MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2216e13de2ed490004e99ba074159c38959c4e93e145201b99408a0a8eeb391c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	2216e13de2ed490004e99ba074159c38959c4e93e145201b99408a0a8eeb391c
SHA3-384 hash:	0f2df6c7b1d5ab2a2733b957f49f0b4f50481cd7c6634372eba568c6c51ae14f00e8370111f3f9402abb8c4d5d018d22
SHA1 hash:	d6c6a0d77d4bd0637ec89b1be69300d9372ec35b
MD5 hash:	d5ef62ce9b699d2bff90d9b83138a46f
humanhash:	pennsylvania-beer-football-bluebird
File name:	libiomp5md.dll
Download:	download sample
File size:	102'935'024 bytes
First seen:	2026-04-15 16:28:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	82c0493807f3b15a01497cf9d5f88eb8
ssdeep	24576:DHysFeU1yGv0PIqeK7crVoB6BnrHdByLl7HQcbMxAok89RFfm:7e6hAIjhvnrKplwmEne
Threatray	10 similar samples on MalwareBazaar
TLSH	T166389F12A7B4C42BF90E5C3353AD129F94E7B41A7D5EA338E2894B8F0C61C6C5B86D17
TrID	33.1% (.EXE) Win64 Executable (generic) (6522/11/2) 25.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 10.4% (.ICL) Windows Icons Library (generic) (2059/9) 10.3% (.EXE) OS/2 Executable (generic) (2029/13) 10.1% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	JAMESWT_WT
Tags:	antesdissovaidacerto-com-br banker coyote exe

Intelligence

File Origin

# of uploads :

# of downloads :

580

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

_2216e13de2ed490004e99ba074159c38959c4e93e145201b99408a0a8eeb391c

Verdict:

No threats detected

Analysis date:

2026-04-15 16:34:13 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/967b13a6-50ae-4c3c-b559-e7c492be2a2f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69dfbd19f68adfe1003a219f

Tags:

n/a

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

Creating a file in the %temp% directory

Creating a file in the %AppData% subdirectories

Сreating synchronization primitives

Setting an event handler

Searching for synchronization primitives

DNS request

Unauthorized injection to a system process

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug base64 bloated masquerade mingw overlay packed

Link:

https://www.filescan.io/uploads/69dfbcf2c33dc5a985d92ddc/reports/998a43ab-b29f-4e08-a276-50c3cde87c6e/overview

Verdict:

Malicious

Labled as:

Lazy.Generic

Link:

https://www.hybrid-analysis.com/sample/2216e13de2ed490004e99ba074159c38959c4e93e145201b99408a0a8eeb391c

Verdict:

Malicious

File Type:

dll x64

First seen:

2026-02-18T14:28:00Z UTC

Last seen:

2026-04-15T15:44:00Z UTC

Hits:

~100

Detections:

Trojan.Win32.Shellcode.sb PDM:Trojan.Win32.Generic Trojan.Win32.Shellcode.oeh

Link:

https://opentip.kaspersky.com/2216e13de2ed490004e99ba074159c38959c4e93e145201b99408a0a8eeb391c/results?tab=lookup

Score:

95%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/2216e13de2ed490004e99ba074159c38959c4e93e145201b99408a0a8eeb391c

Gathering data

Verdict:

Malicious

Threat:

Trojan.Win32.Shellcode

Link:

https://tip.neiki.dev/file/2216e13de2ed490004e99ba074159c38959c4e93e145201b99408a0a8eeb391c

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2026-04-14 19:59:58 UTC

File Type:

PE+ (Dll)

AV detection:

9 of 24 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=eilocppc5veqabhjtoqhifm4hckzytut4fcsag4zicfavdxlheoa._file

Verdict:

malicious

Label(s):

coyote

donutloader

zebrocy_nim_keylogger

21b02917b796ad0aaac9d6fcb4f7f82a24f6f192c95d360e0873d43abc2adc9b

2216e13de2ed490004e99ba074159c38959c4e93e145201b99408a0a8eeb391c

602491397c1c6162284c5a87e34bd40383d18a41d5238a66126e192ee3b1932d

8c3ad8269dc58bfa50ee2e217f36d37fbd152d2d0013032b4ebc958a4cb735df

e70663f255cdcd944674e30d9145eb09065f55a0507e5da93268f21efe4987f1

ee44921c71b4bfa3c33e5a2ed80c5f5d4aa4708b6b6feec9242f3192a8fa21bf

error

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/260415-tzkxvsf18v/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/2216e13de2ed/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample