MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de0a2de2fc2b87468c7d7e8193adbc59549af459c982815c81a135aee08c4838. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de0a2de2fc2b87468c7d7e8193adbc59549af459c982815c81a135aee08c4838
SHA3-384 hash: 899acc7457b3e23e5930280ff8684711b93863dc2eb4fe1254ed97cbaf0e8e70ce8eacae99dd76e07e601a870645889d
SHA1 hash: aef74f5f432fb3d52c493da4f3ebeca2cb7fbc3b
MD5 hash: 56053f64c99749fd898f7674b2d2e330
humanhash: august-stream-william-oregon
File name:Dienstangebot_Klement_A_18-03-26.zip
Download: download sample
File size:37'269 bytes
First seen:2026-04-15 06:28:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:CZwOJ1GXMuhbTb+6lBVI9u8xGyfy6cuP1mALgkV52oL+VT7Oc:CZj1EMmbTGPGqp9mA8k6VT7Oc
TLSH T1ACF2E195ACC80499D00883B2B8F26EA04D0576CBC6D13E0663C8B6E87E455D4D7FAFED
Magika zip
Reporter JAMESWT_WT
Tags:Dienstangebot-Klement zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
IT IT
File Archive Information

This file archive contains 15 file(s), sorted by their relevance:

File name:Dienstangebot_A_Klement_18-03-26.docx.lnk
File size:3'769 bytes
SHA256 hash: 32c2939decce20caccb9ffe0df030397443c56a78cd66ca59d20d896f2f37127
MD5 hash: 252652ed4ec0a8ec8bb8382e92340d97
MIME type:application/octet-stream
File name:core.xml
File size:391 bytes
SHA256 hash: fa7013b2738e7e8a5bf7f23fea28ed1c23c270f6f29828e86384f7b2526ac18b
MD5 hash: 6a0471ad5e26964792cdccf14e545fcf
MIME type:text/xml
File name:header1.xml
File size:3'405 bytes
SHA256 hash: 954b32e183dff6df9ca2c60e4bb9c1948742d1832161b4fddf081188c5871d22
MD5 hash: 0dd38067d6363c66753cfa2a6c95e014
MIME type:text/xml
File name:settings.xml
File size:1'778 bytes
SHA256 hash: 5e760e1bcd3145df1abebc848a3a1abe8d13a32b3c9852bcac7a679577b455ab
MD5 hash: 3c44d4968b59b3db0c962c9e3f724adf
MIME type:text/xml
File name:[Content_Types].xml
File size:1'712 bytes
SHA256 hash: ce44454724d8734cb14373eab228986e44d9f3ed3890e4460ce5392990a790ea
MD5 hash: 89851f603b705852b3d87ec683bd7401
MIME type:text/xml
File name:document.xml
File size:111'735 bytes
SHA256 hash: 5aae3ae66efd113b1761ad6254221fbe26bf3c4a5209c2ecc741c6330431de14
MD5 hash: 05b2a3b802801f6dfd7d15fa97b115b8
MIME type:text/xml
File name:numbering.xml
File size:3'658 bytes
SHA256 hash: c1cc62b3ffdc95f8433e05a934a9ad972a47b6f06be57ad4ad8cd5e4a52db34d
MD5 hash: 45b4f5596ea56221765eebc9812510de
MIME type:text/xml
File name:footer1.xml
File size:3'080 bytes
SHA256 hash: 1f124116c994f4d14b19d0910d6926569835b5ea163b35add251ccf643cc0cbf
MD5 hash: 6c0d1a9dda45a0307fcd7321698e965e
MIME type:text/xml
File name:webSettings.xml
File size:445 bytes
SHA256 hash: 42e26457c9d4256c84d1404daceeb654edd4436b16df4dcddabf723a16da306c
MD5 hash: 0a3f9eec271570093d54cf24d5157762
MIME type:text/xml
File name:ROSSMANN_NDA_Datenschutzrichtlinie.docx
File size:14'282 bytes
SHA256 hash: 4578bc4b0b5eab3ac6e38d71bc1a086593b118c8bb221161d3fd27c5f5d00ea6
MD5 hash: 44fe4ec3168197e784593ca6b99e5dbd
MIME type:application/vnd.openxmlformats-officedocument.wordprocessingml.document
File name:app.xml
File size:667 bytes
SHA256 hash: 7069af845889fb4799b135d2de369b4205f0af8edd2d76f93b146bdfeebcd050
MD5 hash: e9ea9bf02441de131e8efb4098aa5acb
MIME type:text/xml
File name:theme1.xml
File size:6'992 bytes
SHA256 hash: bf4992e3fa7832e5c68fdbc4ec5189c8e5d347fef03c5ba2522ad704bde5078f
MD5 hash: 9d84374caf9c73ec77677afd23cb7b22
MIME type:text/xml
File name:document.xml.rels
File size:1'212 bytes
SHA256 hash: d6106d279195f70e0c8a0ced99e9898be8ba7f485c25f7d9ef1bbca159155fe2
MD5 hash: ebbd83cf93bf1590250d5e0d930972df
MIME type:text/xml
File name:fontTable.xml
File size:439 bytes
SHA256 hash: 2904a37f56093ded5a49cd464d7500b34a98238bc37a20f1192963bbe135321f
MD5 hash: 3e52855bd679b0af61597feb1031f489
MIME type:text/xml
File name:styles.xml
File size:17'442 bytes
SHA256 hash: 07a915c0ef789544bf0fb7ca66de23f80ea7f53927810a2b7d7b4f0863ca320f
MD5 hash: a2518ed99fe51305e5302a1d0fc2ee6a
MIME type:text/xml
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/b5c7de62-2bf2-4dcd-b483-b431540c51fb/
Detection(s):
Sanesecurity.Foxhole.Zip_docx.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.GenericKD.79817292.29833.21585.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.GenericKD.79817294.9971.7728.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.LOLBinOddLookPSHELL.20220711.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.OddLook.202207213.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69cd5f106363ca5d27f0abb7
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69df301b5ea31bc68a2bfac3/reports/2bc44c74-4932-4094-b122-d35ca08b26fd/overview
Verdict:
Suspicious
Labled as:
Troj/LnkDrop
Link:
https://www.hybrid-analysis.com/sample/de0a2de2fc2b87468c7d7e8193adbc59549af459c982815c81a135aee08c4838
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/de0a2de2fc2b87468c7d7e8193adbc59549af459c982815c81a135aee08c4838
Verdict:
Malicious
File Type:
zip
First seen:
2026-04-15T10:39:00Z UTC
Last seen:
2026-04-15T16:56:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/de0a2de2fc2b87468c7d7e8193adbc59549af459c982815c81a135aee08c4838/results?tab=lookup
Score:
0%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/de0a2de2fc2b87468c7d7e8193adbc59549af459c982815c81a135aee08c4838
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/de0a2de2fc2b87468c7d7e8193adbc59549af459c982815c81a135aee08c4838/
Threat name:
Document-Office.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-04-15 06:23:49 UTC
File Type:
Binary (Archive)
Extracted files:
31
AV detection:
10 of 36 (27.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3yfc3yx4fodundd5p2azhln4lfkjv5czzgbicxebue225yemja4a._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/260415-j9xz3ahw4l/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/de0a2de2fc2b87468c7d7e8193adbc59549af459c982815c81a135aee08c4838

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Archive_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies archive (compressed) files in shortcut (LNK) files.
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:SUSP_ZIP_Smuggling_Jun01
Create hunting rule
Author:delivr.to
Description:ZIP archives with data smuggled between last file record and the central directory.
Reference:https://github.com/Octoberfest7/zip_smuggling/
Rule name:ZIP_PowerShell_Susp_Obf
Create hunting rule
Author:ventdrop
Description:Detect .zip files containing susp and obf embedded PS command

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments