MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eff814665d2add26030b1717c8d2b5501d9f8d0fe6e147b289c70d8646acea28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA 8 File information Comments

SHA256 hash:	eff814665d2add26030b1717c8d2b5501d9f8d0fe6e147b289c70d8646acea28
SHA3-384 hash:	37ec881a44f3e3057c4558105e7105d0c5fc0540d963af71e12c14fc7276428e5d25f0e7ec72fd56b8e80746a631247e
SHA1 hash:	2988d3da41d1570ecccb84271a526ed8110c41fa
MD5 hash:	d67f3eb6d7d331867554b7fea806efd6
humanhash:	utah-winter-west-victor
File name:	Dokumen_cukai.zip
Download:	download sample
File size:	1'667'538 bytes
First seen:	2026-03-16 14:31:16 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	49152:DQGZI/MtQ6Gzib7f4LlGECZihTfOi9mEW:pZWjze74BGFshzOi9mX
TLSH	T1C57533ED2A8CF497FE5B1B687BB31625965880276D22CFDF9DEB44031CA0814EC758C6
Magika	zip
Reporter	smica83
Tags:	zip

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 6 file(s), sorted by their relevance:

File name:	v.exe
File size:	1'342'632 bytes
SHA256 hash:	09923d7bf4d4314003ad086dae8ce89b93ae25ca74589e5886a709a37b619573
MD5 hash:	4deeae6777404a647e54fed7d9f28224
MIME type:	application/x-dosexec

File name:	libsmartscreenn.dll
File size:	105'984 bytes
SHA256 hash:	5973eb911f7bee7f90d940c08d32bd441d386bf6913fbbe2a7279b07ef68889f
MD5 hash:	f642b48ed43d09e00e0e8a9a655263b0
MIME type:	application/x-dosexec

File name:	work.bin
File size:	113'854 bytes
SHA256 hash:	e196cfc38811c446d830b96402878d94d3d75e49978b1e18af8987934df72b0d
MD5 hash:	fd44fef1f79cfac4bb275db3026dd043
MIME type:	application/octet-stream

File name:	vvsh.bin
File size:	1'480 bytes
SHA256 hash:	187e3658ef6bb7cb424aa93a46b40debc767b69212b1978a2dce3f066f63f3b9
MD5 hash:	23498e11312f2f168fa20c97b8151bcd
MIME type:	application/octet-stream

File name:	AppInstaller.exe
File size:	2'649'656 bytes
SHA256 hash:	e67659cec3aaac0edc4fb12ac80da5bfb0ab8a104f6cdfd96c62db475bc96e6b
MD5 hash:	3e9982144ade383386792119b130a37c
MIME type:	application/x-dosexec

File name:	CO.exe
File size:	119'856 bytes
SHA256 hash:	67ef79fb3485188d2e9d7374ae3f8be21d4d675042fa1e81a353c80723406dee
MD5 hash:	87fd3e876829413b8c214bfcc2845cd3
MIME type:	application/x-dosexec

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/bf49edf9-b8d5-431f-8c35-a2dce26b1fdf/

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69b8147493b644ca466aa103

Tags:

n/a

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/eff814665d2add26030b1717c8d2b5501d9f8d0fe6e147b289c70d8646acea28

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/eff814665d2add26030b1717c8d2b5501d9f8d0fe6e147b289c70d8646acea28

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

File Type:

zip

Link:

https://opentip.kaspersky.com/eff814665d2add26030b1717c8d2b5501d9f8d0fe6e147b289c70d8646acea28/results?tab=lookup

Verdict:

inconclusive

YARA:

2 match(es)

Tags:

Zip Archive

Link:

https://app.malva.re/file/d67f3eb6d7d331867554b7fea806efd6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/eff814665d2add26030b1717c8d2b5501d9f8d0fe6e147b289c70d8646acea28/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2026-03-11 10:38:45 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

10 of 24 (41.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=574bizs5flosmaylc4l4ruvvkaoz7dip43qupmujy4gymrvm5iua._file

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/260316-vd4zaadt81/

Behaviour

Suspicious use of WriteProcessMemory

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/eff814665d2add26030b1717c8d2b5501d9f8d0fe6e147b289c70d8646acea28

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerHiding__Thread Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants

Rule name:	meth_stackstrings Create hunting rule
Author:	Willi Ballenthin

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample