MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b2937df3e5ae5465058b45ddaf6e46432613fa5ac678d4d64a8daf0c2f56bfc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	2b2937df3e5ae5465058b45ddaf6e46432613fa5ac678d4d64a8daf0c2f56bfc
SHA3-384 hash:	8dd839c84b8f32316e3552244d7e2e714438275588a826cafffff412c0a244da34f2392e1454fd59ab764ad055ab9308
SHA1 hash:	419f51141c8e01dc0a8762ec365c5f62065dc8fd
MD5 hash:	7cb1bc28db043c8310997ea65dd19967
humanhash:	crazy-fourteen-seven-fish
File name:	NetworkGraphicsSetup.exe
Download:	download sample
File size:	94'866'704 bytes
First seen:	2026-03-18 02:56:16 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b34f154ec913d2d2c435cbd644e91687 (557 x GuLoader, 120 x RemcosRAT, 82 x EpsilonStealer)
ssdeep	1572864:tR2/e6AbFzAvVqdHl0KYJ1jr/+Zf9as2DRR8AxLWtwFG47q9zim5APWI:ttvbhzxlCbv/+ZQsM8AxawspFI
TLSH	T10A2833334EADE4CDE3254DB87CE48E1C81E82D1D1A02090F9AEBF6789B256DE3D93515
TrID	27.0% (.EXE) Win64 Executable (generic) (6522/11/2) 20.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 18.6% (.EXE) Win32 Executable (generic) (4504/4/1) 8.5% (.ICL) Windows Icons Library (generic) (2059/9) 8.4% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	zhuzhu0009
Tags:	exe signed

Code Signing Certificate

Organisation:	Danylo Babenko
Issuer:	Certum Code Signing 2021 CA
Algorithm:	sha256WithRSAEncryption
Valid from:	2023-07-26T12:21:29Z
Valid to:	2026-07-25T12:21:28Z
Serial number:	3ff2b6872a6d7018078c820704f95028
Cert Graveyard Blocklist:	This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:	SHA256
Thumbprint:	d9032c1d7289f6663403c9c82ea2d91b2a72293f6eed96916cebdf40afb3bfae
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

142

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/e7a5a1e6-7812-4937-812f-f72231f82ae5/

Malware family:

n/a

ID:

File name:

NetworkGraphicsSetup.exe

Verdict:

Malicious activity

Analysis date:

2026-02-12 20:32:36 UTC

Tags:

auto-reg nodejs

Link:

https://app.any.run/tasks/d17e54f7-7304-4b8d-b0e1-e756a51c24b1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Verdict:

Suspicious

Score:

50%

Link:

https://cyber-fortress.com/docs/result/index.php?id=698e38be76589225f66603f0

Tags:

extens shell sage

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Сreating synchronization primitives

Creating a window

Searching for the window

Creating a file

Searching for the Windows task manager window

Sending a custom TCP request

Creating a file in the %AppData% subdirectories

Creating a process from a recently created file

Running batch commands

Creating a process with a hidden window

Launching a process

Searching for synchronization primitives

Moving a file to the %AppData% subdirectory

Adding an access-denied ACE

DNS request

Connection attempt

Sending a UDP request

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Enabling autorun with the shell\open\command registry branches

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug crypto fingerprint installer installer installer-heuristic microsoft_visual_cc nsis packed revoked-cert signed soft-404 tamperedchef

Link:

https://www.filescan.io/uploads/69ba14902000fc76c3e7b4e4/reports/fceb96d2-1fe1-417d-8abf-7c5dcebbb594/overview

Verdict:

Malicious

Link:

https://www.hybrid-analysis.com/sample/2b2937df3e5ae5465058b45ddaf6e46432613fa5ac678d4d64a8daf0c2f56bfc

Verdict:

Malicious

File Type:

exe x32

First seen:

2026-02-12T10:03:00Z UTC

Last seen:

2026-02-15T17:45:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/2b2937df3e5ae5465058b45ddaf6e46432613fa5ac678d4d64a8daf0c2f56bfc/results?tab=lookup

Score:

27%

Verdict:

Benign

File Type:

Link:

https://malprob.io/report/2b2937df3e5ae5465058b45ddaf6e46432613fa5ac678d4d64a8daf0c2f56bfc

Gathering data

Verdict:

Susipicious

Link:

https://tip.neiki.dev/file/2b2937df3e5ae5465058b45ddaf6e46432613fa5ac678d4d64a8daf0c2f56bfc

Threat name:

Win32.Trojan.Astraea

Status:

Malicious

First seen:

2026-02-12 20:32:17 UTC

File Type:

PE (Exe)

Extracted files:

3134

AV detection:

7 of 36 (19.44%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fmutpxz6llsumucywro5v5xemqzgcp5fvrty2tlevdnpbqxvnp6a._file

Result

Malware family:

n/a

Score:

6/10

Tags:

discovery execution persistence

Link:

https://tria.ge/reports/260318-dfrnasaz8y/

Behaviour

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: PowerShell

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Checks installed software on the system

Drops file in Windows directory

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Adds Run key to start application

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample