MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a52c39a1d9cfe2838b8a817cbcbe34cd710c26f9a37bed95cfa567c152a88a3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	a52c39a1d9cfe2838b8a817cbcbe34cd710c26f9a37bed95cfa567c152a88a3b
SHA3-384 hash:	46ce73dbe682fdaac84cd2bf84cf8e395118cdbe6e2e6f85b612130a9b397a78e2df1a2f9445bdeadbb7356f193d053a
SHA1 hash:	5b6f8107574ff29c6caaaa5161c21a93de6757ba
MD5 hash:	37a655a89c5144c83a4bdda9a7099d7d
humanhash:	iowa-april-alanine-may
File name:	1.zip
Download:	download sample
File size:	4'647'870 bytes
First seen:	2026-06-22 15:26:15 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	98304:gUh4I/PQVZv/WLOmsjOjh5hM2hTZ8IYr02NN845HAXAVb:/4I3s6AOjhI2h+YSDb
TLSH	T1AA263343C93AA8D6ECBE269392436DC81916539A6B25F95F0CD8F78178216F47B3D330
Magika	zip
Reporter	JAMESWT_WT
Tags:	216-9-224-48 66-63-170-33 booking Spam-ITA stego zip

JAMESWT_WT

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	1.jpg
File size:	4'762'496 bytes
SHA256 hash:	050d4043af02c7cfaf00f257f28e8c8313f6f444c843def486fc2141d379da49
MD5 hash:	83bf51bd93b6db1b112f6ad8c45241b4
MIME type:	image/jpeg

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/423476ae-2cbb-40ee-9c14-8f69ab593257/

Detection(s):

SecuriteInfo.com.Generic-EXE.UNOFFICIAL

TwinWave.EvilImg.MZSmuggerlsRideAllNight1.20231012.UNOFFICIAL

TwinWave.EvilIMG.MZSmugglersRideAllNight.M2.20231012.UNOFFICIAL

TwinWave.EvilZip.OnAndOn.20221219.UNOFFICIAL

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a32969854a045c34089e7b2

Tags:

shellcode virus msil

Result

Verdict:

Unknown

File Type:

ZIP File

Link:

https://app.docguard.net/a52c39a1d9cfe2838b8a817cbcbe34cd710c26f9a37bed95cfa567c152a88a3b/results/dashboard

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 cmd cscript lolbin msbuild obfuscated overlay packed regasm runonce vbc wscript

Link:

https://www.filescan.io/uploads/6a39548d90632a45f7334420/reports/8005e3af-b5e6-41f7-b9c6-ce30731e3d45/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/a52c39a1d9cfe2838b8a817cbcbe34cd710c26f9a37bed95cfa567c152a88a3b

Verdict:

Unknown

File Type:

zip

Link:

https://opentip.kaspersky.com/a52c39a1d9cfe2838b8a817cbcbe34cd710c26f9a37bed95cfa567c152a88a3b/results?tab=lookup

Score:

33%

Verdict:

Susipicious

File Type:

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/260622-s3xv6adz4r/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/a52c39a1d9cfe2838b8a817cbcbe34cd710c26f9a37bed95cfa567c152a88a3b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample