MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbef76d89b62bc8fcb0eb0c762d1d378e3e38bc8efc46ca4bdd189f3e87feb55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash:	bbef76d89b62bc8fcb0eb0c762d1d378e3e38bc8efc46ca4bdd189f3e87feb55
SHA3-384 hash:	bc6a15660497c7dd4110d66c134cc8f19fd85d6fe5882d43a3d26959d76a2ee1d0fcec430f786b7779990a6268e9d5bf
SHA1 hash:	d972957ec8c08e2a50759a9579b52e7c163bf778
MD5 hash:	71ee34f6c4f5294f0f3f10e84e3ff5c5
humanhash:	december-oxygen-nuts-enemy
File name:	Aura.exe
Download:	download sample
File size:	7'558'144 bytes
First seen:	2026-05-04 20:39:21 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f3201d8cf27e3b4846984664d5bfd984
ssdeep	196608:d9qfrdOOJB0qaL9dND/CyLhIAOkS1ITnh1N1dUdC0xBHec39k:PSOykLdD/HDlS1InNLGx
TLSH	T17D762345B684C6F8C48B56F42F0111DE748E369A84FD4A2E3ECA9C12F5B1DAC447F7A2
TrID	37.0% (.EXE) Win64 Executable (generic) (6522/11/2) 28.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 11.5% (.EXE) OS/2 Executable (generic) (2029/13) 11.3% (.EXE) Generic Win/DOS Executable (2002/3) 11.3% (.EXE) DOS Executable (generic) (2000/1)
Magika	pebin
Reporter	burger
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

122

Origin country :

Vendor Threat Intelligence

Gathering data

Malware family:

n/a

ID:

File name:

Aura.exe

Verdict:

No threats detected

Analysis date:

2026-05-04 20:39:15 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/dd3b0066-b551-4880-a460-c54d2a0f40e5

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/64511/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

microsoft_visual_cc obfuscated packed packed vmprotect

Link:

https://www.filescan.io/uploads/69f9043a7d31ad7bba4e3ebd/reports/41ea4867-aea4-463f-81ae-2780c866c7bf/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/bbef76d89b62bc8fcb0eb0c762d1d378e3e38bc8efc46ca4bdd189f3e87feb55

Result

Gathering data

Verdict:

Unknown

File Type:

exe x64

Link:

https://opentip.kaspersky.com/bbef76d89b62bc8fcb0eb0c762d1d378e3e38bc8efc46ca4bdd189f3e87feb55/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/1718b7ab-4259-4ab4-adac-4a3326950d58

Result

Threat name:

n/a

Detection:

malicious

Classification:

troj.expl.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1908352

Signature

Allocates memory in foreign processes

Changes memory attributes in foreign processes to executable or writable

Connects to many ports of the same IP (likely port scanning)

Creates a thread in another existing process (thread injection)

Found direct / indirect Syscall (likely to bypass EDR)

Hijacks the control flow in another process

Injects a PE file into a foreign processes

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Unusual module load detection (module proxying)

Uses known network protocols on non-standard ports

Writes to foreign memory regions

Yara detected UAC Bypass using CMSTP

Behaviour

Behavior Graph:

Download SVG

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/bbef76d89b62bc8fcb0eb0c762d1d378e3e38bc8efc46ca4bdd189f3e87feb55

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/71ee34f6c4f5294f0f3f10e84e3ff5c5

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bbef76d89b62bc8fcb0eb0c762d1d378e3e38bc8efc46ca4bdd189f3e87feb55/

Verdict:

Malicious

Link:

https://tip.neiki.dev/file/bbef76d89b62bc8fcb0eb0c762d1d378e3e38bc8efc46ca4bdd189f3e87feb55

Threat name:

Win64.Malware.Generic

Status:

Suspicious

First seen:

2026-05-04 04:14:27 UTC

File Type:

PE+ (Exe)

AV detection:

11 of 24 (45.83%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xpxxnwe3mk6i7syowddwfuotpdr6hc6i57cgzjf52ge7h2d75nkq._file

Result

Malware family:

n/a

Score:

4/10

Tags:

n/a

Link:

https://tria.ge/reports/260504-zf13macv2y/

Behaviour

Checks for VirtualBox DLLs, possible anti-VM trick

Unpacked files

SH256 hash:

bbef76d89b62bc8fcb0eb0c762d1d378e3e38bc8efc46ca4bdd189f3e87feb55

MD5 hash:

71ee34f6c4f5294f0f3f10e84e3ff5c5

SHA1 hash:

d972957ec8c08e2a50759a9579b52e7c163bf778

Link:

https://www.unpac.me/results/8443ee6d-b9e3-471c-9203-6b2d9aa8c712/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	pe_detect_tls_callbacks Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/64511/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample