MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e52118fc7fc9b14e5a8d9f61dfae8b140488ae6ec6f01f41d9e16782febad5f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e52118fc7fc9b14e5a8d9f61dfae8b140488ae6ec6f01f41d9e16782febad5f2
SHA3-384 hash: 111acbc782b6e3ed17f0d2bbc81f0f4623e408702f6d63c13f6e1304e1f2c77fc43f68698646a3252e3fecbfcd73cfce
SHA1 hash: 321972e4e72c5364ec1d5b9e488d15c641fb1819
MD5 hash: 6d153b76187f02bb670f2172fb704aae
humanhash: jersey-sink-ceiling-sad
File name:realtekwin.zip
Download: download sample
File size:26'338 bytes
First seen:2025-04-05 05:41:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:LtMujCVdJsSFGDBmzV5zjeoFKH3ClaOR0O:LtnjksSFGYx5zfkH3ClaY
TLSH T1F1C2E1C25B916C31F66A733C74B9301ACD05BC98A672FE4CEFC4E166567B4F098B2845
Magika zip
Reporter JAMESWT_WT
Tags:api-autodriverfix-online MacOS-Driverfixer realtekwin-zip zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
IT IT
File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:gobatch.bat
File size:570 bytes
SHA256 hash: 9142d6dce5bf7cf2f690066d57dc86650a824acce7df93192a557eeb64e17c85
MD5 hash: b43e7aac656b48a9a70cd53ed81d14e0
MIME type:text/x-msdos-batch
File name:minictadriver.cat
File size:24'372 bytes
SHA256 hash: e6caf122447b0579409cd93b2391460754243fc14a45ae764a1f0b16a2dd1e0a
MD5 hash: f3a1953ea9bcdb376178cfbf7ccd5a2a
MIME type:application/octet-stream
File name:MiniCtaDriver.sys
File size:28'160 bytes
SHA256 hash: 2750ca8f50fc3931b8dfec252194b8d82eccbb2ecc961e1a7a07efa9c9dca9c0
MD5 hash: 5d2581bb6235792f8d9f25ded21fa37a
MIME type:application/x-dosexec
File name:update.vbs
File size:1'410 bytes
SHA256 hash: f10f1aa1b1adad456558d79084940b1d3d60329ed92210bbed7e3c55cc0b9a4b
MD5 hash: c9848047db184507db41c127132c6c09
MIME type:text/plain
File name:MiniCtaDriver.inf
File size:4'384 bytes
SHA256 hash: 12aa8e74f7c6b007b8ca361052567aba3f5bfc69a82163e73ab99360db69e22c
MD5 hash: 629f27f594bd1afaa258e82665ff87f1
MIME type:application/x-setupscript
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Vbs_Zip_3.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f0c3e6cfd0a37f830e90de
Tags:
malware
Result
Verdict:
Unknown
File Type:
ZIP File
Link:
https://app.docguard.net/e52118fc7fc9b14e5a8d9f61dfae8b140488ae6ec6f01f41d9e16782febad5f2/results/dashboard
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
expired-cert microsoft_visual_cc packed signed
Link:
https://www.filescan.io/uploads/67f0c2b040adfb5162b99cf4/reports/fe2a7842-87fe-4863-a291-c3b8f497fab5/overview
Verdict:
Suspicious
Link:
https://www.hybrid-analysis.com/sample/e52118fc7fc9b14e5a8d9f61dfae8b140488ae6ec6f01f41d9e16782febad5f2
Score:
6%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/e52118fc7fc9b14e5a8d9f61dfae8b140488ae6ec6f01f41d9e16782febad5f2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e52118fc7fc9b14e5a8d9f61dfae8b140488ae6ec6f01f41d9e16782febad5f2/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4uqrr7d7zgyu4wunt5q57lulcqcirltoy3yb6qoz4ftyf7v22xza._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250405-gw5fwa11ay/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:Sectigo_Code_Signed
Create hunting rule
Description:Detects code signed by the Sectigo RSA Code Signing CA
Reference:https://bazaar.abuse.ch/export/csv/cscb/
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments