MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db48dc163e8eaa906653b3e64b6aebe13b29e7e93d00aac5696234b5f3ba8f81. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 36 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db48dc163e8eaa906653b3e64b6aebe13b29e7e93d00aac5696234b5f3ba8f81
SHA3-384 hash: 980832d085e85bd88f8c7389fd6a2d507ef8d7df35d1fdfd961ad28e76a2cb1e659fcc135b7e9de33a4e455c8e13da86
SHA1 hash: 272adf96a8887f5ec238474357c817142ff995ca
MD5 hash: 6838ca2c1a1e21a551c6dc4d7695c0ce
humanhash: stairway-football-foxtrot-sodium
File name:loader.zip
Download: download sample
File size:32'720'180 bytes
First seen:2026-02-25 21:27:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 786432:8YU7M1dGOymw8/LukCX9LfCRaHR8MyJCMIFLf1pMeS4yW4:8YUw1IOl/LuY3MyMMIFL7S4yW4
TLSH T1D37733F86D1C1DA7B01DE23343D82B63D37B611E539DE8AE0703079D68621ADA73B946
TrID 60.0% (.USDZ) Universal Scene Description Zipped AR format (generic) (6000/1/1)
40.0% (.ZIP) ZIP compressed archive (4000/1)
Magika zip
Reporter tcains1
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
US US
File Archive Information

This file archive contains 41 file(s), sorted by their relevance:

File name:hprof.dll
File size:132'672 bytes
SHA256 hash: 4fdf86d78abc66b44b8aff4bbce1f2a5d6d9900767be3caae450409924dbc5ad
MD5 hash: 6376b76728e4a873b2bb7233cbcd5659
MIME type:application/x-dosexec
File name:dcpr.dll
File size:142'912 bytes
SHA256 hash: a3b35cc8c2e6d22b5832af74aaf4d1bb35069edd73073dffec2595230ca81772
MD5 hash: 4bdc32ef5da731393acc1b8c052f1989
MIME type:application/x-dosexec
File name:awt.dll
File size:1'182'272 bytes
SHA256 hash: 30eb581c99c8bcbc54012aa5e6084b6ef4fcee5d9968e9cc51f5734449e1ff49
MD5 hash: 159ccf1200c422ced5407fed35f7e37d
MIME type:application/x-dosexec
File name:jaas_nt.dll
File size:19'520 bytes
SHA256 hash: 97b5d1c8e7aaace5c86a418cb7418d3b0ba4f5e178de3cf1031029f7f36832af
MD5 hash: 503275e515e3f2770a62d11e386eadbf
MIME type:application/x-dosexec
File name:wintun.dll
File size:550'928 bytes
SHA256 hash: d694fa46ab4cfebcb2632d094c7aa97278eef2f8052438621766d863ae98a931
MD5 hash: fa0391a861b949de22e0a59c6faeaed5
MIME type:application/x-dosexec
File name:chrome_elf.dll
File size:1'767'528 bytes
SHA256 hash: a3ae7e40e100e684fd589e415023d45d467036314758a768974bb0977564fc64
MD5 hash: 666b07972d02fabb232040e991ba5f39
MIME type:application/x-dosexec
File name:java_crw_demo.dll
File size:23'616 bytes
SHA256 hash: 58914ad5737f2dd3d50418a89abbb7b30a0bd8c340a1975197eea02b9e4f25b2
MD5 hash: 1c47dd47ebd106c9e2279c7fcb576833
MIME type:application/x-dosexec
File name:jvm.dll
File size:3'857'984 bytes
SHA256 hash: b1fbdbb1e4c692b34d3b9f28f8188fc6105b05d311c266d59aa5e5ec531966bc
MD5 hash: 39c302fe0781e5af6d007e55f509606a
MIME type:application/x-dosexec
File name:AGIpHelperClose.dll
File size:98'520 bytes
SHA256 hash: d0b0c67bb766002d4be097ced6b53edc94fd423b6d8f50355be48add0626a35d
MD5 hash: b33bef46898db3038d755e2881ab6d6a
MIME type:application/x-dosexec
File name:sciter.dll
File size:15'399'000 bytes
SHA256 hash: acebb40ecd916a04d77ebc437a42d7287fe9250d4f24e4fdebae4507861253aa
MD5 hash: e138cc0a64a67c61d119dd327a7ad0c8
MIME type:application/x-dosexec
File name:SQLite.Interop.dll
File size:1'257'688 bytes
SHA256 hash: 1a6845e27761e5c26c1cfa128d2d2360d24e05d229008bc2f0b4215a03366dc9
MD5 hash: 6112b48951eddb62e78ba86d239fb2a3
MIME type:application/x-dosexec
File name:Bypass.dll
File size:6'673'496 bytes
SHA256 hash: 2a29d2d9378a44e6ce051f072bbc79aa0ec6cfc6d4594499c3f60dce007f1382
MD5 hash: 12139240c449d58185295311b9ca1bd3
MIME type:application/x-dosexec
File name:eula.dll
File size:109'120 bytes
SHA256 hash: 89a429889dcd0f6a3fe56217a0feb5912132aab2817643021eae3716da533d4a
MD5 hash: a5455b9beb5672d89b1f0fcfaa4c79ca
MIME type:application/x-dosexec
File name:JavaAccessBridge.dll
File size:127'552 bytes
SHA256 hash: 4691603dfabe6d7b7beac887dadc0e96243c2ff4f9a88ce3793e93356c53aa08
MD5 hash: c3ded5f41e28faf89338fb46382e4c3e
MIME type:application/x-dosexec
File name:decora_sse.dll
File size:64'064 bytes
SHA256 hash: 07ff22e96dcfd89226e5b85cc07c34318dd32cda23b7ea0474e09338654bfeb3
MD5 hash: b04abe76c4147de1d726962f86473cf2
MIME type:application/x-dosexec
File name:bci.dll
File size:15'424 bytes
SHA256 hash: 728d64bc1fbf48d4968b1b93893f1b5db88b052ab82202c6840bf7886a64017d
MD5 hash: a46289384f76c2a41ba7251459849288
MIME type:application/x-dosexec
File name:loader.exe
File size:3'308'696 bytes
SHA256 hash: 7b04df32fb17aea15812d2f3c952a648a9878cfa154c72ea30e8107322ea3a6f
MD5 hash: 5ad5000a461f25443368bfdf3ff3199e
MIME type:application/x-dosexec
File name:j2pcsc.dll
File size:16'448 bytes
SHA256 hash: 1bdefecdf8cfa3f6da606ad4d8bd98ec81e4a244d459a141723ccb9dc47e57cb
MD5 hash: 1f004c428e01f8beb07b52eb9659a661
MIME type:application/x-dosexec
File name:fxplugins.dll
File size:151'104 bytes
SHA256 hash: 9bc52058c02e0c87a6a9470c62d1aa4f998942cc00f99a82e7805e87d958bc16
MD5 hash: 7a710f90a74981c2f060fa361d094822
MIME type:application/x-dosexec
File name:java.exe
File size:191'040 bytes
SHA256 hash: 7e92648b919932c0fbfe56e9645d785d9e18f4a608df06e7c0e84f7cb7401b54
MD5 hash: e3e51a21b00cdde757e4247257aa7891
MIME type:application/x-dosexec
File name:instrument.dll
File size:115'776 bytes
SHA256 hash: 8a6fbb08e0f418a3bb80cc65233e7270c820741dd57525ed7fd3cc479a49396e
MD5 hash: ab6ed0cfd0c52dbede1be910efa8a89b
MIME type:application/x-dosexec
File name:ExtraBypass.dll
File size:99'416 bytes
SHA256 hash: f96f8b66f2fb99077a4eff2cf55c1500f334d71ba425c3989453ab5dae190c6e
MD5 hash: 18c9f48b88bd2241a265919a4cd4a794
MIME type:application/x-dosexec
File name:JavaAccessBridge-32.dll
File size:128'064 bytes
SHA256 hash: 61dfb6126eba8d5429f156eaab24ff30312580b0abe4009670f1dd0bc64f87bb
MD5 hash: 2f808ed0642bd5cf8d4111e0af098bbb
MIME type:application/x-dosexec
File name:deploy.dll
File size:453'184 bytes
SHA256 hash: 87847204933551f69f1cba7a73b63a252d12ef106c22ed9c561ef188dffcbae8
MD5 hash: 5edaeffc60b5f1147068e4a296f6d7fb
MIME type:application/x-dosexec
File name:WinRT.Runtime.dll
File size:399'286 bytes
SHA256 hash: 18ae7068a67ac5f2c5562fa9ecfb62e706c7d50d5990f79f9dd17c22251708cd
MD5 hash: 99e065e222932810f5f8b2367fd305f9
MIME type:application/octet-stream
File name:dt_socket.dll
File size:21'568 bytes
SHA256 hash: 39ef85ab21f653993c8aaab2a487e8909d6401a21f27cba09283b46556fb16af
MD5 hash: 73603bf0dc85caa2f4c4a38b9806ec82
MIME type:application/x-dosexec
File name:java.dll
File size:126'528 bytes
SHA256 hash: e7b870deb08bc864fa7fd4dec67cef15896fe802fafb3009e1b7724625d7da30
MD5 hash: 73bd0b62b158c5a8d0ce92064600620d
MIME type:application/x-dosexec
File name:fontmanager.dll
File size:223'296 bytes
SHA256 hash: 6d817519c2e2efdd3986eb655c1f687d4774730ab20768df1c0aaef03b110965
MD5 hash: 9d5edecf7e33ddd0e2a6a0d34fc12ca1
MIME type:application/x-dosexec
File name:javacpl.cpl
File size:160'256 bytes
SHA256 hash: 893a86e7b1de81dedab4794732fccd02790756a2dbe4815c102f039088dfcbd2
MD5 hash: 4e3c37a4de0b5572d69ad79b7a388687
MIME type:application/x-dosexec
File name:gstreamer-lite.dll
File size:514'112 bytes
SHA256 hash: 43c2ac74004f307117d80ee44d6d94db2205c802ae6f57764810dee17cfc914d
MD5 hash: 8d0ce7151635322f1fe71a8cea22a7d6
MIME type:application/x-dosexec
File name:cfg.dll
File size:550'932 bytes
SHA256 hash: 4fc84b2ced66da38491c22ac5a68de22abf828d52a077e2e2e9e4ccb7320ac58
MD5 hash: 0d36a57b4575cb134c392be6ec7428f4
MIME type:application/x-dosexec
File name:dt_shmem.dll
File size:25'152 bytes
SHA256 hash: d4b63243d1787809020ba6e91564d17ffea4762af99201e241f4ecd20108d2e8
MD5 hash: 72b7054811a72d9d48c95845f93fcd2c
MIME type:application/x-dosexec
File name:glib-lite.dll
File size:400'960 bytes
SHA256 hash: 218d349986e2a0cd4a76f665434f455a8d452f1b27eaf9d01a120cb35da13694
MD5 hash: 767bba46789597b120d01e48a685811e
MIME type:application/x-dosexec
File name:j2pkcs11.dll
File size:51'264 bytes
SHA256 hash: 629393079539b1b9849704ce4757714d1cbe5c80e82c6bb3bc4445f4854efa7b
MD5 hash: 3a744b78c57cfadc772c6de406b6b31e
MIME type:application/x-dosexec
File name:glass.dll
File size:200'768 bytes
SHA256 hash: 1edd9022c10c27bbba2ad843310458edaead37a9767c6fc8fddaaf1adfcbc143
MD5 hash: 434cbb561d7f326bbeffa2271ecc1446
MIME type:application/x-dosexec
File name:143.0.7499.110.manifest
File size:228 bytes
SHA256 hash: 919ed33ab8d043c25e544a24138afb51d1b1f37e7ea0cdafe9cc02e74a413c43
MD5 hash: fce96f3f47e476160244992dc78fd7db
MIME type:text/plain
File name:default.adg
File size:391'772 bytes
SHA256 hash: 15f0d40786f57a7d7ee5d9340d30619d095c6e253bf29d9e67a9308d585ee0ee
MD5 hash: f07c5034ad2e6a558c2860bfca7a03c8
MIME type:application/zip
File name:libEGL.json
File size:1'085 bytes
SHA256 hash: 6c1cee670b3b0348204425a70cbb256643b979efc0affac1f66615feb530330f
MD5 hash: b30f22dc4ba4ca897aa9b935dd776f6c
MIME type:text/plain
File name:drivers.bin
File size:691'950 bytes
SHA256 hash: 6e5460c99e6560907631da75b8ea05907ca7f96642bbc67fa2f716d167322682
MD5 hash: 65f89ae32162b4efac226d5467e497b8
MIME type:application/zip
File name:LICENSES.chromium.html
File size:6'810'078 bytes
SHA256 hash: 86f5222580a4ab03dad8ea62e6cea22b23454dccf1c77e74ae0e0410a13b16fc
MD5 hash: d18c09a075cb6531d7ffd7c3da77bd4e
MIME type:text/html
File name:Xusage.txt
File size:1'447 bytes
SHA256 hash: bd54e6150ad98b444d5d24cea9ddafe347ed11a1aae749f8e4d59c963e67e763
MD5 hash: f4188deb5103b6d7015b2106938bfa23
MIME type:text/plain
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/5110b6b3-2ea8-4df6-8ad9-6ea476b4ef1a/
Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=699f694a8fffa866e3b223ac
Tags:
vmdetect
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/db48dc163e8eaa906653b3e64b6aebe13b29e7e93d00aac5696234b5f3ba8f81
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/db48dc163e8eaa906653b3e64b6aebe13b29e7e93d00aac5696234b5f3ba8f81
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Score:
3%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/db48dc163e8eaa906653b3e64b6aebe13b29e7e93d00aac5696234b5f3ba8f81
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3nenyfr6r2vjazstwptew2xl4e5stz7jhuakvrljmi2ll452r6aq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/db48dc163e8eaa906653b3e64b6aebe13b29e7e93d00aac5696234b5f3ba8f81

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BLOWFISH_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for Blowfish constants
Rule name:CAS_Malware_Hunting
Create hunting rule
Author:Michael Reinprecht
Description:DEMO CAS YARA Rules for sample2.exe
Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__MemoryWorkingSet
Create hunting rule
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerHiding__Thread
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:dependsonpythonailib
Create hunting rule
Author:Tim Brown
Description:Hunts for dependencies on Python AI libraries
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:DLL_BankingTrojan_Coyote_Feb2024
Create hunting rule
Author:Yashraj Solanki - Cyber Threat Intelligence Analyst at Bridewell
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:golang
Create hunting rule
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:identity_golang
Create hunting rule
Author:Eric Yocam
Description:find Golang malware
Rule name:Indicator_MiniDumpWriteDump
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects PE files and PowerShell scripts that use MiniDumpWriteDump either through direct imports or string references
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:ProgramLanguage_Rust
Create hunting rule
Author:albertzsigovits
Description:Application written in Rust programming language
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:reverse_http
Create hunting rule
Author:CD_R0M_
Description:Identify strings with http reversed (ptth)
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip db48dc163e8eaa906653b3e64b6aebe13b29e7e93d00aac5696234b5f3ba8f81

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3785714/

Comments