MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd15a99e2357f1f76aeb01af46a0f5e7cd186fb6c3452310c16457bc35a2079c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Rhadamanthys

Vendor detections: 3

Intelligence 3 IOCs YARA 1 File information Comments

SHA256 hash:	bd15a99e2357f1f76aeb01af46a0f5e7cd186fb6c3452310c16457bc35a2079c
SHA3-384 hash:	d0fe2b7fa7ecd418d477db4a48f37c03241ebe3aa07c867dad66f24c0f3e1cbb0e48d60587626816093a33d4796f9d90
SHA1 hash:	a0a4bcfa3c3aa430709ee589a8ad28c32eb8ab83
MD5 hash:	4eaaae0412480a7e57bc5f2435db773e
humanhash:	victor-tennessee-river-fanta
File name:	blackmagic_design_fusion_studio_v20.2.1_(x64)_ _fix.7z
Download:	download sample
Signature	Rhadamanthys Create hunting rule
File size:	15'454'803 bytes
First seen:	2025-10-17 17:38:37 UTC
Last seen:	Never
File type:	7z
MIME type:	application/x-7z-compressed
Note:	This file is a password protected archive. The password is: 2124
ssdeep	393216:5DBNIQBE9M1cH5Yo6KVAHVveeVr4EYFGRwqh:BLI8hxKC1GorvY8yq
TLSH	T1A5F633E4F6D18CABDB09FEAD94DCD5DAACB549E7866227D0BD47381A300E1381B05393
TrID	57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1) 42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Magika	sevenzip
Reporter	aachum
Tags:	144-31-191-201 7z AutoIT CypherIT file-pumped pw-2124 Rhadamanthys

iamaachum

https://media.mydrive112.xyz/Blackmagic_Design_Fusion_Studio_v20.2.1_%28x64%29_%2B_Fix.zip => https://arch2.mydrive112.lat/request/media/[redacted]/Blackmagic_Design_Fusion_Studio_v20.2.1_(x64)_+_Fix.zip

Intelligence

File Origin

# of uploads :

# of downloads :

104

Origin country :

File Archive Information

This file is a password protected archive. The password is: 2124

This file archive contains 1 file(s), sorted by their relevance:

File name:	blackmagic_design_fusion_studio_v20.2.1_(x64)_ _fix.exe
Pumped file	This file is pumped. MalwareBazaar has de-pumped it.
File size:	862'568'457 bytes
SHA256 hash:	55af639796d159da283e197a6bcc98ac64b6e78f3a862d510fc46cf06226e317
MD5 hash:	50a0f1a79534f0fdcb42f23d6144a814
De-pumped file size:	1'687'040 bytes (Vs. original size of 862'568'457 bytes)
De-pumped SHA256 hash:	3bacd9c91287fed6490b9c85a293b8b531339c320d79f6ecda28bf74fb563444
De-pumped MD5 hash:	675ceff3331f925e6051a8fddeabfe7e
MIME type:	application/x-dosexec
Signature	Rhadamanthys

Vendor Threat Intelligence

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68f27f660cffb3244298ef08

Tags:

n/a

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/bd15a99e2357f1f76aeb01af46a0f5e7cd186fb6c3452310c16457bc35a2079c

Verdict:

Unknown

File Type:

Link:

https://opentip.kaspersky.com/bd15a99e2357f1f76aeb01af46a0f5e7cd186fb6c3452310c16457bc35a2079c/results?tab=lookup

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bd15a99e2357f1f76aeb01af46a0f5e7cd186fb6c3452310c16457bc35a2079c/

Threat name:

Binary.Trojan.Generic

Status:

Suspicious

First seen:

2025-10-17 17:54:26 UTC

File Type:

Binary (Archive)

AV detection:

2 of 24 (8.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xuk2thrdk7y7o2xlagxunihv47grq35wyncsgegbmrl3ynnca6oa._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/bd15a99e2357f1f76aeb01af46a0f5e7cd186fb6c3452310c16457bc35a2079c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.