MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23307d951e7b261de6f79fed166064565aaabe9d89d8de79e58207e0a329a85b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	23307d951e7b261de6f79fed166064565aaabe9d89d8de79e58207e0a329a85b
SHA3-384 hash:	4681bd16628a8e1dfb44174981f5fdf3cca0499ec9b43f34e6ee20b015b326c4d6e754dc74735be2a4f6f562d1de7103
SHA1 hash:	2c0e99d893183acae91fc93211bf8a6d8f83f977
MD5 hash:	c7da61f39b51ba3686aeff87effd9aa6
humanhash:	orange-coffee-charlie-wolfram
File name:	Fluent.exe
Download:	download sample
File size:	13'104'640 bytes
First seen:	2026-02-02 18:50:22 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	8739de86cd836ae1476705562c069cc0
ssdeep	393216:01nMHI8GPzv7z36Byky4NKZkG6zlX21kieSLj/J12X2f:0qobzv7z36BSkGAlm+5cIk
TLSH	T17BD623E955D5A3E8D5D34A00728A43D971D1216D82EE8C1D76DA3C023B21CBF624EEFB
TrID	56.5% (.EXE) Win64 Executable (generic) (10522/11/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	burger
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

115

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/d6d28cfe-efe8-4039-a3e7-6fa46fb4912a/

Malware family:

n/a

ID:

File name:

Fluent.exe

Verdict:

No threats detected

Analysis date:

2026-02-02 18:46:53 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/2e0b22ec-14ee-452d-9190-21023003f039

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/51313/

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6980f1750bdf9fb6cc096c5d

Tags:

n/a

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

installer-heuristic packed

Link:

https://www.filescan.io/uploads/6980f1fe2ffccda097663aee/reports/fddcf736-250f-4efe-8008-14c2e5066c06/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/23307d951e7b261de6f79fed166064565aaabe9d89d8de79e58207e0a329a85b

Verdict:

Clean

File Type:

exe x64

First seen:

2026-02-02T15:46:00Z UTC

Last seen:

2026-02-02T15:58:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/23307d951e7b261de6f79fed166064565aaabe9d89d8de79e58207e0a329a85b/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/c014fb96-278f-43fb-a9b5-8117c72b1695

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1861901

Signature

Found direct / indirect Syscall (likely to bypass EDR)

Multi AV Scanner detection for submitted file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/23307d951e7b261de6f79fed166064565aaabe9d89d8de79e58207e0a329a85b

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/c7da61f39b51ba3686aeff87effd9aa6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/23307d951e7b261de6f79fed166064565aaabe9d89d8de79e58207e0a329a85b/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/23307d951e7b261de6f79fed166064565aaabe9d89d8de79e58207e0a329a85b

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2026-02-02 18:49:00 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

10 of 24 (41.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=emyh3fi6pmtb3zxxt7wrmydekznkvpu5rhmn46pfqid6bizjvbnq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260202-xg8sraas2g/

Behaviour

Suspicious behavior: EnumeratesProcesses

Unpacked files

SH256 hash:

23307d951e7b261de6f79fed166064565aaabe9d89d8de79e58207e0a329a85b

MD5 hash:

c7da61f39b51ba3686aeff87effd9aa6

SHA1 hash:

2c0e99d893183acae91fc93211bf8a6d8f83f977

Link:

https://www.unpac.me/results/94436ca6-1b31-4477-bda1-8dd7c6f2decb/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/23307d951e7b261de6f79fed166064565aaabe9d89d8de79e58207e0a329a85b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/51313/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample