MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 252d04f17b98b5e15583d80cd20cc44baa30e7d662ad4d2d82dc82b1db45dd5c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	252d04f17b98b5e15583d80cd20cc44baa30e7d662ad4d2d82dc82b1db45dd5c
SHA3-384 hash:	d8fd424a5c450861600046d8380da817af673c5d66e56aea1c40ab08e3b81591642d037986edb6d832d20d65cf5e339d
SHA1 hash:	e95be61fe027887c9df7cd8528a6bd59fb9df0b1
MD5 hash:	37773820c414b90b085629ff945eb629
humanhash:	florida-georgia-alpha-king
File name:	file
Download:	download sample
File size:	2'356'224 bytes
First seen:	2025-12-23 02:13:48 UTC
Last seen:	2025-12-23 04:21:53 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	815e1ba56e855b07daa7197697b159cd
ssdeep	49152:axwTAjll6cOjfzZAlLu7M2qYA/TQaGSd3eWttUTMrVWR7:axNllJslAR0MRYMTQVCtmTMRm
TLSH	T174B53346364B2439CD04C77299D2627F72773F8B5CA50A0A23543F422EFFA4A19E764B
TrID	38.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 15.6% (.ICL) Windows Icons Library (generic) (2059/9) 15.4% (.EXE) OS/2 Executable (generic) (2029/13) 15.2% (.EXE) Generic Win/DOS Executable (2002/3) 15.2% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	Bitsight
Tags:	dropped-by-amadey exe fbf543

Bitsight

url: http://178.16.55.189/files/5561582465/29UXSf4.exe

Intelligence

File Origin

# of uploads :

# of downloads :

122

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/cf4ef070-be3a-482d-b595-5471db74687f/

Malware family:

n/a

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2025-12-23 02:14:31 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/77e5eb58-3b4f-4b71-a069-31a119ac800d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/45800/

Detection(s):

SecuriteInfo.com.Win64.Evo-gen.56115587.UNOFFICIAL

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6949faf8a6c88bb4cc23c87d

Tags:

virus

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

obfuscated packed packed unsafe vmprotect

Link:

https://www.filescan.io/uploads/6949faf6e126b9ff438d713b/reports/a614d9aa-8ec0-4115-9b7c-df1ff63afbba/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/252d04f17b98b5e15583d80cd20cc44baa30e7d662ad4d2d82dc82b1db45dd5c

Verdict:

Malicious

File Type:

exe x64

First seen:

2025-12-22T23:23:00Z UTC

Last seen:

2025-12-23T12:48:00Z UTC

Hits:

~10

Detections:

Trojan.Win32.Agent.sb Trojan.Win32.Agent.xcbprx

Link:

https://opentip.kaspersky.com/252d04f17b98b5e15583d80cd20cc44baa30e7d662ad4d2d82dc82b1db45dd5c/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/89fa6380-bab7-432f-853d-5575c5d3283f

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/252d04f17b98b5e15583d80cd20cc44baa30e7d662ad4d2d82dc82b1db45dd5c

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/37773820c414b90b085629ff945eb629

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/252d04f17b98b5e15583d80cd20cc44baa30e7d662ad4d2d82dc82b1db45dd5c/

Verdict:

Malicious

Threat:

Win64.Backdoor.Heuristic

Link:

https://tip.neiki.dev/file/252d04f17b98b5e15583d80cd20cc44baa30e7d662ad4d2d82dc82b1db45dd5c

Threat name:

Win64.Packed.Generic

Status:

Suspicious

First seen:

2025-12-23 02:14:15 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

12 of 24 (50.00%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=euwqj4l3tc26cvmd3agnedgejovdbz6wmkwu2lmc3sbldw2f3voa._file

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/251223-cn5pfstmdy/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of NtCreateUserProcessOtherParentProcess

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/8a7529f2-ca38-49e8-825b-df79ecd861ad

Unpacked files

SH256 hash:

252d04f17b98b5e15583d80cd20cc44baa30e7d662ad4d2d82dc82b1db45dd5c

MD5 hash:

37773820c414b90b085629ff945eb629

SHA1 hash:

e95be61fe027887c9df7cd8528a6bd59fb9df0b1

Link:

https://www.unpac.me/results/28a3a51a-bbc4-48c7-8bba-556203a68a80/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.64

Link:

https://yomi.yoroi.company/submissions/252d04f17b98b5e15583d80cd20cc44baa30e7d662ad4d2d82dc82b1db45dd5c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 252d04f17b98b5e15583d80cd20cc44baa30e7d662ad4d2d82dc82b1db45dd5c

(this sample)

Dropped by

Amadey

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3740730/

Cape

https://www.capesandbox.com/analysis/45800/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample