MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3260f9904459efbde89a42a10b6f3f9ec9536bff9375263bc4902ca9effa87dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3260f9904459efbde89a42a10b6f3f9ec9536bff9375263bc4902ca9effa87dd
SHA3-384 hash: 789517cd2cbd1020dd0c0ccac31088db1c659c2155a6a4c9cc2ecbb64177bc43110462c0de2519dc2c372dead50da9e6
SHA1 hash: babba58908d0ce5bcf1bb85f2e9922a8ca3f52d9
MD5 hash: 7bf3ce1e5519eb5650667741927825b1
humanhash: lactose-glucose-william-north
File name:file
Download: download sample
File size:254'976 bytes
First seen:2026-02-11 22:27:27 UTC
Last seen:2026-02-11 23:20:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash dbf3ebb395a90be1343821c7926930cb
ssdeep 6144:Ir/yG2cJOeRJTG+UuQdaVF3kqvohI+LmoqGG:M92cxtGez3kYoi+Mh
TLSH T139447C1A77940CF9E977813C8952494AE7B2B8150B71DAEF0360835ADF376D09E3EB21
TrID 48.7% (.EXE) Win64 Executable (generic) (10522/11/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey e3db0b exe


Avatar
Bitsight
url: http://178.16.53.7/Clipper.exe

Intelligence

File Origin
# of uploads :
11
# of downloads :
179
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
PaypalBruterv1.0.exe
Verdict:
Malicious activity
Analysis date:
2026-02-11 20:59:10 UTC
Tags:
telegram auto-reg auto-sch maskgram stealer python crypto-regex
Link:
https://app.any.run/tasks/b101880f-2278-48ee-92fd-c3caf5240789

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/53073/
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=698d0283edd9327103460636
Tags:
clipbanker malex
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a file
Enabling the 'hidden' option for recently created files
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
clipbanker exploit fingerprint microsoft_visual_cc
Link:
https://www.filescan.io/uploads/698d027e981ff1d38a523a49/reports/667f77a9-70a9-4f5a-a775-935fe7e82d26/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/3260f9904459efbde89a42a10b6f3f9ec9536bff9375263bc4902ca9effa87dd
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-02-11T19:28:00Z UTC
Last seen:
2026-02-12T00:46:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/3260f9904459efbde89a42a10b6f3f9ec9536bff9375263bc4902ca9effa87dd/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/0a4f4fd7-323d-4479-b641-bef318f63583
Score:
46%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/3260f9904459efbde89a42a10b6f3f9ec9536bff9375263bc4902ca9effa87dd
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/7bf3ce1e5519eb5650667741927825b1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3260f9904459efbde89a42a10b6f3f9ec9536bff9375263bc4902ca9effa87dd/
Threat name:
Win64.Infostealer.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2026-02-11 20:59:04 UTC
File Type:
PE+ (Exe)
AV detection:
21 of 37 (56.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gjqptecelhx332e2ikqqw3z7t3evg277sn2smo6esawkt372q7oq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/260211-2drghscs8f/
Behaviour
Adds Run key to start application
Executes dropped EXE
Unpacked files
SH256 hash:
3260f9904459efbde89a42a10b6f3f9ec9536bff9375263bc4902ca9effa87dd
MD5 hash:
7bf3ce1e5519eb5650667741927825b1
SHA1 hash:
babba58908d0ce5bcf1bb85f2e9922a8ca3f52d9
Link:
https://www.unpac.me/results/9b0c24eb-55f8-4158-95d0-ca5aa1775848/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3260f9904459efbde89a42a10b6f3f9ec9536bff9375263bc4902ca9effa87dd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:INDICATOR_SUSPICIOUS_ReflectiveLoader
Create hunting rule
Author:ditekSHen
Description:Detects Reflective DLL injection artifacts
Rule name:ReflectiveLoader
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 3260f9904459efbde89a42a10b6f3f9ec9536bff9375263bc4902ca9effa87dd

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/53073/
  
URLhaus
https://urlhaus.abuse.ch/url/3687752/

Comments