MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e4d081e8a3e490c82253b5a36bda763f9df9fac043b8e03228b3305bb3082268. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 6 File information Comments

SHA256 hash: e4d081e8a3e490c82253b5a36bda763f9df9fac043b8e03228b3305bb3082268
SHA3-384 hash: 0f33a35ce6c39fe984addf3ea30421195cc00d9c5eb84ad53acd1a197a8fcdc44672ec0a9f6d843f82568b879cf95ae7
SHA1 hash: e5fb4a46d93610d6e2d3b4eb6c41b7cb71b5237a
MD5 hash: dc0555b4291aabc22a7bb188521e2f63
humanhash: fanta-november-lemon-alabama
File name:Case study.pdf.lnk
Download: download sample
File size:2'327 bytes
First seen:2025-04-23 08:07:35 UTC
Last seen:2025-04-23 08:08:42 UTC
File type:Shortcut (lnk) lnk
MIME type:application/x-ms-shortcut
ssdeep 24:8fJM+WQHdaOANx+/cd8DZ63fzAliDul/UMkWV8qlqddNXuHY8511yncmz:8GOHand8DuAkIHWdLXuHl1gc0
TLSH T12041692167F98774F3F30E3219BBA65549B7B84AEE258A1E4148414C0C63B24DD39F77
Magika lnk
Reporter abuse_ch
Tags:lnk WsgiDAV

Intelligence


File Origin
# of uploads :
2
# of downloads :
73
Origin country :
NL NL
Vendor Threat Intelligence
Verdict:
Malicious
Score:
96.5%
Tags:
shell sage blic
Result
Verdict:
Malicious
File Type:
LNK File - Malicious
Payload URLs
URL
File name
https://arbitrary-brutal-desperate-page.trycloudflare.com/sch.bat'
LNK File
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cmd evasive lolbin masquerade powershell
Result
Threat name:
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Signature
Joe Sandbox ML detected suspicious sample
Multi AV Scanner detection for submitted file
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Invoke-WebRequest Execution
Suspicious powershell command line found
Uses an obfuscated file name to hide its real file extension (double extension)
Windows shortcut file (LNK) contains suspicious command line arguments
Windows shortcut file (LNK) starts blacklisted processes
Yara detected malicious lnk
Behaviour
Behavior Graph:
Threat name:
Script-BAT.Trojan.Heuristic
Status:
Malicious
First seen:
2025-04-22 19:53:14 UTC
File Type:
Binary
AV detection:
9 of 24 (37.50%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
execution
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Download_in_LNK
Author:@bartblaze
Description:Identifies download artefacts in shortcut (LNK) files.
Rule name:Execution_in_LNK
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:LNK_sospechosos
Author:Germán Fernández
Description:Detecta archivos .lnk sospechosos
Rule name:PS_in_LNK
Author:@bartblaze
Description:Identifies PowerShell artefacts in shortcut (LNK) files.
Rule name:Script_in_LNK
Author:@bartblaze
Description:Identifies scripting artefacts in shortcut (LNK) files.
Rule name:SUSP_LNK_CMD
Author:SECUINFRA Falcon Team
Description:Detects the reference to cmd.exe inside an lnk file, which is suspicious

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Shortcut (lnk) lnk e4d081e8a3e490c82253b5a36bda763f9df9fac043b8e03228b3305bb3082268

(this sample)

  
Delivery method
Distributed via web download

Comments