MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e85e7e0d644266f59ff3cf85e301ce6e0b4f3c2c42aa5f57df999891cd768b3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e85e7e0d644266f59ff3cf85e301ce6e0b4f3c2c42aa5f57df999891cd768b3e
SHA3-384 hash: 739c0c608c12e53c3b4f01be13ee8ba9894b61fefc992c413506ae67ce7b7311c51caf009cc26c0b9dbea2f3cedc440e
SHA1 hash: 1b6bba5120dd8b04044a08b5d498bac92d10a392
MD5 hash: 7ab9f535c6feb398c2d5e0f4f5fb33c3
humanhash: kentucky-indigo-purple-failed
File name:说明文档.zip
Download: download sample
File size:25'297'312 bytes
First seen:2026-04-16 19:15:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 786432:KicU1CfQpn++A2xRc2ghdZ/ivEDCQoer8f20i:KicU1C4NA2cZXZJCQZl0i
TLSH T10F4733C8C15799F6159EC573FA3088CAA104133545BAB10FADACEA6B294E770C7F84ED
Magika zip
Reporter smica83
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
HU HU
File Archive Information

This file archive contains 15 file(s), sorted by their relevance:

File name:jvm.dll
File size:8'842'584 bytes
SHA256 hash: 8f45418f17cf57bc774aa91d69a26b99fbab9d68c3e17fc3db9f4bc1cff1d668
MD5 hash: 5ceb9b2cdf04e74612ee577b493ebe68
MIME type:application/x-dosexec
File name:api-ms.dll.dll
File size:13'312 bytes
SHA256 hash: 482a02dde1b0661363e8f01da06be6af5041514a95dde7aec247ff42aef1f3f0
MD5 hash: e4f4bbadac64f9a9d41363b953300057
MIME type:application/x-dosexec
File name:verify.dll
File size:50'008 bytes
SHA256 hash: a9e11ac06779763db816013031fceb59d303163e3b8cfc45384328e680cc5d9b
MD5 hash: 06aae1321e02fd1923be8e605ed55fec
MIME type:application/x-dosexec
File name:java.exe
File size:207'704 bytes
SHA256 hash: 41283782a2460b4b49cfc3cf7b06a3d3a26c6c8d4965a0bcdf561320a7b2d59b
MD5 hash: 01d16207809117a0490b68f035ec1986
MIME type:application/x-dosexec
File name:重要通知2.md.lnk
File size:702 bytes
SHA256 hash: 03fcceec212d8f37b105b9304831fbc3887abef623b883ba2878d002e875fc6e
MD5 hash: 7ecf3ef2bce1a3aeea7d35864a76d065
MIME type:application/octet-stream
File name:zip.dll
File size:79'192 bytes
SHA256 hash: 5a5574cc477a2735bd031c04efe56495fcdb98eda7fccb1ae2d645d77668690f
MD5 hash: 6c6753e8ca50ca6734ceaf1c4b906a04
MIME type:application/x-dosexec
File name:java.dll
File size:159'576 bytes
SHA256 hash: 673a929017fe33438e386db5c5084c628eefe7f6c635ca579cb78b4650004877
MD5 hash: aef3894d687026704740d6acb881d74e
MIME type:application/x-dosexec
File name:javaw.exe
File size:208'216 bytes
SHA256 hash: 81193c9411b6ba37b128746bb3dc4dbae2af06789a3c8de6b1f20e771615946b
MD5 hash: d1cbfae55e8acc4d8192f121af2eef3e
MIME type:application/x-dosexec
File name:rt.jar
File size:63'580'228 bytes
SHA256 hash: 1bdcd24c12f3b5834ce811930e32161683ee816ddcae63974d120ec9f42d166e
MD5 hash: a4cd5af51a0a6649f50ce98a14823a0e
MIME type:application/java-archive
File name:jvm.cfg
File size:634 bytes
SHA256 hash: 80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb
MD5 hash: 499f2a4e0a25a41c1ff80df2d073e4fd
MIME type:text/plain
File name:image.txt
File size:531'474 bytes
SHA256 hash: a789d1b2ca582676814d22d4c454337aba34f00e71abbc440a474c5ab9bb5217
MD5 hash: 692bc45c68a4c2a3863f8804e209eae8
MIME type:text/plain
File name:image.vbs
File size:625 bytes
SHA256 hash: 212fa32bed0c2aee23b8f8ed6e7d70a31268de110ea6f8256b5e411b264475d2
MD5 hash: 7f7f2b3b6fce8c784f2a16e619850398
MIME type:text/plain
File name:Main.class
File size:1'569 bytes
SHA256 hash: a003828e60e6d174e694dc60b108b2b0d0cfceb0953935b16d3e58d29ab9c8bd
MD5 hash: 0cdbec459d84d5e27cc6f0daee34eb9e
MIME type:application/x-java-applet
File name:2
File size:346 bytes
SHA256 hash: 49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e
MD5 hash: 24d3b502e1846356b0263f945ddd5529
MIME type:text/plain
File name:charsets.jar
File size:3'090'355 bytes
SHA256 hash: 61f2041495df09f2e1b1fbada31947750cdc7a028df808ce5d6886eecc53879b
MD5 hash: 0fbb2f91f50647f71a2d56ea021c0914
MIME type:application/java-archive
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/caa12a25-4873-46d5-bdb9-207fd2dd0697/
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69e1357c45787c53e53a6343
Tags:
stration virus
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/e85e7e0d644266f59ff3cf85e301ce6e0b4f3c2c42aa5f57df999891cd768b3e
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/e85e7e0d644266f59ff3cf85e301ce6e0b4f3c2c42aa5f57df999891cd768b3e
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
File Type:
jar
Link:
https://opentip.kaspersky.com/e85e7e0d644266f59ff3cf85e301ce6e0b4f3c2c42aa5f57df999891cd768b3e/results?tab=lookup
Score:
42%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/e85e7e0d644266f59ff3cf85e301ce6e0b4f3c2c42aa5f57df999891cd768b3e
Verdict:
Malware
YARA:
5 match(es)
Tags:
Executable LNK LNK: Script Execution Malicious PDB Path PE (Portable Executable) PE File Layout Scripting.FileSystemObject T1218 WScript.Shell Zip Archive
Link:
https://app.malva.re/file/7ab9f535c6feb398c2d5e0f4f5fb33c3
Gathering data
Threat name:
Win32.Trojan.Voiv
Create hunting rule
Status:
Malicious
First seen:
2026-04-08 07:55:27 UTC
File Type:
Binary (Archive)
Extracted files:
20081
AV detection:
6 of 38 (15.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5bph4dleijtplh7tz6c6gaoonyfu6pbmikvf6v67tgmjdtlwrm7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.96
Link:
https://yomi.yoroi.company/submissions/e85e7e0d644266f59ff3cf85e301ce6e0b4f3c2c42aa5f57df999891cd768b3e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:Script_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies scripting artefacts in shortcut (LNK) files.
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments