MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1bc6411b4436c6f9bfb8a9ec5f2d7cf56bc35c0ff2704b69251dd6b3ff06c092. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1bc6411b4436c6f9bfb8a9ec5f2d7cf56bc35c0ff2704b69251dd6b3ff06c092
SHA3-384 hash: 6e610e16ed0ff98a28632632f12a4147f9c64bc0eb9872ffa15e2548c2e98fa8f2a311925e6dc9c818ff6e050db2abb7
SHA1 hash: 8d1a470d6be06c5cf1306f135ee96075b5878f62
MD5 hash: d9cd40d2a2e532f16cd9c2bb9de1a7c4
humanhash: skylark-river-hawaii-winner
File name:setup.exe
Download: download sample
File size:22'263'456 bytes
First seen:2026-06-02 14:52:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c5c4f0b8dcd34f1c1fd763c32fbbe969
ssdeep 393216:D4yo/k+e80C3cLckaPma5++5d6EuHqlk42eDFcdFq/q0YGCek/Hx:DcM+e8WiPwu9uHqq41DFcFQYbekZ
TLSH T1212723C685B693F997C38748199B13C7A5C0605BE6EE89283ACB9C037150C6B468FF77
TrID 33.1% (.EXE) Win64 Executable (generic) (6522/11/2)
25.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.4% (.ICL) Windows Icons Library (generic) (2059/9)
10.3% (.EXE) OS/2 Executable (generic) (2029/13)
10.1% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
dhash icon 30f0c8c0c0c0f030
Reporter burger
Tags:exe signed

Code Signing Certificate

Organisation:Ultra Studio
Issuer:Ultra Studio
Algorithm:sha256WithRSAEncryption
Valid from:2026-06-02T11:27:41Z
Valid to:2031-06-02T11:37:41Z
Serial number: 259b0cc094e1d79c42ff33358a6be61d
Thumbprint Algorithm:SHA256
Thumbprint: 506de4e07f4429c0f375f3984eb4ec88b84b14a62efa55531903c686c71dfe9c
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
174
Origin country :
DE DE
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/a3d30682-ba16-41e6-9881-21e42fa5554f/
Malware family:
n/a
ID:
1
File name:
setup.exe
Verdict:
No threats detected
Analysis date:
2026-06-02 14:52:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/752b2acb-76d1-4fc6-9e94-82230849cde8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/68813/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a1eee1af8676ad4d36059f6
Tags:
vmprotect virus
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
installer-heuristic overlay packed packed signed
Link:
https://www.filescan.io/uploads/6a1eee6a12da0d249c618d27/reports/a488e98d-93f0-4ea9-9153-42728385941a/overview
Verdict:
Malicious
Labled as:
Win64/GenKryptik.HQWA trojan
Link:
https://www.hybrid-analysis.com/sample/1bc6411b4436c6f9bfb8a9ec5f2d7cf56bc35c0ff2704b69251dd6b3ff06c092
Verdict:
Clean
File Type:
exe x64
Link:
https://opentip.kaspersky.com/1bc6411b4436c6f9bfb8a9ec5f2d7cf56bc35c0ff2704b69251dd6b3ff06c092/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
51 / 100
Link:
https://www.joesandbox.com/analysis/1921715
Signature
AI detected suspicious PE digital signature
Found direct / indirect Syscall (likely to bypass EDR)
Joe Sandbox ML detected suspicious sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/1bc6411b4436c6f9bfb8a9ec5f2d7cf56bc35c0ff2704b69251dd6b3ff06c092
Gathering data
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dpdecg2eg3dptp5yvhwf6ll46vv4gxap6jyew2jfdxllh7ygycja._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260602-r9kczahv8k/
Behaviour
Suspicious behavior: EnumeratesProcesses
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1bc6411b4436c6f9bfb8a9ec5f2d7cf56bc35c0ff2704b69251dd6b3ff06c092

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/68813/

Comments