MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b55744aae0b02269036f9c4d21a363fdc82409bbd3c462c8b2bc179574f64bbc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b55744aae0b02269036f9c4d21a363fdc82409bbd3c462c8b2bc179574f64bbc
SHA3-384 hash: 4ea2a10b6b1ec67dc6f58cff6aae6a4b06a7de8a9e754b2d5909ff475246cec9a3ca62e6c01e64514ba9fb75bd221f98
SHA1 hash: b26953598193f64ff858a04abbf7ec4979864976
MD5 hash: 341c4b1df4b7766c171d3af33ada98bb
humanhash: blossom-october-twenty-wolfram
File name:_1_b_5_b55744aae0b02269036f9c4d21a363fdc82409bbd3c462c8b2bc179574f64bbc.file
Download: download sample
File size:292'872 bytes
First seen:2026-04-28 10:26:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 91757dd152f1f40c06d2b568f2fd94bf
ssdeep 3072:RCYgNdy9H1FGkuU0DTPgjaiiZ6E3MJ4rywmmjNbplbo26XPbrj2v2XM5twD:6I51FGJdPgja1s8lpl77vDt8
TLSH T17454E801E20551B7EDD78F3C85730ED2DF3639027F50A88E134C2D6B5E6BEA7859AA81
TrID 37.0% (.EXE) Win64 Executable (generic) (6522/11/2)
28.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.5% (.EXE) OS/2 Executable (generic) (2029/13)
11.3% (.EXE) Generic Win/DOS Executable (2002/3)
11.3% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
dhash icon 64e4d4d4ecf4dcd4
Reporter SquiblydooBlog
Tags:exe signed

Code Signing Certificate

Organisation:Xiamen Chike Network Technology Co., Ltd.
Issuer:Sectigo Public Code Signing CA EV R36
Algorithm:sha256WithRSAEncryption
Valid from:2026-02-04T00:00:00Z
Valid to:2027-02-04T23:59:59Z
Serial number: 82faaa1d55081c3ded58ae3311d04f55
Cert Graveyard Blocklist:This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:SHA256
Thumbprint: e1f64e25a5f8183a0d9c66aea43a79f0c995f91b7f64ec2832d263e910bc6af9
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
_1_b_5_b55744aae0b02269036f9c4d21a363fdc82409bbd3c462c8b2bc179574f64bbc.file
Verdict:
No threats detected
Analysis date:
2026-04-27 20:11:12 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/08cc9cb2-a496-433e-9c5e-11652d75022e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/63856/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug anti-vm installer-heuristic masquerade microsoft_visual_cc signed
Link:
https://www.filescan.io/uploads/69f08b568a82359247b74080/reports/fe41609a-2d87-4c9a-b3ec-9a104e73474c/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/b55744aae0b02269036f9c4d21a363fdc82409bbd3c462c8b2bc179574f64bbc
Verdict:
Clean
File Type:
exe x64
Link:
https://opentip.kaspersky.com/b55744aae0b02269036f9c4d21a363fdc82409bbd3c462c8b2bc179574f64bbc/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/1a40acb4-423b-4480-a264-0a37d60c2800
Score:
40%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/b55744aae0b02269036f9c4d21a363fdc82409bbd3c462c8b2bc179574f64bbc
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b55744aae0b02269036f9c4d21a363fdc82409bbd3c462c8b2bc179574f64bbc/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/b55744aae0b02269036f9c4d21a363fdc82409bbd3c462c8b2bc179574f64bbc
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wvlujkxawargsa3ptrgsdi3d7xecicn32pcgfsfsxqlzk5hwjo6a._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/260428-mgr5wsgt51/
Unpacked files
SH256 hash:
b55744aae0b02269036f9c4d21a363fdc82409bbd3c462c8b2bc179574f64bbc
MD5 hash:
341c4b1df4b7766c171d3af33ada98bb
SHA1 hash:
b26953598193f64ff858a04abbf7ec4979864976
Link:
https://www.unpac.me/results/c7cea917-a39b-49ec-9435-4d9cabada87d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b55744aae0b02269036f9c4d21a363fdc82409bbd3c462c8b2bc179574f64bbc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/63856/

Comments