MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b45dbc4f22f55e981a9e432423d5ebd9f323e05444c15e423ce439f3adf8928e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 32 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b45dbc4f22f55e981a9e432423d5ebd9f323e05444c15e423ce439f3adf8928e
SHA3-384 hash: 45c868e727c368f07b09b16686a7ddb44e1c24afe6bf9e62b7052e5c0bdab2037b6ff653327d832bee00d87e9adb864e
SHA1 hash: 5477cb1697f471a0228e94c416da6dbf05899c00
MD5 hash: dd8c244eb2c29dbaf451ee2ab8e60f75
humanhash: asparagus-coffee-yellow-hawaii
File name:oxfordmobilexray.zip
Download: download sample
File size:6'560'388 bytes
First seen:2026-03-25 06:29:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:+ZftzwViAb0uU+HB/OGUElH6XU8YYlbHXU+:+BPAbrU+h/PUEl0U8YYlbE+
TLSH T1AF663327F46C79C0E47FE9BEE061174483E6130DE082993595A67FD8B2E53CA48CE297
Magika zip
Reporter JAMESWT_WT
Tags:94-26-90-216 asmweosiqsaaw-com booking FakeCaptcha zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
IT IT
File Archive Information

This file archive contains 12 file(s), sorted by their relevance:

File name:psl.exe
File size:66'144 bytes
SHA256 hash: 12c931dbfa907d4e394fb928f3a8a27ed7e5bf203578dabcd65bb2dd5f2f1280
MD5 hash: f83c15cdcf054820008944d8366b6f24
MIME type:application/x-dosexec
File name:libintl-8.dll
File size:311'976 bytes
SHA256 hash: 014537629d17e625e3f3052e59b5aaad80233af0191b950367b7db06228b46de
MD5 hash: 5ff474738f95cd79dfad97305ff6c6fd
MIME type:application/x-dosexec
File name:libidn2-0.dll
File size:257'408 bytes
SHA256 hash: c6296ac4f38ab5f6b66ccea54f337eb61e4b4c64c6cbef9b422d40906102ed23
MD5 hash: dd739331842b79885453706d874a4366
MIME type:application/x-dosexec
File name:msys-intl-8.dll
File size:121'856 bytes
SHA256 hash: 9517978d663b324f80b3ad454e0f6a99db9cbd5022e98cea93808ddd64630aed
MD5 hash: 07bb931d03cfaf310b0369175797c719
MIME type:application/x-dosexec
File name:libunistring-5.dll
File size:2'236'904 bytes
SHA256 hash: 351ab6db834de03308e468a660dd93cb76d1e60aa213c7fce1c36603c431b7ba
MD5 hash: f6027bba63f798a5db8ce3f43bfda60e
MIME type:application/x-dosexec
File name:msys-2.0.dll
File size:3'371'536 bytes
SHA256 hash: 7ad917358bf910168a051aa46670fc5fbe300cd5e63fa2691ca6909237332118
MD5 hash: 8e727844e0eed3e4b14d2d87195d71b8
MIME type:application/x-dosexec
File name:libpsl-5.dll
File size:2'971'648 bytes
SHA256 hash: e20a26100069bccef1997d949d9e3249099e13cfcb8c8b5d8df07ec3c0f71311
MD5 hash: 5c49c1307345f6252a5e351b4c275e6e
MIME type:application/x-dosexec
File name:msys-iconv-2.dll
File size:1'108'800 bytes
SHA256 hash: b76044939dd5d6c6b7cf0d0cf877db6a2d8d7fd433212b78c837ba58f77a1775
MD5 hash: c29ee585eb10ad99a3a87aad2a772517
MIME type:application/x-dosexec
File name:msys-psl-5.dll
File size:83'128 bytes
SHA256 hash: 465a677a62faf17255a910e52ec595e277831acf471048e84229a60417f0e7d1
MD5 hash: fbef212371b36a54980ac886bee50b4e
MIME type:application/x-dosexec
File name:libiconv-2.dll
File size:1'146'840 bytes
SHA256 hash: 9740c8a8351587206aff71a976b9fea7457e59126807216b2e76f68a41579ed4
MD5 hash: 9a47e690745d2abf439b3466abb0ec16
MIME type:application/x-dosexec
File name:msys-unistring-5.dll
File size:2'074'976 bytes
SHA256 hash: 7c6c656d2413d2398f99de4616416319eaea0d9f91ab8a6efa953b2fe7def760
MD5 hash: 5374fcf8f138a6a0f84cfa8a3602e59c
MIME type:application/x-dosexec
File name:msys-idn2-0.dll
File size:207'760 bytes
SHA256 hash: 7912f8204e5b57fe00d59f9b346fcc04137237c879e0af48d2e6167fc21cb937
MD5 hash: fd464b8caab9e46e6a917f490b6b8643
MIME type:application/x-dosexec
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/7af15e98-f943-4c4c-b0f1-4e55ddb1f338/
Detection(s):
SecuriteInfo.com.W64.Aotera.BF.tr.31811.26727.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a74030002d37d5c98341b2
Tags:
n/a
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/b45dbc4f22f55e981a9e432423d5ebd9f323e05444c15e423ce439f3adf8928e/results/dashboard
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/b45dbc4f22f55e981a9e432423d5ebd9f323e05444c15e423ce439f3adf8928e
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/b45dbc4f22f55e981a9e432423d5ebd9f323e05444c15e423ce439f3adf8928e
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Score:
32%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/b45dbc4f22f55e981a9e432423d5ebd9f323e05444c15e423ce439f3adf8928e
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b45dbc4f22f55e981a9e432423d5ebd9f323e05444c15e423ce439f3adf8928e/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wro3ytzc6vpjqgu6imschvpl3hzshycuitav4qr44q47hlpyskha._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery persistence
Link:
https://tria.ge/reports/260325-hckg2aa19x/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b45dbc4f22f55e981a9e432423d5ebd9f323e05444c15e423ce439f3adf8928e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__MemoryWorkingSet
Create hunting rule
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__ConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerHiding__Thread
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip b45dbc4f22f55e981a9e432423d5ebd9f323e05444c15e423ce439f3adf8928e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3804620/
  
Delivery method
Distributed via web download

Comments