MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aba53ac926aec982a32be2012d84e931a4499d8bbc5c5c652fe3928c1132c134. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



DarkMe


Vendor detections: 8


Intelligence 8 IOCs YARA 8 File information Comments

SHA256 hash: aba53ac926aec982a32be2012d84e931a4499d8bbc5c5c652fe3928c1132c134
SHA3-384 hash: e9598efa89b844385cacbd94f060eb2f1a4554112dbc39ffa72a69cfe8ac88478f56d0c9d214db19aecd3efdf5edc951
SHA1 hash: 3c080bfa2d5ff741b6ab42e8f7eac16251e312d4
MD5 hash: 23179b38e5f7f63cd8962aa335f9ed74
humanhash: emma-bravo-carpet-alpha
File name:files.cab
Download: download sample
Signature DarkMe
File size:10'448'646 bytes
First seen:2026-06-26 22:06:11 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 196608:G5LmCKBWJxONXVy2SxI4BYU1gVw0gSHC7JwMPBkCE8i1msP3n4uFZEOhExaD:G5L/UVyfxBBYU1WwtSUPy8iN/HyaD
TLSH T1C4B6339B67BD8C7BE3999C35883706C9AA21F308B74502C6374DD8AFACD211D79A5D30
Magika cab
Reporter BastianHein
Tags:cab DarkMe dropped

Intelligence


File Origin
# of uploads :
1
# of downloads :
65
Origin country :
CL CL
File Archive Information

This file archive contains 7 file(s), sorted by their relevance:

File name:File.dat
File size:23'236'632 bytes
SHA256 hash: 09ea472f714a42d886fb0f64aff72a609db0edd672ab11f6dbfe0bfc4a5ba637
MD5 hash: e9d076e4573733f0913a212617c71668
MIME type:application/octet-stream
Signature DarkMe
File name:Check.wsf
File size:12'506 bytes
SHA256 hash: 7fd2a7e4824e8865bfc506cd3895719ff68d082910b619917fd09941ab96542a
MD5 hash: cc2bd784448979a036a7e9e9a8db02c6
MIME type:text/html
Signature DarkMe
File name:WINDBVER.EXE
File size:30'720 bytes
SHA256 hash: 8778bb953ffead733b53de1b4ac040061fd93e5bee5223893ca4e1dc7b0fea02
MD5 hash: 73a5552a933e15b0a6fe13bb573e90d3
MIME type:application/x-dosexec
Signature DarkMe
File name:newdev.exe
File size:68'096 bytes
SHA256 hash: 1675b87be879b45739c08d9098ef754526ce032ea054ad754b2fef3efaff6ab1
MD5 hash: dc429f2be514b7b7bcfe7b8a8964a763
MIME type:application/x-dosexec
Signature DarkMe
File name:Damned.dll
File size:28'672 bytes
SHA256 hash: 6d8bbe9c45a9380f0312740bd154bbdb88aca4183ab6aa7e15eb2b652f33c8e6
MD5 hash: dadcbd96fbc67634350408903490193d
MIME type:application/x-dosexec
Signature DarkMe
File name:filetext.txt
File size:972 bytes
SHA256 hash: a00b65160712a5df3dd0d3432b182b1d5fe88995a17e9d7cca15f47467b678e7
MD5 hash: 8690d10c0b7401ce3319d874baf72565
MIME type:text/plain
Signature DarkMe
File name:FoxEnd.dll
File size:1'167'360 bytes
SHA256 hash: 68dcb7b0ddb39c45cc340bb52b69961a3865aa533ca8a49c22a7f0e3ad66a51e
MD5 hash: 343c755fd6fe653b80d16c0af280f147
MIME type:application/x-dosexec
Signature DarkMe
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Tags:
dropper
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
visual_basic
Verdict:
Malware
YARA:
2 match(es)
Tags:
CAB:COMPRESSION:LZX Executable PDB Path PE (Portable Executable) PE File Layout T1059.005 VBScript Visual Basic Visual Basic 6 WSF File
Threat name:
Win32.Trojan.Generic
Status:
Suspicious
First seen:
2026-06-25 13:34:34 UTC
File Type:
Binary (Archive)
Extracted files:
99
AV detection:
12 of 38 (31.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:detect_tiny_vbs
Author:daniyyell
Description:Detects tiny VBS delivery technique
Rule name:FreddyBearDropper
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:SEH__vba
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:ThreadControl__Context
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:VECT_Ransomware
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

DarkMe

cab aba53ac926aec982a32be2012d84e931a4499d8bbc5c5c652fe3928c1132c134

(this sample)

Comments