MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2dfef0050dac212ceb9e8c91e31a7f6d229b2ccde1cf1d2eabc8d7d11d738324. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2dfef0050dac212ceb9e8c91e31a7f6d229b2ccde1cf1d2eabc8d7d11d738324
SHA3-384 hash: 8fb1530bbc907b1cbcd14a0d3c78b96355ea71ef36346b2a1c4778691432579ae722a6eb3ab3cec928544a709fbdf52f
SHA1 hash: 533c89ec99c6a34c7bc7ee5137740847c7504856
MD5 hash: 3857372a6e9bda05eed5db731b2205d1
humanhash: mike-march-finch-paris
File name:ldplayer9_Installers_windos_x64.6.3.3.exe
Download: download sample
File size:84'072'997 bytes
First seen:2026-04-22 15:46:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c05041e01f84e1ccca9c4451f3b6a383 (141 x RedLineStealer, 103 x GuLoader, 64 x DiamondFox)
ssdeep 1572864:STRtltSSSBTaUkcCJyLzYO2Bu2tsbwbZIrSVFeEQeDjQRxAwh1J1FM+EMs41:SlXtSSSxZLEO282tsYS4JQs0RxAwh1FZ
Threatray 4 similar samples on MalwareBazaar
TLSH T1010833A8FCF1C09FF8AFD439F1311A359DE1CDBE064AA9083156B2B1889E746E85D50D
TrID 50.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
10.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.5% (.EXE) Win64 Executable (generic) (6522/11/2)
8.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.2% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon f08e96b2ba9a8af4 (7 x ValleyRAT)
Reporter Ling
Tags:exe FakeApp Shellcode Trojan.Win32.Shellcode


Avatar
CNGaoLing
Trojan.Win32.Shellcode

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
US US
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/9b640ffc-3ec2-425c-bb4d-52b65c8f2fd2/
Malware family:
n/a
ID:
1
File name:
ldplayer964633.exe
Verdict:
No threats detected
Analysis date:
2026-04-22 15:40:02 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8d68c95a-52b0-44bf-9beb-a954939a2213

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69e8eb9951cce3ff702f0f40
Tags:
virus
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a window
Creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug evasive installer installer installer-heuristic microsoft_visual_cc nsis smb soft-404
Link:
https://www.filescan.io/uploads/69e8ed6b3e07376f2fc711a0/reports/57c64caf-f4b8-4f70-8159-3325be8469cc/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/2dfef0050dac212ceb9e8c91e31a7f6d229b2ccde1cf1d2eabc8d7d11d738324
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-04-22T02:01:00Z UTC
Last seen:
2026-04-23T03:03:00Z UTC
Hits:
~10
Detections:
Trojan-Downloader.Agent.TCP.C&C PDM:Trojan.Win32.Generic PDM:Exploit.Win32.Generic Trojan.Win32.Shellcode.sb HEUR:Trojan.Win32.Loader.gen HEUR:Trojan-Dropper.Win32.Agent.gen HEUR:Trojan-Downloader.Win32.Agent.gen
Link:
https://opentip.kaspersky.com/2dfef0050dac212ceb9e8c91e31a7f6d229b2ccde1cf1d2eabc8d7d11d738324/results?tab=lookup
Score:
66%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/2dfef0050dac212ceb9e8c91e31a7f6d229b2ccde1cf1d2eabc8d7d11d738324
Gathering data
Verdict:
Malicious
Threat:
Trojan.Win32.Shellcode
Link:
https://tip.neiki.dev/file/2dfef0050dac212ceb9e8c91e31a7f6d229b2ccde1cf1d2eabc8d7d11d738324
Threat name:
Win32.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2026-04-22 08:49:59 UTC
File Type:
PE (Exe)
Extracted files:
1855
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fx7pabinvqqsz246rsi6ggt7nurjwlgn4hhr2lvlzdl5chltqmsa._file
Verdict:
malicious
Label(s):
donutloader
Create hunting rule
Similar samples:
2dfef0050dac212ceb9e8c91e31a7f6d229b2ccde1cf1d2eabc8d7d11d738324
89e382df6016199cbee7bd8732b517b36e2e9b0d3efc54e766d3485b67a46646
cda8b9c1cb730cc256b447fd3cdf6e8c0de981c1dec3e1d1fb372c645c28fb94
error
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/260422-s73l7sav5q/
Behaviour
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Loads dropped DLL
Malware family:
DonutLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/2dfef0050dac/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2dfef0050dac212ceb9e8c91e31a7f6d229b2ccde1cf1d2eabc8d7d11d738324

(this sample)

  
Delivery method
Distributed via web download

Comments