MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4d788440fe7232667ab1c1062ee6521001c93f4f3f7dc32feb303cf420b64fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4d788440fe7232667ab1c1062ee6521001c93f4f3f7dc32feb303cf420b64fe
SHA3-384 hash: c376d199c342e64fe0c8cfa370264f5297fa16a4dfb7580623ba059cb7d871ab2e19ee6192992176505f489832be4f82
SHA1 hash: a8d10f2a13eb1faea6aabe81284d74257a768c18
MD5 hash: f3e219bbec3839b92f181da422e52db7
humanhash: alanine-arizona-monkey-gee
File name:chrome_elf.dll
Download: download sample
File size:117'799 bytes
First seen:2025-12-12 13:07:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 684c6cd906230409735a395e58c8b423
ssdeep 1536:bVhXusE6LjfMpfdRmIMBEb1uFGa4SbMVao6VxMfX7ojnKbHHKGds+yCZaZZVcF61:5hXusE6LLMpVRmxSbyoNHHMlVcFddw
TLSH T122B319C677C5ACBBD926633A88EBC335227DF6D407824B13583496350F236D0AE96783
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10522/11/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter burger
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
chrome_elf.dll
Verdict:
No threats detected
Analysis date:
2025-12-12 13:07:34 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ae2e7cba-7699-4860-94f1-c58f158530bb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/44420/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=693c1395bde6a3e59710ab68
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug hacktool masquerade overlay overlay packed
Link:
https://www.filescan.io/uploads/693c13c41eac7b9b76a7a25f/reports/246d3ce5-fecd-4d7b-b997-6cbec5d24ab7/overview
Verdict:
Malicious
Labled as:
Suspicious:Trojan.Vundo.imvf.dll
Link:
https://www.hybrid-analysis.com/sample/f4d788440fe7232667ab1c1062ee6521001c93f4f3f7dc32feb303cf420b64fe
Verdict:
Clean
File Type:
dll x64
Link:
https://opentip.kaspersky.com/f4d788440fe7232667ab1c1062ee6521001c93f4f3f7dc32feb303cf420b64fe/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/9e2ca09d-e782-4f67-832b-169ec5623d7e
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1831607
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1831607 Sample: chrome_elf.dll.exe Startdate: 12/12/2025 Architecture: WINDOWS Score: 48 19 Multi AV Scanner detection for submitted file 2->19 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        13 rundll32.exe 7->13         started        15 32 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Score:
5%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/f4d788440fe7232667ab1c1062ee6521001c93f4f3f7dc32feb303cf420b64fe
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/f3e219bbec3839b92f181da422e52db7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4d788440fe7232667ab1c1062ee6521001c93f4f3f7dc32feb303cf420b64fe/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/f4d788440fe7232667ab1c1062ee6521001c93f4f3f7dc32feb303cf420b64fe
Threat name:
Win64.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-12 13:07:35 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
14 of 37 (37.84%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6tlyqrap44rsmz5ldqigf3tfeeabze7u6p35ymx6wmb46qqlmt7a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251212-qdd1ms1pck/
Verdict:
Unknown
Tags:
dll coyote
YARA:
DLL_BankingTrojan_Coyote_Feb2024
Link:
https://app.threat.zone/submission/3016e26c-bbee-4bcc-96fd-552881d24a8f
Unpacked files
SH256 hash:
f4d788440fe7232667ab1c1062ee6521001c93f4f3f7dc32feb303cf420b64fe
MD5 hash:
f3e219bbec3839b92f181da422e52db7
SHA1 hash:
a8d10f2a13eb1faea6aabe81284d74257a768c18
Link:
https://www.unpac.me/results/507b78d9-f3a1-49f9-9f66-2f8750042636/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/f4d788440fe7232667ab1c1062ee6521001c93f4f3f7dc32feb303cf420b64fe

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DLL_BankingTrojan_Coyote_Feb2024
Create hunting rule
Author:Yashraj Solanki - Cyber Threat Intelligence Analyst at Bridewell
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/44420/

Comments