MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95034e438f247173b65292e79f4a4d61bd379d35455f00a9d3f84cb5b6360dc6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	95034e438f247173b65292e79f4a4d61bd379d35455f00a9d3f84cb5b6360dc6
SHA3-384 hash:	61f1968e19e4a86bba20eacd322bafba3ae86ebd9b618df70fb23453eb705a7652d5aadba1c5e732f244cead5b1f9da9
SHA1 hash:	3e447a137506b7902c57aae4bed5e55d9a49eaeb
MD5 hash:	b6e87977f28d0af99dcc551b41bfa003
humanhash:	delta-item-monkey-network
File name:	95034e438f247173b65292e79f4a4d61bd379d35455f00a9d3f84cb5b6360dc6
Download:	download sample
File size:	1'375'786 bytes
First seen:	2026-02-04 05:16:29 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	24576:1+kTRdVq3OHZdkOoY+cHoPlg4Wdpb1qYg+4c1zaXwzDDP/Li0tq6:1nRmrOxhKlgHpkY14ZXwj/Lie
TLSH	T19F55330E241DA803DB099D6BBB52539DF8CC432D3036C99DA2B93A11F3A853D67E52DD
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	JAMESWT_WT
Tags:	107-174-33-21 cve-2017-0199 rar

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:	INV-PMT00359453160126.xls
File size:	1'459'200 bytes
SHA256 hash:	dcfa59646b4705779145a42c099ec9c232279c081348d475ca108f15972507c4
MD5 hash:	70b0bde0f055452d6475228f08510d66
MIME type:	application/vnd.ms-excel

File name:	PMNT INSTRUCTION.hta
File size:	1'585'847 bytes
SHA256 hash:	b8ba01e18a302062ff0eb2f98ce63484787a24eb5c59a0d10691dde91581b65f
MD5 hash:	54ae6a4bc415297cba5bc5cbe7f14847
MIME type:	text/plain

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/0ddd1603-210d-4a2c-b671-727a58a6377e/

Detection(s):

SecuriteInfo.com.FileRepMalware.89894893.UNOFFICIAL

Verdict:

Clean

Score:

N/A%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6982d65e9a60ec70d92ca144

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

alien CVE-2017-0199 exploit macros

Link:

https://www.filescan.io/uploads/6982d65dc9bfb60ece1b3bfc/reports/ca52a0be-cd22-44ab-8d62-b7b3e3d09806/overview

Verdict:

Malicious

Link:

https://www.hybrid-analysis.com/sample/95034e438f247173b65292e79f4a4d61bd379d35455f00a9d3f84cb5b6360dc6

Verdict:

Malicious

File Type:

rar

First seen:

2026-01-16T06:10:00Z UTC

Last seen:

2026-02-02T13:15:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan.MSOffice.Alien.gen HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/95034e438f247173b65292e79f4a4d61bd379d35455f00a9d3f84cb5b6360dc6/results?tab=lookup

Verdict:

Malware

YARA:

1 match(es)

Tags:

Corrupted Office Document Rar Archive

Link:

https://app.malva.re/file/b6e87977f28d0af99dcc551b41bfa003

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/95034e438f247173b65292e79f4a4d61bd379d35455f00a9d3f84cb5b6360dc6/

Verdict:

Malicious

Threat:

Family.REVERSELOADER

Link:

https://tip.neiki.dev/file/95034e438f247173b65292e79f4a4d61bd379d35455f00a9d3f84cb5b6360dc6

Threat name:

Win32.Exploit.CVE-2017-0199

Status:

Malicious

First seen:

2026-01-16 11:44:52 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

12 of 36 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=subu4q4peryxhnsssltz6ssnmg6tphjvivpqbkot7bgllnrwbxda._file

Result

Malware family:

n/a

Score:

8/10

Tags:

discovery execution persistence ransomware

Link:

https://tria.ge/reports/260204-hgg8gafw8f/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Uses Volume Shadow Copy WMI provider

Uses Volume Shadow Copy service COM API

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/95034e438f247173b65292e79f4a4d61bd379d35455f00a9d3f84cb5b6360dc6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample