Download: download sample
File size:259 bytes
First seen:2026-06-05 20:15:00 UTC
Last seen:Never
File type:
MIME type:application/x-mswinurl
ssdeep 6:HRYFVmRz7fyU3zaAXTj5W9sFGIf5oeTckmu54vVG/4xHy:HRYFVmRzjzayHRzwRVW4xS
TLSH T18AD02B584786C0DFD35270822654BD405819F95058DADC0D62E5C94B58E24D186595A6
TrID 84.6% (.URL) Windows URL shortcut (11000/1/2)
7.6% (.INI) Generic INI configuration (1000/1)
7.6% (.JSON) JSON array (generic) (1000/1)
Magika internetshortcut
Reporter smica83
Tags:url

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
HU HU
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a232e6cf8676ad4d3618376
Tags:
xtreme overt blic
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
smb
Link:
https://www.filescan.io/uploads/6a232e6946e44aecc0d1ec0d/reports/23b9ae0b-b2d8-41f0-aa1d-2402e7de7959/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/94bf3096bc61b186dcdabd32b53b09d6276aeff08acb9b0bec9b3f234b4e4559
Verdict:
Malicious
File Type:
text.internetshortcut
First seen:
2026-06-05T17:24:00Z UTC
Last seen:
2026-06-05T17:36:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/94bf3096bc61b186dcdabd32b53b09d6276aeff08acb9b0bec9b3f234b4e4559/results?tab=lookup
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/94bf3096bc61b186dcdabd32b53b09d6276aeff08acb9b0bec9b3f234b4e4559
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/94bf3096bc61b186dcdabd32b53b09d6276aeff08acb9b0bec9b3f234b4e4559/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/94bf3096bc61b186dcdabd32b53b09d6276aeff08acb9b0bec9b3f234b4e4559
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ss7tbfv4mgyynxg2xuzlkoyj2ytwv37qrlfzwc7mtm7sgs2oivmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/94bf3096bc61b186dcdabd32b53b09d6276aeff08acb9b0bec9b3f234b4e4559

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Methodology_Suspicious_Shortcut_Local_URL
Create hunting rule
Author:@itsreallynick (Nick Carr), @QW5kcmV3 (Andrew Thompson)
Description:Detects local script usage for .URL persistence
Reference:https://twitter.com/cglyer/status/1176184798248919044

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments