MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c88a22dae5d5564a33736d8cd43835eb46153bafe47fc6e8c267c3b89d4abf04. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c88a22dae5d5564a33736d8cd43835eb46153bafe47fc6e8c267c3b89d4abf04
SHA3-384 hash: 35cd0ad185e861aea31dbba799dd5035751688ab060b06205f341431ea974156385b0388b07b7670d420cc681ffc9487
SHA1 hash: 978e0e530fdd4d2a259dbaf20118a323c6ed70ea
MD5 hash: 0807ea8b2645440f7ca1e42ec1e69cc2
humanhash: music-moon-king-potato
File name:freesofts-tech.zip
Download: download sample
File size:37'761'614 bytes
First seen:2022-12-08 01:28:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 786432:J1cEJ9sMpM2WGlvRp0gxFtUXNc1O3G68Ied13r810i/RFxJpvK5q:Pb6P63HENpG3r8ThvK5q
TLSH T16687338FD0FF3633D02F921A24F664624F8B05A3F7B1B8E150E5425265E61A271DFE92
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter l205306
Tags:fakecrack freesofts-tech zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
52'972
Origin country :
n/a
File Archive Information

This file archive contains 41 file(s), sorted by their relevance:

File name:EditorLogic.dll
File size:9'818'736 bytes
SHA256 hash: 5bb5a5df81a099dab1bfa1b77900cf63f5ffb7207402a1bb217a8103a05893ec
MD5 hash: 729a1b198774552bbb368a52813b2238
MIME type:application/x-dosexec
File name:EditorAppLogic.dll
File size:2'519'152 bytes
SHA256 hash: 33f8036f39c67ab06b418a51edd11f77f83b7cdd22b56023f34fc5cc5ad4b600
MD5 hash: dcc737173d5d26ab393228596f27b2de
MIME type:application/x-dosexec
File name:Qt5XmlPatterns.dll
File size:2'701'424 bytes
SHA256 hash: 0ffd4205388ea8c056f1fd238edb7bc742c2445391d83db72ae4adbb3d39728b
MD5 hash: 298cff67ff553885649a75ad33f85c28
MIME type:application/x-dosexec
File name:1M751QGRLT2QHBOETPJS57BBBGTMGAT2
File size:359'978 bytes
SHA256 hash: 59daaf278b1fda679000e6ec96bac4f53aa4509fa4bdf01242915190761da957
MD5 hash: bdfe79afd9c2eea9db6cb43404efd10f
MIME type:application/octet-stream
File name:qmlsettingsplugin.dll
File size:46'192 bytes
SHA256 hash: c422c7c3d7ba33ee842194711eb3b4bc43946e21a9aa2cc5f01644b3367ecbee
MD5 hash: 02bdce05f3d145279eb8b6c79376e915
MIME type:application/x-dosexec
File name:Qt5Widgets.dll
File size:5'539'952 bytes
SHA256 hash: f7bd1061f5b4a2cab6da636d9cd1a3fab4eefacf61e9f6dc8fea82f0f0d38d8a
MD5 hash: c6bb3acc22273682b38711e10ffce32c
MIME type:application/x-dosexec
File name:boost_chrono-mt-x64.dll
File size:42'608 bytes
SHA256 hash: 495725cc17938aa2528cb9ea4419de2e59d4470099db75cb8c78e6e46bc9401a
MD5 hash: 805fa1a0af4b64ea60cdfd646a968220
MIME type:application/x-dosexec
File name:BitStreamFilterFF.dll
File size:321'648 bytes
SHA256 hash: 220759310e83e29fb652229acd925a9ab99907e20f2b527a21e3834fd6afd728
MD5 hash: 2d0f6b7354e9309aa84dcae79badf93a
MIME type:application/x-dosexec
File name:Qt5Gui.dll
File size:6'834'800 bytes
SHA256 hash: 33cf6c24c8dee7a7e11c8897d4a3cde20b991f31148e763de492f002be061d3f
MD5 hash: 79f39ff9d67825ab67d8c7a665ce5f11
MIME type:application/x-dosexec
File name:boost_filesystem-mt-x64.dll
File size:127'088 bytes
SHA256 hash: c963b0db5605359b08c97c3945c90080f77a6c5ca68d845b17d504c4c4b88c09
MD5 hash: d9de763c5e44f58e061cb99ca1bae70d
MIME type:application/x-dosexec
File name:Qt5Quick.dll
File size:4'170'864 bytes
SHA256 hash: 2a3e042a30b37d129cee754219cd1532f1a83944460b1988916be1f6385aaabc
MD5 hash: 2397b9b29a57597d124dfafb2273e297
MIME type:application/x-dosexec
File name:avdevice.dll
File size:107'120 bytes
SHA256 hash: ad6e360ea31d23286cfb59c8b136c6bded3cc7a3c9135588bd891041229d3afa
MD5 hash: 4214a0af7578dba19b0cb7abe318bd5a
MIME type:application/x-dosexec
File name:updater.ini
File size:3'824'621 bytes
SHA256 hash: 2096cacb59cb1bcf9605e4d6897e02007e06f2cf1ace4cda961c0ae2b57fc8aa
MD5 hash: 971543b2412541a890ec173524db2ccf
MIME type:application/octet-stream
File name:avfilter.dll
File size:2'651'248 bytes
SHA256 hash: 8ca0629415028d278d8369c496d3f8d9bd63bc08762f3cbe0099785315bdd1e3
MD5 hash: 2702d82b46a674ba0cf141991080539f
MIME type:application/x-dosexec
File name:boost_locale-mt-x64.dll
File size:1'398'384 bytes
SHA256 hash: 36b0ddbace63695471355fd7fcc73fe4c48032c71d058d302037477ceb9c1af6
MD5 hash: e42c17d0cee1262b9844b48e2f8e7690
MIME type:application/x-dosexec
File name:1MCU0VQVP07FCEH69CLFVRTRTJSHOJE1
File size:22'720 bytes
SHA256 hash: 0582ccd0e6af41f594ff578d1de2c62f6641cfa1895a7420db001334e4c560ac
MD5 hash: 1fa091a1bdd9d508d887961d50ab07f8
MIME type:application/x-dosexec
File name:avformat.dll
File size:2'325'104 bytes
SHA256 hash: c8bf3ec665ea70696dd91e878253cd55d9da01b175cb0816c3cb771471b1593e
MD5 hash: 3e8e92df232b0548444eeda0357c717c
MIME type:application/x-dosexec
File name:1NAP5N703H4TE7LSLACS51K65VVAV1SN
File size:51'904 bytes
SHA256 hash: fb1f0f8b6ebf5f4f950c8c9e4b49a2a430bfe312925306990db887cffad48077
MD5 hash: 525a1f32ab03afa0cd19e025ff3e5637
MIME type:application/x-dosexec
File name:ExivMetadata.dll
File size:2'780'272 bytes
SHA256 hash: beda50671ad562483296af9bb1b37f8ccbaeb211a5bf6a092e56e9195d937635
MD5 hash: 2ae5b957178fa3af92e2ec1c18c2e8d7
MIME type:application/x-dosexec
File name:xerces-c_3_2.dll
File size:2'795'120 bytes
SHA256 hash: f1e18160dd3fff650fd0033d9963e6b8c66167b0f379089887e0e72ab685bb1a
MD5 hash: c92672c451e8bbc603414552fee7c3d9
MIME type:application/x-dosexec
File name:avresample.dll
File size:170'608 bytes
SHA256 hash: b72e095e167ab8b2c3f3519c8a750325f1d94f794d0a4f872ed4a2729232e4a6
MD5 hash: 4e45d073670271c10608a6ff64c0e6be
MIME type:application/x-dosexec
File name:1OLMJ795G79GF11HTCN418KQ2FSCBBD3
File size:66'758 bytes
SHA256 hash: f1381685283155599f3d546ec372a6246b3295a6fb226f102706f33ad4bb8fc7
MD5 hash: c386ccc843f48fdbf5f7f9fa9ec0ee83
MIME type:application/octet-stream
File name:avutil.dll
File size:509'040 bytes
SHA256 hash: 404ab14f21ee665b0942867124bbe36c3691abe8dfe4d630c3c58923e82c21b8
MD5 hash: 179fa8095e3201ea17f43779cc325de1
MIME type:application/x-dosexec
File name:libGLESv2.dll
File size:7'111'378 bytes
SHA256 hash: 2082c51a86bc8b7cd5e69cf5d43914efe5d939c90503539d657fde7915a95ae1
MD5 hash: 90ad3c47740fce98015444d1289af9b9
MIME type:application/octet-stream
File name:AnalyzerVideoOpenCV.dll
File size:10'030'704 bytes
SHA256 hash: 21a1b7915292352bc161ec6f149018646b1bbc0050b7d01b1b928d838777d431
MD5 hash: 83f6bc33d2fddd4d8c82d120f48a2fb6
MIME type:application/x-dosexec
File name:Loader.exe
File size:3'135'722 bytes
SHA256 hash: 3dca6bf410164bdc8969001193d4df0e584616613e189dbf91ad5bcefe02af94
MD5 hash: afd730be2bc49b6e991e7dffe85dcb0c
MIME type:application/x-dosexec
File name:1T4C8T2M97M56U598G3NSHJ1P4GL9ULE
File size:35'008 bytes
SHA256 hash: 4cab978c8e847322007cb897466dd1bed69445e6e62eb97423ac518709bcd5b9
MD5 hash: 0e0abe3ce70ab397a8f6959c153ee34d
MIME type:application/x-dosexec
File name:boost_date_time-mt-x64.dll
File size:19'568 bytes
SHA256 hash: b90e0c73b690b023be4af640738e7ab3ccd6df53e96c3cbc1aced80c13468948
MD5 hash: 3f49a2869406b1acab717a7c0a8a66dc
MIME type:application/x-dosexec
File name:qtlabsplatformplugin.dll
File size:238'704 bytes
SHA256 hash: f73905e77537fea5ae4afcb9e8b037c6154814b9b941e905fefebe9c60a5bdf9
MD5 hash: 4386836346bf578a3baa9fa82665956e
MIME type:application/x-dosexec
File name:BeatDetection.dll
File size:196'208 bytes
SHA256 hash: 04a669f10e904a06f3c3a5434f51693e6365790e5c8d9ec925db7e53dbc8b074
MD5 hash: 8ce3ab6b54d0381155b5e57b55eba7de
MIME type:application/x-dosexec
File name:VCSubtitles.dll
File size:3'772'016 bytes
SHA256 hash: 8977b191101a3eb3c81c46c2fa68bc2ca7c0bb6080cad4928200a4743dfcf20c
MD5 hash: 98b8cc6433554684f7f043ebdc21519d
MIME type:application/x-dosexec
File name:bb2018.dll
File size:205'824 bytes
SHA256 hash: a00178f72d569fd845cc8f7c5cb7c4f983ed0dfbe3176e15c42ae884dee2db36
MD5 hash: 6f4b671473e343ff6eb0cd9951f24934
MIME type:application/x-dosexec
File name:onnxruntime.dll
File size:7'647'856 bytes
SHA256 hash: f1478b05cb6b4b196c6d98d7f0058c9e706dce220433d22538c3b00e542894b8
MD5 hash: d72e12ac40bc09e42ae97d3c87ebb546
MIME type:application/x-dosexec
File name:Qt5Core.dll
File size:6'051'440 bytes
SHA256 hash: cd8c4d4a860be6a9deae45c3670147d0ce048c96d0302288027292320d5819c9
MD5 hash: 65298dc50d466cdeebe854bc3161c9e1
MIME type:application/x-dosexec
File name:cueify-license.txt
File size:1'096 bytes
SHA256 hash: f32cc5eaeceac7e5e62d40803111827243c5c1236e39513788e0b3e3c73f5b31
MD5 hash: 0460945b203008f976a0bcb584673860
MIME type:text/plain
File name:README.txt
File size:87 bytes
SHA256 hash: 1cd7fa43012bafd0054e08860ea4cb1821283db060e2596bbe68a0cdadcead31
MD5 hash: 9623323cec762ab7e5937c54aebda1c1
MIME type:text/plain
File name:BDF-LICENSE.txt
File size:2'305 bytes
SHA256 hash: e4e792f29e66750f2e410fd7b50a567652c180f6ee15e1a4dfa0bb5cde524537
MD5 hash: d0c2c2e2e102c393a12869bc34515be2
MIME type:text/plain
File name:2
File size:346 bytes
SHA256 hash: 49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e
MD5 hash: 24d3b502e1846356b0263f945ddd5529
MIME type:text/plain
File name:qmldir
File size:103 bytes
SHA256 hash: 4054d8464159de9c99b65b6d1c8c59c1edbccaade62479c523434c5ff7677485
MD5 hash: 2e2db99735dd15977e8c73d601c29173
MIME type:text/plain
File name:plugins.qmltypes
File size:1'102 bytes
SHA256 hash: 6b8a8e9e5db20b0622967e62741173406ab739758da0b5f6022babac9a207e65
MD5 hash: 99d2eb4bd0fc4d6bd21dd44f394e1b28
MIME type:text/plain
File name:ass-license.txt
File size:755 bytes
SHA256 hash: f7e30699d02798351e7f839e3d3bfeb29ce65e44efa7735c225464c4fd7dfe9c
MD5 hash: a42532a0684420bdb15556c3cdd49a75
MIME type:text/plain
Vendor Threat Intelligence
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
fingerprint
Link:
https://www.filescan.io/uploads/63913daa04e0e79bdf4164c4/reports/0b2c9d4b-9e29-4663-9b51-ec686e8b9d1f/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/c88a22dae5d5564a33736d8cd43835eb46153bafe47fc6e8c267c3b89d4abf04
Gathering data
Threat name:
Win64.Infostealer.Hooker
Create hunting rule
Status:
Malicious
First seen:
2022-12-08 01:30:23 UTC
File Type:
Binary (Archive)
Extracted files:
68
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zcfcfwxf2vleum3tnwgniobv5ndbko5p4r74n2gcm7b3rhkkx4ca._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
vmprotect
Link:
https://tria.ge/reports/221208-hly2sahc22/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/c88a22dae5d5564a33736d8cd43835eb46153bafe47fc6e8c267c3b89d4abf04

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments