MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c132d2a4a97ba28b95d212d9b4dba6b375fc73a3b52f0a5b72703ee380e29cc8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c132d2a4a97ba28b95d212d9b4dba6b375fc73a3b52f0a5b72703ee380e29cc8
SHA3-384 hash: 000912c4fd518ef82e03e9a728c9de8e2b0708079562a60b07a939295eaf9c365e7ae54cc464419375195598ea97c4e0
SHA1 hash: 92d652114234518adb0fb2703b222ac4c2597718
MD5 hash: 969f966a33a5004dd8db85a49178acf8
humanhash: low-winner-montana-utah
File name:fm_20260415_061303_nView64.dll
Download: download sample
File size:285'696 bytes
First seen:2026-04-16 14:09:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d4a18b7ac717d44bb26aacfab61ef98d
ssdeep 6144:zPK/NMLpWYgeWYg955/155/29rTsmiDR0L5me4ctA9TamyMzF+o4o2:+V6pWYgeWYg955/155/26JDKAtzF+o4o
TLSH T141546B09364BAD72EC736034889B4585E7B53C424BB6C6FB13906B8E5EB77D0E87D212
TrID 33.1% (.EXE) Win64 Executable (generic) (6522/11/2)
25.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.4% (.ICL) Windows Icons Library (generic) (2059/9)
10.3% (.EXE) OS/2 Executable (generic) (2029/13)
10.1% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter abuse_ch
Tags:dll exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
154
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
fm_20260415_061303_nView64.dll
Verdict:
No threats detected
Analysis date:
2026-04-16 14:10:18 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/64a89995-d5d8-4e09-a40e-9f68afe83fa5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/61874/
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69e0edc9f68adfe1003a6f5e
Tags:
dropper virus
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug masquerade microsoft_visual_cc
Link:
https://www.filescan.io/uploads/69e0ede5799d5bf3250283de/reports/26585613-b527-4e31-8ef2-1745517984e5/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/c132d2a4a97ba28b95d212d9b4dba6b375fc73a3b52f0a5b72703ee380e29cc8
Result
Gathering data
Verdict:
Malicious
File Type:
dll x64
First seen:
2026-04-16T07:01:00Z UTC
Last seen:
2026-04-16T09:14:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/c132d2a4a97ba28b95d212d9b4dba6b375fc73a3b52f0a5b72703ee380e29cc8/results?tab=lookup
Malware family:
KONNI
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b437bbc2-c46a-4819-b713-8b66a8ab5639
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1899522
Signature
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1899522 Sample: fm_20260415_061303_nView64.... Startdate: 16/04/2026 Architecture: WINDOWS Score: 56 32 Multi AV Scanner detection for submitted file 2->32 7 loaddll64.exe 1 2->7         started        9 NVDIAControl.exe 2->9         started        11 NVDIAControl.exe 2->11         started        process3 process4 13 rundll32.exe 1 4 7->13         started        18 cmd.exe 1 7->18         started        20 conhost.exe 7->20         started        22 9 other processes 7->22 dnsIp5 30 103.53.80.103, 443, 49692, 49694 NOANPL-ASNETONAIRNETWORKSPVTLTDIN India 13->30 26 C:\ProgramData26VDIAControl\nView64.dll, PE32+ 13->26 dropped 28 C:\ProgramData\...28VDIAControl.exe, PE32+ 13->28 dropped 34 System process connects to network (likely due to code injection or exploit) 13->34 24 rundll32.exe 18->24         started        file6 signatures7 process8
Score:
90%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c132d2a4a97ba28b95d212d9b4dba6b375fc73a3b52f0a5b72703ee380e29cc8
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/969f966a33a5004dd8db85a49178acf8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c132d2a4a97ba28b95d212d9b4dba6b375fc73a3b52f0a5b72703ee380e29cc8/
Verdict:
Malicious
Threat:
Exploit.Win64.Crun
Link:
https://tip.neiki.dev/file/c132d2a4a97ba28b95d212d9b4dba6b375fc73a3b52f0a5b72703ee380e29cc8
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yeznfjfjporixfosclm3jw5gwn27y45dwuxquw3soa7ohahcttea._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260416-rg3zlscy5x/
Unpacked files
SH256 hash:
c132d2a4a97ba28b95d212d9b4dba6b375fc73a3b52f0a5b72703ee380e29cc8
MD5 hash:
969f966a33a5004dd8db85a49178acf8
SHA1 hash:
92d652114234518adb0fb2703b222ac4c2597718
Link:
https://www.unpac.me/results/d51bb878-d105-4833-901f-3aeccff0b758/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c132d2a4a97ba28b95d212d9b4dba6b375fc73a3b52f0a5b72703ee380e29cc8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3823422/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/61874/

Comments