MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fba3d657c87ea72deb88222b1ce8e204b70f651a25d942edddf5f5ce49d0ad2a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fba3d657c87ea72deb88222b1ce8e204b70f651a25d942edddf5f5ce49d0ad2a
SHA3-384 hash: b870d9834726fe094a706892ae799c549ed672d091ff626da247b31b6f0dc1d3c81ad69f9719c76038454a110d74de61
SHA1 hash: c7ceb84a9710d04989112100cb23fa3d78192c49
MD5 hash: d76f24d9c5de2d55aa6224c5b19eaa53
humanhash: uncle-leopard-mountain-august
File name:fba3d657c87ea72deb88222b1ce8e204b70f651a25d942edddf5f5ce49d0ad2a
Download: download sample
File size:1'258'457 bytes
First seen:2026-05-27 09:20:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:WfX3Cf4AdqS75XxHXHUKP4drOn0cAeUkEpe08MtQCMv9CWD+XroJbDgpkntbDeSH:W/3RAdqWXxHX0KErw08MrMv9XD4roJoa
TLSH T12C4533AA8BC857C7378987F1134A5F2C2F6CEE4216376376610C130A4967FF1D94A1EA
Magika unknown
Reporter JAMESWT_WT
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
IT IT
File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:fpxtcqou.bin
File size:736'254 bytes
SHA256 hash: e6b27d993dab4948089152cb4d5089d2513adcee89799071c88e5ca7cd5b198a
MD5 hash: 1ce40dc28c60cfa609c80d824ab77825
MIME type:application/octet-stream
File name:igigebzq.dll
File size:5'632 bytes
SHA256 hash: 14591afd625066775a69dccad24e6c8deec22736083ea5c3f2a6804dcf00b506
MD5 hash: 6890a3996944478c94634f8e664c198d
MIME type:application/x-dosexec
File name:opnfzmcj.bin
File size:96'253 bytes
SHA256 hash: 0b6c8384f6cc48b4d18ad2cf05e7dd952ffae4b778e54232dde232402e60f2f2
MD5 hash: 7aa28b769567bbb6ff260654ce917f44
MIME type:application/octet-stream
File name:glxnsimv.bin
File size:95'744 bytes
SHA256 hash: 930c5c61e79ef4e94b5ea27d245699e4c2ed8fb848bdfa9a3f1ce1940c516c50
MD5 hash: 2aa3f40a93c0ee22573d768e4b3d71c5
MIME type:application/octet-stream
File name:VerbalContract.pdf
File size:422'736 bytes
SHA256 hash: abc69978f17dd55efa2976ca63b325e89f1fb14d7e0005e4aed02726766e88c2
MD5 hash: ed4007c873b26b68a61d9a28c7e78c0d
MIME type:application/pdf
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/6ec8f2d2-e436-44cc-b5ee-b0ec5243a0f9/
Detection(s):
SecuriteInfo.com.FileRepMalware.76326473.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a16b7765d76862ef948346a
Tags:
emotet
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug explorer lolbin
Link:
https://www.filescan.io/uploads/6a16b77712da0d249c59916f/reports/6fcb4513-71d7-4990-9a15-0cbfae8b7053/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/fba3d657c87ea72deb88222b1ce8e204b70f651a25d942edddf5f5ce49d0ad2a
Verdict:
Clean
File Type:
zip
Link:
https://opentip.kaspersky.com/fba3d657c87ea72deb88222b1ce8e204b70f651a25d942edddf5f5ce49d0ad2a/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/fba3d657c87ea72deb88222b1ce8e204b70f651a25d942edddf5f5ce49d0ad2a
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fba3d657c87ea72deb88222b1ce8e204b70f651a25d942edddf5f5ce49d0ad2a/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/fba3d657c87ea72deb88222b1ce8e204b70f651a25d942edddf5f5ce49d0ad2a
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7or5mv6ip2ts324ieivrz2hcas3q6zi2exmuf3o56x244soqvuva._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
adware discovery link pdf spyware
Link:
https://tria.ge/reports/260527-mlrpxsdw9x/
Behaviour
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/fba3d657c87ea72deb88222b1ce8e204b70f651a25d942edddf5f5ce49d0ad2a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments