MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 a5b28d301bd025dbf4c4815c412749650bd07ebf6cdf8a4e6406260da8d6c0e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 8
| SHA256 hash: | a5b28d301bd025dbf4c4815c412749650bd07ebf6cdf8a4e6406260da8d6c0e4 |
|---|---|
| SHA3-384 hash: | 02a4be571062a5f274196499bf3ce3ce20f2ee15f7a7309d12256a5612dff49f9eb8fcb59eef8c7e6e8b84e36344da63 |
| SHA1 hash: | deb5482f7f16b9ec51a2e9827afd7ccd0b939a02 |
| MD5 hash: | 0220c52b91a20d3a9324f50f53a8d603 |
| humanhash: | november-oregon-july-beer |
| File name: | a5b28d301bd025dbf4c4815c412749650bd07ebf6cdf8a4e6406260da8d6c0e4.zip |
| Download: | download sample |
| File size: | 4'160'943 bytes |
| First seen: | 2026-07-14 06:07:12 UTC |
| Last seen: | Never |
| File type: | zip |
| MIME type: | application/zip |
| ssdeep | 98304:yK0aBfrzNXrg18sb7bEU8oDvav7azyjiQ6nlaOoP0/jvVLOrn4m:RpzN72lb7bEtpaz20a8vROrD |
| TLSH | T11C1633CDCAEB6078EC774021C3D91DD193AA00BBEECA4A7F5AC25BD394D4485E027E59 |
| Magika | zip |
| Reporter | |
| Tags: | 0zbqnac1t4dv2t2wuodv1m-com booking parceloexpressdelivery-com Spam-ITA v0hkpadr04mbz5lkearqa-com zip |
Intelligence
File Origin
ITFile Archive Information
This file archive contains 10 file(s), sorted by their relevance:
| File name: | psl.exe |
|---|---|
| File size: | 66'184 bytes |
| SHA256 hash: | 68e81ce966ca0c016bb638d0d29b106a0da7eab2ddf70438d8182fa89baf5d78 |
| MD5 hash: | 7a682a9da479baec38d5d43a02b604e9 |
| MIME type: | application/x-dosexec |
| File name: | vcruntime140_1.dll |
|---|---|
| File size: | 47'264 bytes |
| SHA256 hash: | e6bfb3662ab4b1969a73441dbe35c96d51441b6bff8cf1fe7430bd5b246ca605 |
| MD5 hash: | 03b43160d21c08de07a79d0a1c5ee81d |
| MIME type: | application/x-dosexec |
| File name: | libintl-8.dll |
|---|---|
| File size: | 309'032 bytes |
| SHA256 hash: | a62094d6e21670f460cb110389d2cb7b9bc12cfbb075151eeb2c52436cc02755 |
| MD5 hash: | 83f4bfec7f089f4a9efd5b36690b6cd7 |
| MIME type: | application/x-dosexec |
| File name: | libidn2-0.dll |
|---|---|
| File size: | 257'384 bytes |
| SHA256 hash: | 3ebaf0f048ad557c789c7602bbf0ff878b4e1c84b27fac559ad72c72259bd90e |
| MD5 hash: | a356b7276a9d7e05a7a6e277b371c44b |
| MIME type: | application/x-dosexec |
| File name: | libunistring-5.dll |
|---|---|
| File size: | 2'236'904 bytes |
| SHA256 hash: | 35eae7305e2e108ec3eac677f3357e376247e77e32aaecbf818b2c68f134d91c |
| MD5 hash: | c7c2ad785d5cd588ffbc7287a7a32f57 |
| MIME type: | application/x-dosexec |
| File name: | libpsl-5.dll |
|---|---|
| File size: | 2'579'456 bytes |
| SHA256 hash: | fabb3abd0bda132733d6b327b749f9f4742ecb97787a05576a69b822bcb5aae4 |
| MD5 hash: | 830da08203d63ced37e2091258d6cb88 |
| MIME type: | application/x-dosexec |
| File name: | vcruntime140.dll |
|---|---|
| File size: | 123'472 bytes |
| SHA256 hash: | 184146852727a9db4eea06178716bec3cdbb1015c911f6b0f915b184ad7775b2 |
| MD5 hash: | 0d35c5e99871b4f02c490b9fd9dace34 |
| MIME type: | application/x-dosexec |
| File name: | libiconv-2.dll |
|---|---|
| File size: | 1'146'824 bytes |
| SHA256 hash: | 2e5883a09cfc4391cb81db3f0da4d9b8cda21fc1b287e73a1624ad518d941b94 |
| MD5 hash: | ba98508c9c8fb1681193aeffdbfa535e |
| MIME type: | application/x-dosexec |
| File name: | ucrtbase.dll |
|---|---|
| File size: | 1'373'328 bytes |
| SHA256 hash: | c2ed69b4a1bb9432c75134e813c70539e27c8c1fe96a784d9be78c874e93d9d5 |
| MD5 hash: | ef62e9b3d7203f825dbf5dda8d4770c9 |
| MIME type: | application/x-dosexec |
| File name: | msvcp140.dll |
|---|---|
| File size: | 553'552 bytes |
| SHA256 hash: | def46aa6a8f72f27bafac0c43334419486a4d1dcdb6c479a8ef7034b3e1fa4cb |
| MD5 hash: | 4e3fa9bd90ef020c14359639dc19312b |
| MIME type: | application/x-dosexec |
Vendor Threat Intelligence
Result
Result
YARA Signatures
MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.
| Rule name: | CP_Script_Inject_Detector |
|---|---|
| Author: | DiegoAnalytics |
| Description: | Detects attempts to inject code into another process across PE, ELF, Mach-O binaries |
| Rule name: | DebuggerCheck__API |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| Rule name: | DebuggerCheck__MemoryWorkingSet |
|---|---|
| Author: | Fernando Mercês |
| Description: | Anti-debug process memory working set size check |
| Reference: | http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/ |
| Rule name: | DebuggerException__SetConsoleCtrl |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| Rule name: | golang_bin_JCorn_CSC846 |
|---|---|
| Author: | Justin Cornwell |
| Description: | CSC-846 Golang detection ruleset |
| Rule name: | meth_stackstrings |
|---|---|
| Author: | Willi Ballenthin |
| Rule name: | NET |
|---|---|
| Author: | malware-lu |
| Rule name: | pe_detect_tls_callbacks |
|---|
| Rule name: | PE_Digital_Certificate |
|---|---|
| Author: | albertzsigovits |
| Rule name: | RIPEMD160_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for RIPEMD-160 constants |
| Rule name: | SEH__vectored |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| Rule name: | SHA1_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for SHA1 constants |
| Rule name: | telebot_framework |
|---|---|
| Author: | vietdx.mb |
| Rule name: | test_Malaysia |
|---|---|
| Author: | rectifyq |
| Description: | Detects file containing malaysia string |
| Rule name: | ThreadControl__Context |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| Rule name: | TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE |
|---|---|
| Author: | CYFARE |
| Description: | Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments |
| Reference: | https://cyfare.net/ |
| Rule name: | VECT_Ransomware |
|---|---|
| Author: | Mustafa Bakhit |
| Description: | Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments. |
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.