MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3e14e4d8700f7bdd685b1087e64155e0aba558e1bcf9a7b52b9528983cf4f1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3e14e4d8700f7bdd685b1087e64155e0aba558e1bcf9a7b52b9528983cf4f1b
SHA3-384 hash: e9bde7a8cf48d89268b9cdcba52ea4cb3cc83bdaf6640160a516e5ca81f57367e490c5f10fd6b04bcc90cd4843cbcbc1
SHA1 hash: 46bfdbd879e00c8a2b91d85c1b7fdbc1d7c21a29
MD5 hash: 5c53a67180b7493b3871866603ae233e
humanhash: tennis-robin-hot-cola
File name:VXGFD45.exe
Download: download sample
File size:50'176 bytes
First seen:2025-07-01 17:00:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 768:ptKz73KvLt3OmOibYeilFErKsT1B3A0LeH3M:XK33o3OmOMYtxsT1q+ec
TLSH T1A833D5AA3BFADA9FE38A9739E05261C52B34C5147A03F34FE57443395E6B3F42848211
TrID 44.4% (.EXE) Win64 Executable (generic) (10522/11/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
7
Origin country :
SE SE
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/11845/
Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6864143637c3436779487b64
Tags:
emotet micro virus hype
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a file
Connection attempt to an infection source
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 crypto_obfuscator_for_net obfuscated packed zero
Link:
https://www.filescan.io/uploads/68641433ee5b1c8f3d231bbc/reports/8428eabb-f96f-4bda-8726-b7beb2100825/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/f3e14e4d8700f7bdd685b1087e64155e0aba558e1bcf9a7b52b9528983cf4f1b
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/a95f03d3-b6c0-4951-8ae6-b77e1d4fbce2
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1726577
Signature
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Joe Sandbox ML detected suspicious sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
85%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/f3e14e4d8700f7bdd685b1087e64155e0aba558e1bcf9a7b52b9528983cf4f1b
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) Win 64 Exe x64
Link:
https://app.malva.re/file/5c53a67180b7493b3871866603ae233e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f3e14e4d8700f7bdd685b1087e64155e0aba558e1bcf9a7b52b9528983cf4f1b/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6pqu4tmhad333vufweeh4zavlyfluvmodphzu62sxfjita6pj4nq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250701-vh8g9sw1cv/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/51eba387-ae63-43af-952b-c3d349845f98
Unpacked files
SH256 hash:
f3e14e4d8700f7bdd685b1087e64155e0aba558e1bcf9a7b52b9528983cf4f1b
MD5 hash:
5c53a67180b7493b3871866603ae233e
SHA1 hash:
46bfdbd879e00c8a2b91d85c1b7fdbc1d7c21a29
Link:
https://www.unpac.me/results/5dc44405-de30-4a46-860a-8dbe7b6db69d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f3e14e4d8700f7bdd685b1087e64155e0aba558e1bcf9a7b52b9528983cf4f1b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Lumma_Stealer_Detection
Create hunting rule
Author:ashizZz
Description:Detects a specific Lumma Stealer malware sample using unique strings and behaviors
Reference:https://seanthegeek.net/posts/compromized-store-spread-lumma-stealer-using-fake-captcha/
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f3e14e4d8700f7bdd685b1087e64155e0aba558e1bcf9a7b52b9528983cf4f1b

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/11845/
  
URLhaus
https://urlhaus.abuse.ch/url/3573095/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments