MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e8a1c7702e1a9b888499a2632f18cad60b6003f9b63d8d46b7bdf1ac9f8a4ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e8a1c7702e1a9b888499a2632f18cad60b6003f9b63d8d46b7bdf1ac9f8a4ff
SHA3-384 hash: 786a8bb4ad6d4a89fdfff35ed49a25e4591ebb7e769dec1cf20567efbe6b986c683bcf5c7e10409c68bfa709c1f93b42
SHA1 hash: 2811403cc1e56f4cc3abd6b9e864424b56efc3a6
MD5 hash: a7056a17f5070e062412e8953c2cafcb
humanhash: high-november-butter-salami
File name:DEMO.exe
Download: download sample
File size:90'215'424 bytes
First seen:2026-01-08 09:55:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bf3f5698d1c8e5d8bbe8d194ac5d544
ssdeep 786432:gAZqtFi3zQzwBs6vNtcZY5Dfw3pgPVlcmXW:gAZui3zQz2jOZKft
TLSH T1B5187D13B3A705D5E8F7DA3096E65223A932BC066F3085DF324C17262F73AE05A76B51
TrID 63.5% (.EXE) Win64 Executable (generic) (10522/11/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Ling
Tags:exe Malgent Trojan:Win64/Malgent!MSR


Avatar
CNGaoLing
This sample has been reviewed by Microsoft researchers and determined to be malware. (Trojan:Win64/Malgent!MSR)

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'191
Origin country :
US US
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/86d05734-5474-42a5-9e28-3e6671d70b14/
Malware family:
n/a
ID:
1
File name:
_4e8a1c7702e1a9b888499a2632f18cad60b6003f9b63d8d46b7bdf1ac9f8a4ff
Verdict:
No threats detected
Analysis date:
2026-01-08 09:59:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d4927504-fb5c-427a-982c-b016fd2cbc08

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=695f7f3e9922425f92febb63
Tags:
trickbot virus
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug crypto fingerprint microsoft_visual_cc obfuscated
Link:
https://www.filescan.io/uploads/695f7f316c34f71773c637ba/reports/f35a960f-0086-45de-9522-21c32969a5cc/overview
Verdict:
Malicious
Labled as:
JS/Packed.Agent_AGen
Link:
https://www.hybrid-analysis.com/sample/4e8a1c7702e1a9b888499a2632f18cad60b6003f9b63d8d46b7bdf1ac9f8a4ff
Verdict:
Clean
File Type:
exe x64
First seen:
2026-01-07T14:51:00Z UTC
Last seen:
2026-01-08T14:08:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/4e8a1c7702e1a9b888499a2632f18cad60b6003f9b63d8d46b7bdf1ac9f8a4ff/results?tab=lookup
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/4e8a1c7702e1a9b888499a2632f18cad60b6003f9b63d8d46b7bdf1ac9f8a4ff
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/4e8a1c7702e1a9b888499a2632f18cad60b6003f9b63d8d46b7bdf1ac9f8a4ff
Threat name:
Win64.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-01-08 01:28:05 UTC
File Type:
PE+ (Exe)
Extracted files:
13
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j2fby5yc4gu3rccjtitdf4mmvvqlmab7tnr5rvdlppprvspyut7q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260108-lybc2aan5z/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/9c07928b-d0b2-4689-a646-9095387e36ed
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4e8a1c7702e1a9b888499a2632f18cad60b6003f9b63d8d46b7bdf1ac9f8a4ff

(this sample)

  
Delivery method
Distributed via web download

Comments