MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c253d8131cf8a948115884467aeeba28f43a85a289b730b5e490fb59ad4c921. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c253d8131cf8a948115884467aeeba28f43a85a289b730b5e490fb59ad4c921
SHA3-384 hash: 737e86be62c7151e3949a95d374df166d7936c058aa176d74996111862a7592a3e7d316bca1784bd969f11b049388ceb
SHA1 hash: 3abe7ceb20cbf16dd7c9c64d7139d7ee53653264
MD5 hash: 9bc2e4c35aa3d281545ccc8b754c3923
humanhash: golf-table-william-asparagus
File name:client.dll
Download: download sample
File size:68'127'944 bytes
First seen:2026-05-25 18:02:41 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dc0052bfb9ce9d93ac0bcb08af60c744
ssdeep 393216:adnGfwLLVudiRN5/ZyGZSGV4CDt2rAr2VGfgjGHCHPHDspHYKW16Gy7Jhm:QVdRNGGZWr3KCHPHDwYKW16Gy7Jhm
TLSH T108E76C42ED9705F7EF4669B2C69A560F23384C44B7A5DAC7D6217B26FC621C21A3F302
TrID 27.0% (.EXE) Win64 Executable (generic) (6522/11/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4504/4/1)
8.5% (.ICL) Windows Icons Library (generic) (2059/9)
8.4% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter SquiblydooBlog
Tags:dll signed

Code Signing Certificate

Organisation:OC Agro ApS
Issuer:Sectigo Public Code Signing CA EV E36
Algorithm:ecdsa-with-SHA256
Valid from:2026-04-17T00:00:00Z
Valid to:2027-04-17T23:59:59Z
Serial number: 281cca56f214f9e84b03992ba076e318
Cert Graveyard Blocklist:This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 1af52b97cb0e4660d9fadb536569fd9d1d2ce09482250eb1ced370975091eb8a
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
133
Origin country :
US US
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a148f035b1db29f5a47c031
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm overlay packed signed
Link:
https://www.filescan.io/uploads/6a148ef2efbd399b39cd20d2/reports/71ba373e-cb42-46ea-929a-4e7f867f94a5/overview
Verdict:
Suspicious
Link:
https://www.hybrid-analysis.com/sample/2c253d8131cf8a948115884467aeeba28f43a85a289b730b5e490fb59ad4c921
Verdict:
Malicious
File Type:
dll x32
First seen:
2026-05-27T03:20:00Z UTC
Last seen:
2026-05-27T03:28:00Z UTC
Hits:
~100
Detections:
Backdoor.Win32.Agent.myxghm
Link:
https://opentip.kaspersky.com/2c253d8131cf8a948115884467aeeba28f43a85a289b730b5e490fb59ad4c921/results?tab=lookup
Score:
18%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/2c253d8131cf8a948115884467aeeba28f43a85a289b730b5e490fb59ad4c921
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/2c253d8131cf8a948115884467aeeba28f43a85a289b730b5e490fb59ad4c921
Threat name:
Win32.Backdoor.BackConnect
Create hunting rule
Status:
Suspicious
First seen:
2026-05-22 04:02:24 UTC
File Type:
PE (Dll)
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fqst3ajrz6fjjaivrbcgplxlukhuhkc2fcnxgc26jeh3lgwuzeqq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/260525-wm9fssd15p/
Behaviour
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments