MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 c41efac9ff751941dcb6997a73a45ca7cde3ac4f3e5bfb6da0add62d81167a12. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 4
| SHA256 hash: | c41efac9ff751941dcb6997a73a45ca7cde3ac4f3e5bfb6da0add62d81167a12 |
|---|---|
| SHA3-384 hash: | d6a9dfc7ea956d20269f3ad6fcba781e3e8e0e67b6d6a8141d5c41ef3a48b132ce0bdfb85dc6b6c66b86d02925eaa1f1 |
| SHA1 hash: | ba24e5198143826c382e60c4c87cc5ec838e346b |
| MD5 hash: | 27f0fb1c153957bae1ebb83d5bbaf4fd |
| humanhash: | eight-orange-emma-arkansas |
| File name: | Vidpovid_MO_DepZvern_Zg-109432_vikh-220-4512_vid_12_07_2026_Kvalifikovanyi_Elektronnyi_Pidpys.exe |
| Download: | download sample |
| File size: | 95'744 bytes |
| First seen: | 2026-07-12 11:20:27 UTC |
| Last seen: | Never |
| File type: | |
| MIME type: | application/x-dosexec |
| imphash | c49c984c1a82dcf3cab82402d603845f |
| ssdeep | 1536:TkInxNbbNaBvYntBMNtUXoNdR0BercFt5q4JGzf2WWOORQNU2acuVaG0H:IInxNbbovYnteYodR0Qrcj5N2GFQNUlI |
| TLSH | T1B5936D07F2988078C04DC2BDC78AA533B276B8865923B79F2BD41A513EB6F586F0D745 |
| TrID | 33.1% (.EXE) Win64 Executable (generic) (6522/11/2) 25.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 10.4% (.ICL) Windows Icons Library (generic) (2059/9) 10.3% (.EXE) OS/2 Executable (generic) (2029/13) 10.1% (.EXE) Generic Win/DOS Executable (2002/3) |
| Magika | pebin |
| Reporter | |
| Tags: | exe malspam trojan Ukraine |
NoNameABC
Malspam targeting Ukraine, impersonating the "Department for Citizen Inquiries of the Ministry of Defense of Ukraine" (Міністерство оборони України). The email is sent via russvidetelstva99.online infrastructure spoofing reply@gov.medmam.online. The included link points to a compromised WordPress site (touchcar.com.ua), which redirects to LimeWire hosting a malicious ZIP archive (Vidpovid_MO_DepZvern_...) containing an executable payload.Photo of a letter: https://ibb.co/DyJPvwz
Intelligence
File Origin
# of uploads :
1
# of downloads :
194
Origin country :
UAVendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
exe
Verdict:
No threats detected
Analysis date:
2026-07-12 11:21:38 UTC
Tags:
n/a
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Verdict:
Clean
Score:
99.9%
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:
Behaviour
Connection attempt
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
5/10
Confidence:
100%
Tags:
packed
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Verdict:
Clean
File Type:
exe x64
First seen:
2026-07-12T03:27:00Z UTC
Last seen:
2026-07-12T04:42:00Z UTC
Hits:
~10
Verdict:
Suspicious
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Detection(s):
Suspicious file
Unpacked files
SH256 hash:
c41efac9ff751941dcb6997a73a45ca7cde3ac4f3e5bfb6da0add62d81167a12
MD5 hash:
27f0fb1c153957bae1ebb83d5bbaf4fd
SHA1 hash:
ba24e5198143826c382e60c4c87cc5ec838e346b
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Distributed via e-mail link
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.