MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0c4324942d2c19fc67ca4909e479e917655fa0123acd68764a1f28396c5b3b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.Generic


Vendor detections: 8


Intelligence 8 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d0c4324942d2c19fc67ca4909e479e917655fa0123acd68764a1f28396c5b3b7
SHA3-384 hash: b3eda977d580552c80fbde2329e2a3f3a6f0590c19c30ae1e86b93200e91fbfce70df59059a1e8261273482806cc5e75
SHA1 hash: 423e904e97312d78cba13b610d8c59278cb9cf32
MD5 hash: 8cae1cf0c04133068e7b224f7c2b7df6
humanhash: october-hamper-apart-twenty
File name:鱼店工具安装程序1.2.2.7.exe
Download: download sample
Signature Adware.Generic
Create hunting rule
File size:78'359'724 bytes
First seen:2025-06-13 20:23:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash eb5bc6ff6263b364dfbfb78bdb48ed59 (55 x Adware.Generic, 18 x RaccoonStealer, 8 x Adware.ExtenBro)
ssdeep 1572864:8s7LU5Tnr0lh/WIAJo8tIYHtSpuOjA3KsssJRgHh6O:8Ksr07Y9tIYHtxOmTgHb
TLSH T16A083327F6C5953BD0AB5A7A4337A164983FF950744A6C0353ECFE0CC7226C42E2AD66
TrID 49.8% (.EXE) Inno Setup installer (107240/4/30)
20.0% (.EXE) InstallShield setup (43053/19/16)
19.3% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
4.8% (.EXE) Win64 Executable (generic) (10522/11/4)
2.0% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon 5050d270cccc82ae (109 x Adware.Generic, 43 x LummaStealer, 42 x OffLoader)
Reporter GDHJDSYDH1
Tags:Adware.Generic backdoor dropper exe FakeApp packed Symmi


Avatar
GDHJDSYDH1
Downloaded from: https://ed.weeeg.com/

Intelligence

File Origin
# of uploads :
1
# of downloads :
773
Origin country :
US US
Vendor Threat Intelligence
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=684c89da8bd5d68a12e88d78
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Labled as:
Trojan.Agent.xbartf
Link:
https://www.hybrid-analysis.com/sample/d0c4324942d2c19fc67ca4909e479e917655fa0123acd68764a1f28396c5b3b7
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1714337
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
34%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/d0c4324942d2c19fc67ca4909e479e917655fa0123acd68764a1f28396c5b3b7
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/d0c4324942d2c19fc67ca4909e479e917655fa0123acd68764a1f28396c5b3b7
Threat name:
Win32.Trojan.Kepavll
Create hunting rule
Status:
Malicious
First seen:
2025-06-13 20:02:42 UTC
File Type:
PE (Exe)
Extracted files:
307
AV detection:
12 of 38 (31.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2dcdeskc2laz7rt4usij4r46sf3fl6qbeownnb3euhzihfwfwo3q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/250613-y7mhwahk8x/
Behaviour
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Executes dropped EXE
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/68efd3a0-f20d-40a5-8d2e-b71443e0cb3f
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:botnet_plaintext_c2
Create hunting rule
Author:cip
Description:Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Adware.Generic

Executable exe d0c4324942d2c19fc67ca4909e479e917655fa0123acd68764a1f28396c5b3b7

(this sample)

  
Link
https://tria.ge/250613-yvyelsej4s
  
Delivery method
Distributed via web download

Comments