MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95a636c2b3af0bc69cc05f7b32281ff17c58cbe637bec5f8918f7514a5f37e09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 95a636c2b3af0bc69cc05f7b32281ff17c58cbe637bec5f8918f7514a5f37e09
SHA3-384 hash: 266b0a77fa11dadde7c19601f33c8cbdf721125af8e5b7e59e5132f5ae8551a8d0951ee6fac8c5bdf46b9dd97f9019bb
SHA1 hash: 538df75bc801607714630191828783b9cda54a06
MD5 hash: 0804fcbd8ab29a55db0c06214c3102e4
humanhash: black-mirror-rugby-hot
File name:Prepayment anti fraud and service.zip
Download: download sample
File size:27'518 bytes
First seen:2026-02-20 13:27:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:8L5ifMqzWkmfHoFk3fIAiJhCJ2wpSPdyr1f+E4XzbZ/kFYbv8iZdzsa:8l2zgfHCk34CLSPdu5+EsbZ/kFYJsa
TLSH T11EC2E17F1AEC7557C217922AA670A376D8D3BACB00C912EEC560A6DE7583DB9100918F
Magika zip
Reporter smica83
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
171
Origin country :
HU HU
File Archive Information

This file archive contains 11 file(s), sorted by their relevance:

File name:CH - ULT Group Anti Fraud Agreement.pdf (2).lnk
File size:69'990 bytes
SHA256 hash: 728885cdf0e9dcbafe9993b6c1a443cc204de1321634c1c85d8c34d3d26fd35c
MD5 hash: 7eaf8ba4d9e6b14646b8cb761ba96724
MIME type:application/octet-stream
File name:core.xml
File size:759 bytes
SHA256 hash: 5459c9f64fb2fadf4487c66d4c372b350e9a202a68559852542b5c70752e6575
MD5 hash: 2f418f47b31c31a9468bd49b9c07ffcf
MIME type:text/xml
File name:settings.xml
File size:2'975 bytes
SHA256 hash: 61cd24f5e836e0e43146b26697caa88c0c871c693890e2768dfc30d2c31f6564
MD5 hash: cf21aa3f1c64b913f606ab306fcfe9d1
MIME type:text/xml
File name:[Content_Types].xml
File size:1'312 bytes
SHA256 hash: dfa90f373b8fd8147ee3e4bfe1ee059e536cc1b068f7ec140c3fc0e6554f331a
MD5 hash: 8c71b2a6e8e97a96df3707e253a6fde5
MIME type:text/xml
File name:document.xml
File size:17'873 bytes
SHA256 hash: 4248a2725130e26ddb3d1e968fef75fb54a4085dcf8374090565f92ba8a109a6
MD5 hash: 8d4926051601d645c023e2e641e07474
MIME type:text/xml
File name:webSettings.xml
File size:1'219 bytes
SHA256 hash: 00609432241144c80ea6d11dd8022396638a2bce1772808aad0a6e62663ed241
MD5 hash: a64172a104c0f910b9635b76d8ab8759
MIME type:text/xml
File name:app.xml
File size:713 bytes
SHA256 hash: ac6345ddf548641df6560214e5af25e4589045823e5c5154072253664a6dbb7d
MD5 hash: 63c8869857fa893e151b293acbf51344
MIME type:text/xml
File name:theme1.xml
File size:8'393 bytes
SHA256 hash: 70a70d84494772c1855ec6c2f9a16e0fc6cc41bdb0ce3743563ed943b63e07b8
MD5 hash: fc5dd7a11f76159e8ac4ecd5e3e1b518
MIME type:text/xml
File name:document.xml.rels
File size:817 bytes
SHA256 hash: b725d5476e76f555fc24ecb908474fd29b671687336e5e1177a5c4c35cb5939f
MD5 hash: 7caaa99de7c709024bcfb5ae9c38352f
MIME type:text/xml
File name:fontTable.xml
File size:1'831 bytes
SHA256 hash: cb4b8a4af1b38df839dea51df37458dff9a2980bb380dfc5c369258810c1ab56
MD5 hash: 970c8dbc63cadd3ee70436aaefa64b61
MIME type:text/xml
File name:styles.xml
File size:29'714 bytes
SHA256 hash: 2a0f9ca24c5278e2ea1e5ff2159aaa9886f1b6d054acb9d28f9c9968510a4c32
MD5 hash: 85578ad8c4ff154a54979c2a2428a3a0
MIME type:text/xml
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/ec2ee378-9b1a-48b9-995f-b2c3ab0fdc09/
Detection(s):
Sanesecurity.Foxhole.Lnk_Zip_1.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Zip.LNK-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6998616ec950ab5d9aafbe3c
Tags:
malware
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6998616b10e80629d4eb6765/reports/c07ebe94-61a2-4078-b7b9-01e6b4407a12/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/95a636c2b3af0bc69cc05f7b32281ff17c58cbe637bec5f8918f7514a5f37e09
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/95a636c2b3af0bc69cc05f7b32281ff17c58cbe637bec5f8918f7514a5f37e09
Details
Document With Few Pages
Document contains between one and three pages of content. Most malicious documents are sparse in page count.
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/95a636c2b3af0bc69cc05f7b32281ff17c58cbe637bec5f8918f7514a5f37e09/results?tab=lookup
Score:
1%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/95a636c2b3af0bc69cc05f7b32281ff17c58cbe637bec5f8918f7514a5f37e09
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/95a636c2b3af0bc69cc05f7b32281ff17c58cbe637bec5f8918f7514a5f37e09/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=swtdnqvtv4f4nhgal55teka76f6frs7gg67ml6err52rjjptpyeq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/260220-s8ayksew6f/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/95a636c2b3af0bc69cc05f7b32281ff17c58cbe637bec5f8918f7514a5f37e09

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:Download_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies download artefacts in shortcut (LNK) files.
Rule name:Execution_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:PDF_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies Adobe Acrobat artefacts in shortcut (LNK) files. A PDF document is typically used as decoy in a malicious LNK.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments