5c2857913efc6007b3ee7028a132baa4
Hash
- MD5: 5c2857913efc6007b3ee7028a132baa4
- SHA1: fb4a5849fe2a1bae3fc974fe9bb2f4d87948a885
- SHA256: 016cc33b8ff5dd4c7ef1f585ca782db994a620ed73fa127597723512b68744cd
- First Seen: 2026-05-15
- Last Seen: 2026-05-15
-
1
Related Reports
-
0
Related IOCs
Additional Information
MalwareBazaar
{
"query_status": "ok",
"data": [
{
"sha256_hash": "016cc33b8ff5dd4c7ef1f585ca782db994a620ed73fa127597723512b68744cd",
"sha3_384_hash": "3704885cc993cf7044ad7eac6395c652bbb1387cc3532535b05859e68ebbb0b2c10dacbed6e78308f8304465f98f6301",
"sha1_hash": "fb4a5849fe2a1bae3fc974fe9bb2f4d87948a885",
"md5_hash": "5c2857913efc6007b3ee7028a132baa4",
"first_seen": "2026-03-14 06:32:51",
"last_seen": null,
"file_name": "PumpGuard-Pumpfun-AI-Attack-Defence-Requirements.pdf.zip",
"file_size": 6464,
"file_type_mime": "application/zip",
"file_type": "zip",
"file_format": null,
"file_arch": null,
"reporter": "smica83",
"origin_country": "HU",
"anonymous": 0,
"signature": null,
"imphash": null,
"tlsh": "T1C7D1095506C7A04CE5FA61BA7D51BC78C56A091E7DED8EBD2BD2A04C7C821C22A2EE40",
"telfhash": null,
"gimphash": null,
"ssdeep": "96:xNcXfJjfRkoD/fqzbppWiYj8vKyCJSH+PE2LzvFM:xEJjpkTfUzJSEEMzi",
"magika": "zip",
"dhash_icon": null,
"trid": null,
"comment": null,
"archive_pw": null,
"tags": [
"DPRK",
"UKR",
"zip"
],
"code_sign": null,
"delivery_method": null,
"intelligence": {
"clamav": [
"Sanesecurity.Foxhole.Lnk_Zip_1.UNOFFICIAL",
"Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL",
"TwinWave.EvilLNK.KingForADaypshell.20231121.UNOFFICIAL",
"Win.Trojan.Suspect-34"
],
"downloads": "153",
"uploads": "1",
"mail": null
},
"file_information": null,
"ole_information": [],
"yara_rules": [
{
"rule_name": "EXT_EXPL_ZTH_LNK_EXPLOIT_A",
"author": "Peter Girnus",
"description": "This YARA file detects padded LNK files designed to exploit ZDI-CAN-25373.",
"reference": "https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html"
},
{
"rule_name": "Large_filesize_LNK",
"author": "@bartblaze",
"description": "Identifies shortcut (LNK) file larger than 100KB. Most goodware LNK files are smaller than 100KB.",
"reference": null
},
{
"rule_name": "PS_in_LNK",
"author": "@bartblaze",
"description": "Identifies PowerShell artefacts in shortcut (LNK) files.",
"reference": null
},
{
"rule_name": "SUSP_LNK_Big_Link_File",
"author": "Florian Roth (Nextron Systems)",
"description": "Detects a suspiciously big LNK file - maybe with embedded content",
"reference": "Internal Research"
},
{
"rule_name": "SUSP_LNK_Big_Link_File_RID2EDD",
"author": "Florian Roth",
"description": "Detects a suspiciously big LNK file - maybe with embedded content",
"reference": "Internal Research"
},
{
"rule_name": "Sus_CMD_Powershell_Usage",
"author": "XiAnzheng",
"description": "May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)",
"reference": null
}
],
"vendor_intel": {
"CERT-PL_MWDB": {
"detection": null,
"link": "https://mwdb.cert.pl/sample/016cc33b8ff5dd4c7ef1f585ca782db994a620ed73fa127597723512b68744cd/"
},
"YOROI_YOMI": {
"detection": "Malicious File",
"score": "1.00"
},
"InQuest": {
"verdict": "MALICIOUS",
"url": "https://labs.inquest.net/dfi/sha256/016cc33b8ff5dd4c7ef1f585ca782db994a620ed73fa127597723512b68744cd",
"details": [
{
"category": "suspicious",
"title": "Hidden Powershell",
"description": "Detected a pivot to Powershell that utilizes commonly nefarious attributes such as '-windowstyle hidden'."
}
]
},
"DocGuard": {
"verdict": "Malicious",
"filetype": "LNK File - Malicious",
"alertlevel": "0",
"urls": []
},
"Triage": {
"malware_family": null,
"score": "8",
"link": "https://tria.ge/reports/260314-jtdlgsaz8v/",
"tags": [
"execution"
],
"signatures": [
{
"signature": "Badlisted process makes network request",
"score": "8"
},
{
"signature": "Command and Scripting Interpreter: PowerShell",
"score": "8"
},
{
"signature": "Checks computer location settings",
"score": "7"
},
{
"signature": "Contacts third-party web service commonly abused for C2",
"score": "6"
},
{
"signature": "Enumerates physical storage devices",
"score": "3"
},
{
"signature": "Suspicious behavior: EnumeratesProcesses",
"score": null
},
{
"signature": "Suspicious use of AdjustPrivilegeToken",
"score": null
},
{
"signature": "Suspicious use of WriteProcessMemory",
"score": null
}
],
"malware_config": []
},
"ReversingLabs": {
"threat_name": "Shortcut.Trojan.Sonbokli",
"status": "MALICIOUS",
"first_seen": "2026-03-14 06:33:19",
"scanner_count": "24",
"scanner_match": "16",
"scanner_percent": "66.67"
},
"Spamhaus_HBL": [
{
"detection": "suspicious",
"link": "https://www.spamhaus.org/hbl/"
}
],
"FileScan-IO": {
"verdict": "MALICIOUS",
"threatlevel": "1.0",
"confidence": "1.0",
"report_link": "https://www.filescan.io/uploads/69b5012b367b6bc6ee7db8dc/reports/d321f273-3676-4845-aa39-decb7a322229/overview"
},
"Kaspersky": {
"verdict": "Malware",
"file_type": "zip",
"first_seen": "",
"last_seen": "",
"hitscount": 0,
"report_link": "https://opentip.kaspersky.com/016cc33b8ff5dd4c7ef1f585ca782db994a620ed73fa127597723512b68744cd/results?tab=lookup",
"detections": []
}
},
"comments": null
}
]
}