MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 099d63e692457bfccc2cf59278ae6a268cb03964f18d0d27f536027b43c89896. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 099d63e692457bfccc2cf59278ae6a268cb03964f18d0d27f536027b43c89896
SHA3-384 hash: 8183dc4bb721c7465b103f0273d1751c6c457709ea21bc50221c4eb53547e021f7dc4a93b1d066efce9c30af9d33029a
SHA1 hash: 043da4c73ed932229de096de8fd849e22f85a9f9
MD5 hash: 29ed331b2882b68878d258e034c75d79
humanhash: failed-butter-earth-enemy
File name:googleupdate.exe
Download: download sample
File size:5'352'088 bytes
First seen:2026-02-27 11:14:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e583f115cad25699bca7cb64affd0cd6
ssdeep 98304:fOf7Imqs3RBsztyZuibCzykITOxOiwZLF+7peXmCUvBEd2COpsvuAqkDMCO1DadX:fOf7Imqs3RBshuiYO4i0LQteXmCUvBEJ
TLSH T1AB46027623F420EAC5F987BAD6818131FF71B64E332055AACA95852C3F3A96435BF305
TrID 37.0% (.EXE) Win64 Executable (generic) (6522/11/2)
28.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.5% (.EXE) OS/2 Executable (generic) (2029/13)
11.3% (.EXE) Generic Win/DOS Executable (2002/3)
11.3% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter SquiblydooBlog
Tags:exe signed

Code Signing Certificate

Organisation:Hubei Da'e Zhidao Food Technology Co., Ltd.
Issuer:Sectigo Public Code Signing CA EV R36
Algorithm:sha256WithRSAEncryption
Valid from:2026-01-14T00:00:00Z
Valid to:2027-01-14T23:59:59Z
Serial number: 654d4c61766e8ebc09ec79e4b37d5dab
Cert Graveyard Blocklist:This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 1c491c1e6daef0d70c771f2aec8a3573b65e7442755ee832753bd2fb34b1ddff
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
129
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
googleupdate.exe
Verdict:
Malicious activity
Analysis date:
2026-02-22 15:25:05 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3ef999cc-3db2-46fa-aea5-2c10d2857a7b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/54849/
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a17c8ac950ab5d9ab213c4
Tags:
shellcode injection vmdetect dropper
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm base64 crypto expand explorer fingerprint fingerprint installer installer installer-heuristic lolbin microsoft_visual_cc obfuscated runonce signed soft-404 wix
Link:
https://www.filescan.io/uploads/69a17c8710e80629d4f52a7a/reports/11da8a45-02f4-4598-a039-ed851478230f/overview
Verdict:
Suspicious
Labled as:
UDS_DangerousObject_Multi_Generic
Link:
https://www.hybrid-analysis.com/sample/099d63e692457bfccc2cf59278ae6a268cb03964f18d0d27f536027b43c89896
Verdict:
Malicious
File Type:
exe x64
Detections:
Trojan.OLE2.Agent.sb HEUR:Trojan.OLE2.Agent.gen
Link:
https://opentip.kaspersky.com/099d63e692457bfccc2cf59278ae6a268cb03964f18d0d27f536027b43c89896/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/eb442744-cbb7-4c5e-9578-da80f94cf23c
Score:
42%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/099d63e692457bfccc2cf59278ae6a268cb03964f18d0d27f536027b43c89896
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/099d63e692457bfccc2cf59278ae6a268cb03964f18d0d27f536027b43c89896/
Verdict:
Malicious
Threat:
Trojan.OLE2.Agent
Link:
https://tip.neiki.dev/file/099d63e692457bfccc2cf59278ae6a268cb03964f18d0d27f536027b43c89896
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-20 12:29:52 UTC
File Type:
PE+ (Exe)
Extracted files:
155
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bgowhzusiv57ztbm6wjhrltke2glaole6ggq2j7vgybhwq6itcla._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
discovery
Link:
https://tria.ge/reports/260227-nb4r6set3d/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Executes dropped EXE
Unpacked files
SH256 hash:
099d63e692457bfccc2cf59278ae6a268cb03964f18d0d27f536027b43c89896
MD5 hash:
29ed331b2882b68878d258e034c75d79
SHA1 hash:
043da4c73ed932229de096de8fd849e22f85a9f9
Link:
https://www.unpac.me/results/7f84c544-40f0-4f48-bbf7-54578bc053c1/
SH256 hash:
9eeaa3b84d2c7e1603780ad29b18c14c95f6ffa35ec63c59018160f71ba70267
MD5 hash:
1706c3ac35ff2c4e066cd780d6416f8a
SHA1 hash:
0f4d41e4bc9ca9378b53b1e232e85fd2fb054da8
Link:
https://www.unpac.me/results/7f84c544-40f0-4f48-bbf7-54578bc053c1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.93
Link:
https://yomi.yoroi.company/submissions/099d63e692457bfccc2cf59278ae6a268cb03964f18d0d27f536027b43c89896

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/54849/

Comments