MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 105bc76ac37570568aac5d1a4007fd24ed2c3176bb25866b2658c4a59fc882fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 105bc76ac37570568aac5d1a4007fd24ed2c3176bb25866b2658c4a59fc882fd
SHA3-384 hash: 0fefbef01fad4cc72e9c57f3f3a032696bf69ca6a829a07461721fe76b1d1c106d8edb49514ff6cfee4d0ea6ec637bd1
SHA1 hash: b8e01b0f938529ad6bfe3ffabd55c96a883470ca
MD5 hash: 62446320089113b10b86c0e78c71507a
humanhash: lamp-zulu-william-earth
File name:PowerISO9-x64.exe
Download: download sample
File size:5'733'888 bytes
First seen:2026-04-01 11:07:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 24f4223e271413c25abad52fd456a9bc (25 x GuLoader, 15 x Loki, 10 x AgentTesla)
ssdeep 98304:twM+mGwIAwILn0fPb2jGuP1yQ53yAl9D0uhzh/Vdu6Oy6y2DNdXdATK:W3awILn0CauP173yAPD9zdxOyMdX+TK
TLSH T1644633A37FE4A2D3ED144A33093E47F15435BF265F9852472778B43A9833BA0AE4588D
TrID 50.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
10.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.5% (.EXE) Win64 Executable (generic) (6522/11/2)
8.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.2% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon f86eeae6b696c6cc (6 x AgentTesla, 5 x SliverFox, 3 x LummaStealer)
Reporter juroots
Tags:exe signed

Code Signing Certificate

Organisation:Power Software Limited
Issuer:SSL.com Code Signing Intermediate CA RSA R1
Algorithm:sha256WithRSAEncryption
Valid from:2023-03-09T04:13:20Z
Valid to:2026-03-08T04:13:20Z
Serial number: 20456eff672504b0d5ff21fa45558265
Intelligence: 4 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 06e33fdfbdec2239b5d7c8efeba1741f76468957e824a3fca9a722d75327cb55
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
CH CH
Vendor Threat Intelligence
Gathering data
Malware family:
gh0st
Create hunting rule
ID:
1
File name:
fb52d71091a761f36b717b280d373ac8adc268d06a48540a94db96fc07a121ee.exe
Verdict:
Malicious activity
Analysis date:
2026-03-07 22:29:27 UTC
Tags:
gh0st rat zegost loader sainbox upx auto-reg stealer netreactor
Link:
https://app.any.run/tasks/02e97d93-0ace-42d5-9a55-dfb8da06381f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/60046/
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69cb1f8f6363ca5d27effbc2
Tags:
applicunwnt dotsetupio extens virus
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Сreating synchronization primitives
DNS request
Connection attempt
Sending a custom TCP request
Creating a window
Searching for the window
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/105bc76ac37570568aac5d1a4007fd24ed2c3176bb25866b2658c4a59fc882fd
Verdict:
Adware
File Type:
exe x32
First seen:
2026-03-02T07:23:00Z UTC
Last seen:
2026-04-03T09:41:00Z UTC
Hits:
~10000
Detections:
BSS:Trojan.Win32.Generic BSS:Exploit.Win32.Generic.nblk BSS:Exploit.Win32.Generic not-a-virus:HEUR:Downloader.Win32.DotSetup.gen
Link:
https://opentip.kaspersky.com/105bc76ac37570568aac5d1a4007fd24ed2c3176bb25866b2658c4a59fc882fd/results?tab=lookup
Malware family:
Generic Unwanted
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/261aa85d-4401-4678-92b3-be49014b4024
Score:
76%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/105bc76ac37570568aac5d1a4007fd24ed2c3176bb25866b2658c4a59fc882fd
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable NSIS Installer PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/62446320089113b10b86c0e78c71507a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/105bc76ac37570568aac5d1a4007fd24ed2c3176bb25866b2658c4a59fc882fd/
Verdict:
Malicious
Threat:
Downloader.Win32.DotSetup
Link:
https://tip.neiki.dev/file/105bc76ac37570568aac5d1a4007fd24ed2c3176bb25866b2658c4a59fc882fd
Threat name:
Win32.PUA.Sepdot
Create hunting rule
Status:
Suspicious
First seen:
2026-03-02 11:11:57 UTC
File Type:
PE (Exe)
Extracted files:
796
AV detection:
15 of 38 (39.47%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cbn4o2wdovyfncvmluneab75etwsymlwxmsym2zgldcklh6iql6q._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery
Link:
https://tria.ge/reports/260401-m74llsbz3l/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks installed software on the system
Loads dropped DLL
Checks for any installed AV software in registry
Downloads MZ/PE file
Unpacked files
SH256 hash:
105bc76ac37570568aac5d1a4007fd24ed2c3176bb25866b2658c4a59fc882fd
MD5 hash:
62446320089113b10b86c0e78c71507a
SHA1 hash:
b8e01b0f938529ad6bfe3ffabd55c96a883470ca
Link:
https://www.unpac.me/results/10c8afdb-c92f-44d4-b3aa-2f965c99b84b/
SH256 hash:
8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42
MD5 hash:
9d199564b65a91a531b23844649459e9
SHA1 hash:
8d84359ced1c51d14e70cb5ed36a6083c8b914cf
Link:
https://www.unpac.me/results/10c8afdb-c92f-44d4-b3aa-2f965c99b84b/
SH256 hash:
c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188
MD5 hash:
ec9640b70e07141febbe2cd4cc42510f
SHA1 hash:
64a5e4b90e5fe62aa40e7ac9e16342ed066f0306
Link:
https://www.unpac.me/results/10c8afdb-c92f-44d4-b3aa-2f965c99b84b/
SH256 hash:
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
MD5 hash:
8cf2ac271d7679b1d68eefc1ae0c5618
SHA1 hash:
7cc1caaa747ee16dc894a600a4256f64fa65a9b8
Link:
https://www.unpac.me/results/10c8afdb-c92f-44d4-b3aa-2f965c99b84b/
SH256 hash:
729f67469b8cacf4a42017d9a486e7e22598169efd315022d69d0ca7ccb5815b
MD5 hash:
001041f916312c9c2c1c2d7b94bcc73a
SHA1 hash:
902482e174f7ae51e204c2e2efa096319c5928d9
Link:
https://www.unpac.me/results/10c8afdb-c92f-44d4-b3aa-2f965c99b84b/
SH256 hash:
20e642707ef82852bcf153254cb94b629b93ee89a8e8a03f838eef6cbb493319
MD5 hash:
109b201717ab5ef9b5628a9f3efef36f
SHA1 hash:
98db1f0cc5f110438a02015b722778af84d50ea7
Link:
https://www.unpac.me/results/10c8afdb-c92f-44d4-b3aa-2f965c99b84b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/105bc76ac37570568aac5d1a4007fd24ed2c3176bb25866b2658c4a59fc882fd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_NSIS_Nullsoft_Installer
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects NSIS installers by .ndata section + NSIS header string
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/60046/

Comments