MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1e843217520a8667d0f2fcf15d761b9fda8c0ff0756fe8cf7735b3ce03875f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 32 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1e843217520a8667d0f2fcf15d761b9fda8c0ff0756fe8cf7735b3ce03875f5
SHA3-384 hash: 1de75c850d6b2abbbad268f87bd12daa89555e05db12fc51e2d4c7e12fecd50f70f166860f5cfe14fcde2e9c4522e7ef
SHA1 hash: 4b303dcf6aeb9584fb778459e259bd7a214832e3
MD5 hash: 1580d5c86a0469f92a9876eaa76df8c7
humanhash: saturn-mexico-floor-robin
File name:asfixsoftwaredev.zip
Download: download sample
File size:7'028'413 bytes
First seen:2026-03-14 06:27:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:yF7Q4SP8SGSFOM0uU+HB/OGUElH6XU8YYlbHXUZZftC:yF7Qr8EOMrU+h/PUEl0U8YYlbEZBs
TLSH T1B266332AB52C5EC9D46B64BAE0B12F9583EA130FF003D977965139D8B0D4BCA5DCC06B
Magika zip
Reporter JAMESWT_WT
Tags:asmweosiqsaaw-com booking ClickFix sabrineme-com zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
IT IT
File Archive Information

This file archive contains 12 file(s), sorted by their relevance:

File name:psl.exe
File size:66'144 bytes
SHA256 hash: 12c931dbfa907d4e394fb928f3a8a27ed7e5bf203578dabcd65bb2dd5f2f1280
MD5 hash: f83c15cdcf054820008944d8366b6f24
MIME type:application/x-dosexec
File name:libintl-8.dll
File size:311'976 bytes
SHA256 hash: 014537629d17e625e3f3052e59b5aaad80233af0191b950367b7db06228b46de
MD5 hash: 5ff474738f95cd79dfad97305ff6c6fd
MIME type:application/x-dosexec
File name:libidn2-0.dll
File size:257'408 bytes
SHA256 hash: c6296ac4f38ab5f6b66ccea54f337eb61e4b4c64c6cbef9b422d40906102ed23
MD5 hash: dd739331842b79885453706d874a4366
MIME type:application/x-dosexec
File name:msys-intl-8.dll
File size:121'856 bytes
SHA256 hash: 9517978d663b324f80b3ad454e0f6a99db9cbd5022e98cea93808ddd64630aed
MD5 hash: 07bb931d03cfaf310b0369175797c719
MIME type:application/x-dosexec
File name:libunistring-5.dll
File size:2'236'904 bytes
SHA256 hash: 351ab6db834de03308e468a660dd93cb76d1e60aa213c7fce1c36603c431b7ba
MD5 hash: f6027bba63f798a5db8ce3f43bfda60e
MIME type:application/x-dosexec
File name:msys-2.0.dll
File size:3'371'536 bytes
SHA256 hash: 7ad917358bf910168a051aa46670fc5fbe300cd5e63fa2691ca6909237332118
MD5 hash: 8e727844e0eed3e4b14d2d87195d71b8
MIME type:application/x-dosexec
File name:libpsl-5.dll
File size:3'924'480 bytes
SHA256 hash: f5d1d631552acc1470fdf19d02bc89fd134f13edfc30b3f2c3ae27e236b55b09
MD5 hash: 3a0d8a9668d1ef5197f9baa57d0b8e3b
MIME type:application/x-dosexec
File name:msys-iconv-2.dll
File size:1'108'800 bytes
SHA256 hash: b76044939dd5d6c6b7cf0d0cf877db6a2d8d7fd433212b78c837ba58f77a1775
MD5 hash: c29ee585eb10ad99a3a87aad2a772517
MIME type:application/x-dosexec
File name:msys-psl-5.dll
File size:83'128 bytes
SHA256 hash: 465a677a62faf17255a910e52ec595e277831acf471048e84229a60417f0e7d1
MD5 hash: fbef212371b36a54980ac886bee50b4e
MIME type:application/x-dosexec
File name:libiconv-2.dll
File size:1'146'840 bytes
SHA256 hash: 9740c8a8351587206aff71a976b9fea7457e59126807216b2e76f68a41579ed4
MD5 hash: 9a47e690745d2abf439b3466abb0ec16
MIME type:application/x-dosexec
File name:msys-unistring-5.dll
File size:2'074'976 bytes
SHA256 hash: 7c6c656d2413d2398f99de4616416319eaea0d9f91ab8a6efa953b2fe7def760
MD5 hash: 5374fcf8f138a6a0f84cfa8a3602e59c
MIME type:application/x-dosexec
File name:msys-idn2-0.dll
File size:207'760 bytes
SHA256 hash: 7912f8204e5b57fe00d59f9b346fcc04137237c879e0af48d2e6167fc21cb937
MD5 hash: fd464b8caab9e46e6a917f490b6b8643
MIME type:application/x-dosexec
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/db7d638e-291b-485d-b9a0-5d34460ec569/
Detection(s):
SecuriteInfo.com.W64.Aotera.BU.tr.26458.16683.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a74030002d37d5c98341b2
Tags:
n/a
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/d1e843217520a8667d0f2fcf15d761b9fda8c0ff0756fe8cf7735b3ce03875f5/results/dashboard
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d1e843217520a8667d0f2fcf15d761b9fda8c0ff0756fe8cf7735b3ce03875f5
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/d1e843217520a8667d0f2fcf15d761b9fda8c0ff0756fe8cf7735b3ce03875f5
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
File Type:
zip
Link:
https://opentip.kaspersky.com/d1e843217520a8667d0f2fcf15d761b9fda8c0ff0756fe8cf7735b3ce03875f5/results?tab=lookup
Score:
51%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/d1e843217520a8667d0f2fcf15d761b9fda8c0ff0756fe8cf7735b3ce03875f5
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d1e843217520a8667d0f2fcf15d761b9fda8c0ff0756fe8cf7735b3ce03875f5/
Threat name:
Win64.Trojan.Suschil
Create hunting rule
Status:
Malicious
First seen:
2026-03-14 06:26:26 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2huegilvecugm7ipf7hrlv3bxh62rqh7a5lp5dhxonntzybyox2q._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery persistence
Link:
https://tria.ge/reports/260314-jtdlgsaz8t/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d1e843217520a8667d0f2fcf15d761b9fda8c0ff0756fe8cf7735b3ce03875f5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__MemoryWorkingSet
Create hunting rule
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__ConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerHiding__Thread
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip d1e843217520a8667d0f2fcf15d761b9fda8c0ff0756fe8cf7735b3ce03875f5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3793775/
  
Delivery method
Distributed via web download

Comments