MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5dcd9df73a6df47ec811ec12d6aedf91bf76f296efda5448ac6a8079e583aad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments

SHA256 hash: c5dcd9df73a6df47ec811ec12d6aedf91bf76f296efda5448ac6a8079e583aad
SHA3-384 hash: e8135cb7e5181d9d9b95fd910b16d902328d2af82fd99f725dc0e81b19d689390c31b079a61ab9da29e1124cd145c234
SHA1 hash: 523fac570c7a2f146abc0f12a39f0f59dce0929d
MD5 hash: 5b02bb32d68183ab3ae878fe26833ce6
humanhash: gee-triple-table-potato
File name:FISCALIZED INVOICES.lnk
Download: download sample
File size:862 bytes
First seen:2026-06-22 15:22:19 UTC
Last seen:Never
File type:Shortcut (lnk) lnk
MIME type:application/x-ms-shortcut
ssdeep 24:8sV9vm4xqqKwrARIk0Kk0+np7iCqfmrM:8sVBm4xqqkRIEwnp7itfmM
TLSH T19811F4151EAF1B40C15D4A356577B2B2CF237A527207960EC5641C0B2CB5D047F7AB67
Magika lnk
Reporter abuse_ch
Tags:lnk

Intelligence


File Origin
# of uploads :
1
# of downloads :
60
Origin country :
SE SE
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade
Result
Threat name:
n/a
Detection:
unknown
Classification:
n/a
Score:
0 / 100
Behaviour
Behavior Graph:
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
LNK
Threat name:
Binary.Trojan.Generic
Status:
Suspicious
First seen:
2026-06-22 02:37:54 UTC
File Type:
Binary
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
adware persistence ransomware spyware
Behaviour
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Enumerates physical storage devices
Enumerates connected drives
Boot or Logon Autostart Execution: Active Setup
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments