MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4e27af0caf72026adc98fa65d34d5fe22882b2c3b36291f39fb2c69b3183efc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4e27af0caf72026adc98fa65d34d5fe22882b2c3b36291f39fb2c69b3183efc
SHA3-384 hash: 8bb98de5717d1813a1c474b81686d0865b6638446dd9424c6801644c290fce154552badae9d5e1b5f93ab2f496475de2
SHA1 hash: 04500479b9e6cdfbaf431634cfbfd496214c80ca
MD5 hash: 05fe4ab617fb8a0e6df903e14b3312c9
humanhash: uniform-avocado-music-video
File name:hnygsf.exe
Download: download sample
File size:11'376'672 bytes
First seen:2025-02-12 21:18:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a8308de57fce070f4cb88c7f43bf4b27 (1 x zgRAT)
ssdeep 98304:sbDOHTscod5DBasbk1mvGWD3vOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTlW:sbDascFsbk1mvG6ObAbN0l
TLSH T1D1B66CC567EC2A35E3BB4B359970721E04367C2EA901D79F0B85BA1D2672280CDF1B67
TrID 49.2% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
26.6% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
8.9% (.EXE) Win64 Executable (generic) (10522/11/4)
4.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
3.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
File icon (PE):PE icon
dhash icon f67ffeff7fff7fae (2 x XWorm, 1 x SalatStealer)
Reporter aachum
Tags:exe


Avatar
iamaachum
https://github.com/temperloin/Figvam/raw/refs/heads/main/hnygsf.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
433
Origin country :
ES ES
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Bloxstrap.exe
Verdict:
No threats detected
Analysis date:
2025-01-22 00:38:46 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/248f0c7a-4637-4216-b8b0-fcfa333688c8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67ad10584f5583c4c4d884ae
Tags:
vmdetect autorun
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm cmd dotnet explorer fingerprint fingerprint lolbin macros-on-close microsoft_visual_cc obfuscated overlay packed packer_detected rundll32
Link:
https://www.filescan.io/uploads/67ad105041f6d21e6a3a575e/reports/75d0647c-ebd6-4956-8280-675b44616f11/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/b4e27af0caf72026adc98fa65d34d5fe22882b2c3b36291f39fb2c69b3183efc
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/58f76d33-09c9-4de6-a757-0bc5777a6454
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
5 / 100
Link:
https://www.joesandbox.com/analysis/1613721
Behaviour
Behavior Graph:
n/a
Score:
76%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/b4e27af0caf72026adc98fa65d34d5fe22882b2c3b36291f39fb2c69b3183efc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4e27af0caf72026adc98fa65d34d5fe22882b2c3b36291f39fb2c69b3183efc/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wtrhv4gk64qcnlojr6tf2ngv7yriqkzmhm3cshzz7mwgtmyyh36a._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/250212-z585jaykck/
Behaviour
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
System Time Discovery
Checks computer location settings
Downloads MZ/PE file
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/19468f0e-8fb0-4c32-92cd-c813ac243781
Unpacked files
SH256 hash:
b4e27af0caf72026adc98fa65d34d5fe22882b2c3b36291f39fb2c69b3183efc
MD5 hash:
05fe4ab617fb8a0e6df903e14b3312c9
SHA1 hash:
04500479b9e6cdfbaf431634cfbfd496214c80ca
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
8081f861f1114a18cc5639fbdfc5b20ce59234f7cddc5ba76cd8d43588d2ad4b
MD5 hash:
940d14fc6c5c1e309572e175b993be15
SHA1 hash:
26ba2fc6a6772437f01adbba2fb4b23fc1f5b5cc
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
0abda30ffcd78f9372177ab06e72fa8a3ab78ff5f788a9b14c7a1ef75d4fe0a7
MD5 hash:
521e7c8c9aaa87d3e28812a6f8b64115
SHA1 hash:
a5e75dd09fa35fce18ec1cb497ee86e994eef2c9
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
f858dc3e95aae2fd1a796dea0c0e5933bc5ce90ad9d7335552d5fce64ec3c6fc
MD5 hash:
3190a65741638ced920e53950e59266b
SHA1 hash:
deea7db735759c78736f4cccc172f2026ae021d3
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
d543c37734258e4105213879885b3fc1f0fe8696e587da67f18b21b95726578d
MD5 hash:
b299284e20e1691d7e99b45daa4aef46
SHA1 hash:
213fd9e663c7e9e2b64705d2660c6c91cacc3cf6
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
6128d85b5acccbcdc7a6370ef6ddafdb3915518d51721a25337c5fd017f56041
MD5 hash:
1dba55c71fc8fc7237d0289977044ca5
SHA1 hash:
659f3c3f42e02cd23f3c88371bcf0b8688610380
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
a8bc69c7ee2973b3e54000f7e6ccdca6841f638659f12bc545f8df2c69d05fb8
MD5 hash:
33398379056769c17ed40df44b73b0f3
SHA1 hash:
b12b698ceab7fd66281562416d88c5f520139eba
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
bdd617b0e16ced04ded1e355334756e5d303f350068b98d09e314ff21e499eff
MD5 hash:
1aec962a9d749bab2debcc328afb2161
SHA1 hash:
86b784d8b2220f8fd22e98633c16d744094a1ef1
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
60b041edbe712bd2b3dcd4e3a197a547ff4d03c827aea3afa2f9bbf6bd9784be
MD5 hash:
672f223f4ea03e20816c8df6de80cca7
SHA1 hash:
fa68ed709a67da096f95a4e44ae623ce3ee2b55d
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
6c3176995d4abb6169a45273eebf086260dd264be18ae2205afbd9262b176b49
MD5 hash:
d7fafbcbe93902c424b94eeac85a80b7
SHA1 hash:
0cb9468c311de75ca765c19aaadf4b815e859cfa
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
ebd1e167ce1568672908dd363124fba6076c631b106d3602c3e2b5597c587369
MD5 hash:
00d0f331c79d0e7d03ca3290b95d4411
SHA1 hash:
89af0a6cf063f5c830fd61802556d0a3ae806177
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
0e6bf944c4c9ad530feff884e85a62b1526c0c93bb5b4f468064d0182743ffd4
MD5 hash:
32b3bf6356fca38ef02cfefaa204fcfc
SHA1 hash:
06a6cee561b23fc64c20db90ec09be16433a1f7b
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
d1629c4343611b2ecae7d98189ce68d8d54d44ac41f43ca72c47b6d1354492da
MD5 hash:
ea3b4103da059691c8eae055ca8beece
SHA1 hash:
dd8394f03424f4a1b36bcbe7372cfc008cad5d32
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
485ef73b2d529fe1914329f93d0d3f4599070d0faae3b02723710a40d9b8d741
MD5 hash:
6f94a1721595c09166bcfbb3e72d1a19
SHA1 hash:
7aa49fd25911294ad7fcbad609c4597478b28463
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
1788420bb7ca06d7117f0c7741cc3ac7e89eef9ebe4286049474d1b5b2253ea3
MD5 hash:
29872061c5adfac042355b960bb7f029
SHA1 hash:
09b3afd3cca0661bea4e098043649567d132bf06
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
fd2eee0d5af3b1bd6525a031cc9683c9da132954979b8d3e6f2a696733aa94e4
MD5 hash:
71e31435a884a319ce69bd193ed97c63
SHA1 hash:
4f077199762dab3b09cb2ee3e7952c2875e20fdb
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
26e338e72a958e60404fd92683988f198fcc6c671972ca8ea95eed0524ac4ae7
MD5 hash:
2cb3f3951c54f975f36c8cab7568d733
SHA1 hash:
341eef2f31e8fce71a492fe4ba31c5fbdfc1632a
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
d8a35ed261ac41b2b2e6a1b763b31628b51b6b378d8411f9cc7e7b6bc1bb01e4
MD5 hash:
32554a84e7614340449023eb67512034
SHA1 hash:
27e42371fb240e709342e75e5b9bdee3e94d2ca0
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
397957e91891835c15d1425d3eec2e23cb84f41575980ee02f77e968799df821
MD5 hash:
9426525831ce30fb91e4461589cd7aeb
SHA1 hash:
1209ac6b5baf4125838353daf7ed20368f29d462
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
8f5b5d9afaf049ec159d0655da9715dd9efda989fb677e54e2d0bf468fffddf2
MD5 hash:
a7885024e3063e010bdc5897f2981da0
SHA1 hash:
512f71589cb9bb188bca669013c9408b1df6b93e
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
6fede8aa9e86794f2da64dd65b1317df244e620cf36f6500f78be39d32dcbf2d
MD5 hash:
fdeb04d51b8cadc192f4d6597cf8aa84
SHA1 hash:
e4adcc71486d9d8f9c36ebe3ef75c6398d54a926
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
c792c2db158cde6f13c55f6c8f6122947668746f18b7a9a2715c7c684760cb7b
MD5 hash:
991d202d3ce1c5467f83460581c2782c
SHA1 hash:
7a60c956d3b8b30010e7bf01e593ffef63e9ed64
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
94f0e18b28f41a21f024d6d51d06a7e6e28e93b7dd1f5f5e962ebe228ab0a144
MD5 hash:
4dc5fe3de71e4bc8b23251603bd956ff
SHA1 hash:
fd6d71dd10407422b35036f94bfadb4118e55f90
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
5876f3c668b7b334fb15be6db923f287bdc2248070583d77dbbb0a091198a1f4
MD5 hash:
ed2ae357f877f8ba948e870e306721ac
SHA1 hash:
934e3f2b5b2bc9fd5d0bf7d5088039c7ceeb6994
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
e4726f5ea831445ff6adb3def8e30ad04c67ccfd3bb2d6e4d79cc894b85925f9
MD5 hash:
7ca75a84cc3ac4248d246ccd181b231c
SHA1 hash:
97b92c55353795e65ad4504048f1c9fd5ba4ebff
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
25506a77321197e042e92976ae549dd4f757d64c220c83cd97c6d34331e36b77
MD5 hash:
bd5580c8cdb291aca7a755687612db0a
SHA1 hash:
6fa3ddf28a451a93011c0552d3c1fcd9c87d023f
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
e52bdc6aad8a4c9d409e8c7be9a77acc8928196079bf6f000994852e0a2524a6
MD5 hash:
d74fc1f7c1bb0451590dbfd84a4b13f1
SHA1 hash:
49c494656d46db25a6248bb66ef99b112303477e
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
4e9b3bb06d26f0cf1d9163b632e6b49bc2c19fe0fa3f2cd89b6f03433ca4eec8
MD5 hash:
9b5fbd993603a12556f9a5b6175832bd
SHA1 hash:
45a28ae0037a527eb88cf6f287d9b3e58dd615fe
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
ace9b1733592dc555d8d64d866d601e296303d33d283603db9ae58b13e0feea5
MD5 hash:
da0a8dbc0d2e2bff5084da5c9109de53
SHA1 hash:
fc5123cc87cdc4856fc7dd6dd09ff608fd5ca43b
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
a50649c6715bca065a739383dae2dbdc8953dad8e73e6e4a8d1baf8bddddc628
MD5 hash:
440010f170f009c11070150ae1e662f4
SHA1 hash:
b5b10f50c6ca77197a0c463f3144c4a23ec5a3dd
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
734b5135e5a77d423282930761d4254c6ae0dd93f3e57c884c13290cf38c3672
MD5 hash:
7a04e8a40deb2d0c60a9639f1271cbc0
SHA1 hash:
182c073471c0f16b00a20089a9f026672ed5e777
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
1d51d522fa8a561211655005de0bdad4d447aec8b427ea02f82ce9bdaad6c373
MD5 hash:
1887d2c0af80f9efb087d94abb218ad6
SHA1 hash:
7d030d1b5c34b25619174cb187ae9ea74be4b16b
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
a2ab2e94556733b0bb8a56c7f79e8ea0a363f984c49a0ae757e329a273a45774
MD5 hash:
d6f719a63d795a3cfac0d85815d472f1
SHA1 hash:
30f53c8cfa0132c2f4e85a5b0965e0d17fab6fe6
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
4dd4d48e0681604e3a7a72b6eae42173421d0b806b1af8fa03b45d9999978499
MD5 hash:
c6115a08c8e50dac0194fb98d3edc9d2
SHA1 hash:
903da7fb7ad47b7ad8eb5984ed54a865f6148744
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
6a05681f4b334c861d554732d4cef809e07efd2bc8cb05fbf80cfe32f537b135
MD5 hash:
27bf6c44584b98e0b04584c71c7a4772
SHA1 hash:
96f988b31f58ddc963bc49faa833cf32e1bb2504
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
MD5 hash:
916d32b899f1bc23b209648d007b99fd
SHA1 hash:
e3673d05d46f29e68241d4536bddf18cdd0a913d
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
3459f3016e6b6be94ff23112015b69facea5aacfd97b2afa7f4340108972e602
MD5 hash:
b631c32acf7233137d43f494528eddce
SHA1 hash:
0ee2e98018ba7bd89472241136027575ba40fb75
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
60232daedb5460d47c519157e9d18ba993de95d7a9c141453d4ba282a82053ff
MD5 hash:
633606b7ebd30e2dbe9bf1689d2840cf
SHA1 hash:
23c11dddb887ea3c48ac124eae1a3ee5e37850d6
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
32ea2d0ce3512e74f1c7ad82591fe67e6b8939d76a8a4ff9c93ead030131e71c
MD5 hash:
900bf2b7812788efb97eb6b1b63814a0
SHA1 hash:
f77f5a3f19f1ea332384517400684e5c2365e14a
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
SH256 hash:
548f180ce62234b9b26db8ffe97a59e919fc49298c9367d5597a51059fa37322
MD5 hash:
172fe82fe0ecdb5f69b179ff91531e2c
SHA1 hash:
fd63ce36e629fe036ed7a440ed50aeb7bb6bcc9f
Link:
https://www.unpac.me/results/01cd7f9d-cdd7-4323-98b9-47d95d1e705e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b4e27af0caf72026adc98fa65d34d5fe22882b2c3b36291f39fb2c69b3183efc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:dsc
Create hunting rule
Author:Aaron DeVera
Description:Discord domains
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:grakate_stealer_nov_2021
Create hunting rule
Rule name:Jupyter_infostealer
Create hunting rule
Author:CD_R0M_
Description:Rule for Jupyter Infostealer/Solarmarker malware from september 2021-December 2022
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETDLLMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b4e27af0caf72026adc98fa65d34d5fe22882b2c3b36291f39fb2c69b3183efc

(this sample)

  
Link
https://tria.ge/250212-zy3zyayme1/behavioral5
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3438224/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (FORCE_INTEGRITY)high
Reviews
IDCapabilitiesEvidence
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteW
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegGetValueW
ADVAPI32.dll::RegOpenKeyExW

Comments