MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6fb04b214c8750a7ff8111b6ffb3268c97a77c32595c7e1b0633db04fa67bef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 9 File information Comments

SHA256 hash: d6fb04b214c8750a7ff8111b6ffb3268c97a77c32595c7e1b0633db04fa67bef
SHA3-384 hash: 56796cfb04adb844beb7c8fe7fd2e3d4c1363bdf7e17c992739c9105b95c1834263c8cb988a6134674f94f975a90e054
SHA1 hash: 941a220dac4935af970375ec7741de3155b17c7f
MD5 hash: 2b265316ce3de69f4e53ede847e1053e
humanhash: east-fifteen-monkey-cat
File name:Protivodeistvie BPLA.zip
Download: download sample
File size:491'929 bytes
First seen:2026-07-03 13:25:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:tmDGansxrWPNPHDBJ3iJ3iGOOV61/D6TSL5atHQeptbp6uhxg:tmiaOr4NHDBJ3q6176k4HQeptbAuhxg
TLSH T163A4233EAC8B6E2F4C5B7D94D9BE59A21451818E4FE7667BB403DD08305F8B1F07108A
Magika zip
Reporter smica83
Tags:zip

Intelligence


File Origin
# of uploads :
1
# of downloads :
130
Origin country :
HU HU
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:Противодействие БПЛА.lnk
File size:1'337 bytes
SHA256 hash: ad60b62f8aba4bf98dae6f825b71ce428e445ffd08a62601a053378138b0f87e
MD5 hash: 6867fa9784538065366520dbc8b5a002
MIME type:application/octet-stream
File name:Противодействие БПЛА.pdf
File size:519'116 bytes
SHA256 hash: afff50016483c7ba2f16c70f4ba706024510d87b787f2b50b40d538edd73326d
MD5 hash: 4231289394ba3cd6bf9a06d2dc643b9e
MIME type:application/pdf
Vendor Threat Intelligence
Verdict:
Malicious
Score:
91.7%
Tags:
obfuscate xtreme sage
Verdict:
Malicious
File Type:
zip
First seen:
2026-07-02T04:44:00Z UTC
Last seen:
2026-07-02T11:32:00Z UTC
Hits:
~10
Gathering data
Threat name:
Shortcut.Trojan.Generic
Status:
Suspicious
First seen:
2026-07-02 11:29:36 UTC
File Type:
Binary (Archive)
Extracted files:
55
AV detection:
7 of 36 (19.44%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Archive_in_LNK
Author:@bartblaze
Description:Identifies archive (compressed) files in shortcut (LNK) files.
Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:Detect_Remcos_RAT
Author:daniyyell
Description:Detects Remcos RAT payloads and commands
Rule name:Execution_in_LNK
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:LNK_sospechosos
Author:Germán Fernández
Description:Detecta archivos .lnk sospechosos
Rule name:PDF_in_LNK
Author:@bartblaze
Description:Identifies Adobe Acrobat artefacts in shortcut (LNK) files. A PDF document is typically used as decoy in a malicious LNK.
Rule name:Script_in_LNK
Author:@bartblaze
Description:Identifies scripting artefacts in shortcut (LNK) files.
Rule name:SUSP_LNK_CMD
Author:SECUINFRA Falcon Team
Description:Detects the reference to cmd.exe inside an lnk file, which is suspicious
Rule name:SUSP_LNK_PowerShell
Author:SECUINFRA Falcon Team
Description:Detects the reference to powershell inside an lnk file, which is suspicious

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments