MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5faef66d2e30fcb98e7dd2928ea8429fd2c54fa152f6d34ffcbec117f7ecda1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5faef66d2e30fcb98e7dd2928ea8429fd2c54fa152f6d34ffcbec117f7ecda1
SHA3-384 hash: 21a874e67fe1995695be886b25637c20d0583229caf24db6536085a1d6208dab9d3e5f2f060c8de6ce31d7847103b93c
SHA1 hash: edfbe2763507a830c0053b48cd69811df05ac1ef
MD5 hash: 202e7f030f8fdc15e5fccf3c2c1f8798
humanhash: kitten-two-burger-one
File name:Qbix01.exe
Download: download sample
File size:222'573 bytes
First seen:2026-02-22 14:04:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d5767c61bcba8fe60f19ed4c2a80639b
ssdeep 6144:uRgym92YGB+40vPLfmHA368tv60seaqBRqNGsJE+:u6fu+40vPDFvnBamqQ4d
TLSH T19924D02039E8CDF6E2422471DE593BE5E1F4D3680E2649373794492C7FBEA46C106FA9
TrID 39.7% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
21.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
8.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
8.3% (.EXE) Win64 Executable (generic) (6522/11/2)
6.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
dhash icon e82b2b2b2b2b2b96
Reporter abuse_ch
Tags:exe upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 f4fbdd1877e4ab82978a14474e0c823aa7ac8dd7bd7fa6b23ce9a20dfe47fda0
File size (compressed) :168'813 bytes
File size (de-compressed) :222'573 bytes
Format:win32/pe
Packed file: f4fbdd1877e4ab82978a14474e0c823aa7ac8dd7bd7fa6b23ce9a20dfe47fda0

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
_f5faef66d2e30fcb98e7dd2928ea8429fd2c54fa152f6d34ffcbec117f7ecda1.exe
Verdict:
No threats detected
Analysis date:
2026-02-22 14:09:47 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5abe2ce0-6aa2-4dd8-9170-57948ff37801

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/54066/
Detection(s):
SecuriteInfo.com.W32.Heuristic_COC.31208.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.not-a-virus.RemoteAdmin.Win32.WinVNC-based.c.26856.10440.2916.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.not-a-virus.RemoteAdmin.Win32.WinVNC.aha.6336.32249.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Malware.Undefined8.CCLOUD.25908.UNOFFICIAL
Create hunting rule

PUA.Win.Packer.Embedpe-3
Create hunting rule

PUA.Win.Packer.AcprotectUltraprotect-1
Create hunting rule

PUA.Win.Trojan.VNC-47
Create hunting rule

Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=699b0d308fffa866e3b089fa
Tags:
applicunsaf injection dropper madi
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
DNS request
Connection attempt
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context installer installer installer-heuristic microsoft_visual_cc overlay
Link:
https://www.filescan.io/uploads/699b0d4491ad9169e533384b/reports/85fc411f-8279-4f0c-98e7-7750f41456e0/overview
Verdict:
Malicious
Labled as:
Risk.RemoteAdmin.vl
Link:
https://www.hybrid-analysis.com/sample/f5faef66d2e30fcb98e7dd2928ea8429fd2c54fa152f6d34ffcbec117f7ecda1
Verdict:
Adware
File Type:
exe x32
Detections:
Virus.DOS.ExeHeader.277.a not-a-virus:VHO:RemoteAdmin.Win32.WinVNC.gen not-a-virus:BSS:RemoteAdmin.Win32.Ammyy.a not-a-virus:RemoteAdmin.Win32.WinVNC.aha
Link:
https://opentip.kaspersky.com/f5faef66d2e30fcb98e7dd2928ea8429fd2c54fa152f6d34ffcbec117f7ecda1/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/40199a8a-4cf1-46c1-bf79-64ffc50997e0
Result
Threat name:
UltraVNC
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1873082
Signature
Multi AV Scanner detection for submitted file
Yara detected UltraVNC Hacktool
Behaviour
Behavior Graph:
Download SVG
Score:
93%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/f5faef66d2e30fcb98e7dd2928ea8429fd2c54fa152f6d34ffcbec117f7ecda1
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout SFX 7z Win 32 Exe x86
Link:
https://app.malva.re/file/202e7f030f8fdc15e5fccf3c2c1f8798
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f5faef66d2e30fcb98e7dd2928ea8429fd2c54fa152f6d34ffcbec117f7ecda1/
Verdict:
Malicious
Threat:
RemoteAdmin.Win32.WinVNC
Link:
https://tip.neiki.dev/file/f5faef66d2e30fcb98e7dd2928ea8429fd2c54fa152f6d34ffcbec117f7ecda1
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6x5o6zws4mh4xghh3uusr2uefh6syvh2cuxw2nh7zpwbc736zwqq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/260222-rd5zssfw6e/
Behaviour
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Executes dropped EXE
Unpacked files
SH256 hash:
f5faef66d2e30fcb98e7dd2928ea8429fd2c54fa152f6d34ffcbec117f7ecda1
MD5 hash:
202e7f030f8fdc15e5fccf3c2c1f8798
SHA1 hash:
edfbe2763507a830c0053b48cd69811df05ac1ef
Link:
https://www.unpac.me/results/c4753cff-7d8c-42e0-82bb-cd77f880080a/
SH256 hash:
50831333c6ba49fc871ca20f4a4778119e24fb975912023fd4c8bfd72b45c191
MD5 hash:
77de6bb7c680776fa67a5646072b7fed
SHA1 hash:
7f3c35d85c96ff903844feaf1aed010a34119c40
Link:
https://www.unpac.me/results/c4753cff-7d8c-42e0-82bb-cd77f880080a/
SH256 hash:
a008130b2059b1a73ed8b4a80bbbb88e761d69c6367f4d62d4deb0b57ff84e70
MD5 hash:
49d6e2074501c6a6ff5a126d0423ab40
SHA1 hash:
fc95b01602949e6fac69b3d36f336d26edb1a73f
Link:
https://www.unpac.me/results/c4753cff-7d8c-42e0-82bb-cd77f880080a/
SH256 hash:
31631a0d026bad0754b7e048127d0f1a7b0cfa611dfe62d3589ecada6fc188d0
MD5 hash:
4a888ea697fc2a5105d26ddad596f545
SHA1 hash:
41693aa1fa194e82b7612f4262305678d112669e
Link:
https://www.unpac.me/results/c4753cff-7d8c-42e0-82bb-cd77f880080a/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f4fbdd1877e4ab82978a14474e0c823aa7ac8dd7bd7fa6b23ce9a20dfe47fda0

Executable exe f5faef66d2e30fcb98e7dd2928ea8429fd2c54fa152f6d34ffcbec117f7ecda1

(this sample)

  
Dropped by
SHA256 f4fbdd1877e4ab82978a14474e0c823aa7ac8dd7bd7fa6b23ce9a20dfe47fda0
  
Dropped by
MD5 28900c28195201a3559472230bb012b2
Cape
Cape
https://www.capesandbox.com/analysis/54066/
  
URLhaus
https://urlhaus.abuse.ch/url/3783601/
  
Delivery method
Distributed via web download

Comments