MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 faaa4d005314440dfd7ed5fa2f522e1a2642f08ec3bf0c1e2779a39bf4268349. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: faaa4d005314440dfd7ed5fa2f522e1a2642f08ec3bf0c1e2779a39bf4268349
SHA3-384 hash: 9ac2390f79138965dd36e2021bdfe96db15f3f14d40ae2126ec187351745311bb8c354039b8ffd84da84338414d835fc
SHA1 hash: e796ec32c392496ae9fb42be108784ea825485f3
MD5 hash: a83b39f647ef100c992ea19f7c5a9595
humanhash: beer-uncle-lactose-low
File name:0BRK22Z336890ESNQO_Arb748491G1F8Vougrn.iso
Download: download sample
File size:5'853'184 bytes
First seen:2026-04-17 14:36:26 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 49152:6eOtozvwz4H9w+CRLHee+xnHiWIsdd3aUGhLOChYVFjdHZHCvAJ1egJYBrIfuim/:duim3YGGWF
TLSH T1A2462332FF4148B6C14103F5792F6E362F3E7B17494899E779AC49837B1AE805A2F099
TrID 87.8% (.NULL) null bytes (2048000/1)
10.9% (.HTP) HomeLab/BraiLab Tape image (256000/1)
0.5% (.WAR) Warcraft game data archive (12007/4/6)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.2% (.CPT) Mac Compact Pro archive (5000/1/2)
Magika iso
Reporter abuse_ch
Tags:ESP geo iso

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
CH CH
File Archive Information

This file archive contains 13 file(s), sorted by their relevance:

File name:esapq2.xml
File size:81'176 bytes
SHA256 hash: 20186a2657ee3c17e5b7ee5654ac73b7d34b5d480380f7c80e02955ef3d772a8
MD5 hash: 0ddb14f218c5dbff6daab48a38bd95ec
MIME type:application/x-dosexec
File name:lhzvg1.xml
File size:112'392 bytes
SHA256 hash: b3bb763a0cf0679082ff569af9b07c9bd5b08bc5bf63ce6b7ebbd47608de3a44
MD5 hash: bc2b27cf1d3b9e566038f6c9d0007a92
MIME type:application/x-dosexec
File name:eoktb4.pdf
File size:26'232 bytes
SHA256 hash: 9ac4720f28e78e2b1b6018f3197bbed351b09b2184ebed72cf5d9265d5fa88d8
MD5 hash: 54c3542ca29bd3d219dee1479a199799
MIME type:application/pdf
File name:nqben9.pdf
File size:25'845 bytes
SHA256 hash: 8b5a629e8c5747ac1982a7225bd34451654490329881065e2678084b5819dfc7
MD5 hash: 21cb523a70c080484df13129a5c2bc3f
MIME type:application/pdf
File name:ArbitrjMA4E2328cbjh-YTKFM8RVL958427ZIXJIL.vbs
File size:4'971'912 bytes
SHA256 hash: 327aa44733c9f8d2100e4c3b2fb3dae147f2734ac76cc20e8a8ae506ebb1c85a
MD5 hash: 4cff3ae835812ec90d603fa14bf7290f
MIME type:text/plain
File name:uxim8.pdf
File size:31'341 bytes
SHA256 hash: 6390ac36da3dcf002e5bca4c46658752c0ddfe5ee1e53b0ca625ccd4fa9b6e3a
MD5 hash: 73bbcb776f8bc6121e82920deb0c04cc
MIME type:application/pdf
File name:bloj6.pdf
File size:21'113 bytes
SHA256 hash: 7ab7b67d4173b8c036bd68137651eae7bc44e4b522195721e6f8995e6e9b490f
MD5 hash: 26b4c8d094ed433bc6da3f3425040d59
MIME type:application/pdf
File name:yaptzg3.pdf
File size:20'110 bytes
SHA256 hash: 19012ffd6dc8cc3819441f571044c65861cd67e0161e8e8777792ff79fc913fd
MD5 hash: 76f58c30a8e1695160e656e9599a99ff
MIME type:application/pdf
File name:sidmg5.pdf
File size:25'562 bytes
SHA256 hash: 729d923b61d77dd4904b3a4fc86e89217427b3d722834453cd3d41b865e5676a
MD5 hash: 10c0d7ba6d2ed43ed2cbcfca0a224352
MIME type:application/pdf
File name:ajdpe1.pdf
File size:38'157 bytes
SHA256 hash: c1736c0e97cc1adc61a56d56a133e2d64b63c4621f71039e5fcea6b082ab68ea
MD5 hash: d3ee7812be0cebe8bed4d16c04117029
MIME type:application/pdf
File name:ehrr7.pdf
File size:26'416 bytes
SHA256 hash: 5abfe03dd20b72a68c4eac8a873095454246c98b5156c49674186fdf0a4807eb
MD5 hash: d536949340eab744d84698ba4dfdcc9a
MIME type:application/pdf
File name:ezeq2.pdf
File size:45'593 bytes
SHA256 hash: 6c0fbfd95c9b63dbacf600975cb9f86b0a4ab183fb5bc6700d35454ac2ccdc80
MD5 hash: 6870b47197786a7be8b0b708f6bc3055
MIME type:application/pdf
File name:ycrgd10.pdf
File size:25'216 bytes
SHA256 hash: dcd115f95c3bd1ae2ee4479c9dcaf96391f900845d21844e546bc2e3b1c469f5
MD5 hash: 172e9ca72d015f8da1fe7ec3acb0b3e5
MIME type:application/pdf
Vendor Threat Intelligence
Malware configuration found for:
Archives
Details
Archives
extracted archive contents
Link:
https://research.acce.ciphertechsolutions.com/results/b2165ada-6a83-4ac6-bd95-82c106e47713/
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69e2459bf68adfe1003aca20
Tags:
vmdetect
Verdict:
Suspicious
Labled as:
VBS/Agent.CNT
Link:
https://www.hybrid-analysis.com/sample/faaa4d005314440dfd7ed5fa2f522e1a2642f08ec3bf0c1e2779a39bf4268349
Verdict:
Malicious
File Type:
iso
First seen:
2026-04-17T11:59:00Z UTC
Last seen:
2026-04-17T20:05:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.VBS.SAgent.gen HEUR:Trojan.Script.Generic HEUR:Trojan-Downloader.Script.Generic
Link:
https://opentip.kaspersky.com/faaa4d005314440dfd7ed5fa2f522e1a2642f08ec3bf0c1e2779a39bf4268349/results?tab=lookup
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
CAB:COMPRESSION:MSZIP PDF /OpenAction PDF Contains AutoAction
Link:
https://app.malva.re/file/a83b39f647ef100c992ea19f7c5a9595
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/faaa4d005314440dfd7ed5fa2f522e1a2642f08ec3bf0c1e2779a39bf4268349/
Verdict:
Malicious
Threat:
Family.WEEDHACK
Link:
https://tip.neiki.dev/file/faaa4d005314440dfd7ed5fa2f522e1a2642f08ec3bf0c1e2779a39bf4268349
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-04-17 14:37:55 UTC
File Type:
Binary (Archive)
Extracted files:
57
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7kve2actcrca37l62x5c6uroditef4eoyo7qyhrhpgrzx5bgqneq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
adware discovery link pdf qr spyware
Link:
https://tria.ge/reports/260417-r66f2acv9y/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks computer location settings
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/faaa4d005314440dfd7ed5fa2f522e1a2642f08ec3bf0c1e2779a39bf4268349

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

iso faaa4d005314440dfd7ed5fa2f522e1a2642f08ec3bf0c1e2779a39bf4268349

(this sample)

Visual Basic Script (vbs) vbs 327aa44733c9f8d2100e4c3b2fb3dae147f2734ac76cc20e8a8ae506ebb1c85a

  
URLhaus
https://urlhaus.abuse.ch/url/3824487/
  
Dropping
MD5 4cff3ae835812ec90d603fa14bf7290f
  
Delivery method
Distributed via web download
  
Dropping
SHA256 327aa44733c9f8d2100e4c3b2fb3dae147f2734ac76cc20e8a8ae506ebb1c85a

Comments