MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 330b6331f20f4e7f73a4dcf0386b151c12e14e3bd77efc9f00d5709f54eb08e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 330b6331f20f4e7f73a4dcf0386b151c12e14e3bd77efc9f00d5709f54eb08e8
SHA3-384 hash: ec55fffa37a9289495aa946a08471e059571f7d992b17d490a3e2edad2e9e0eef4f3b4ef57aaae71cead3b2c7845a6a5
SHA1 hash: 502de6625e7523eca92c5eb00fed1b1778ed8c06
MD5 hash: a7dfe6ca862b215927cc0235a6fef76b
humanhash: oranges-october-four-ink
File name:ezUqrjp.exe
Download: download sample
File size:14'170'624 bytes
First seen:2025-12-08 16:51:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1d18a2e0f255092c3dc1f09eda78c158
ssdeep 196608:piaToV/pOB0+h97O6+mZDdf167PaNHw9bjUTk1v25bWT5TPU25Nv6bBpEFthwD3c:4TOy+h97OZmD967CHcdpFD5d6bBwd
TLSH T187E623DB75C4B2D8D8D38B04539F13CE60F0611544FAAD2E77CA2D02AAB0E574B96E27
TrID 33.6% (.EXE) OS/2 Executable (generic) (2029/13)
33.1% (.EXE) Generic Win/DOS Executable (2002/3)
33.1% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
_330b6331f20f4e7f73a4dcf0386b151c12e14e3bd77efc9f00d5709f54eb08e8.exe
Verdict:
No threats detected
Analysis date:
2025-12-08 17:06:47 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cb9af38b-2b63-452a-921c-69322e2171fa

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/43885/
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69370248db58e1a2c22b9fd4
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
crypto packed
Link:
https://www.filescan.io/uploads/693702387140d837fd91fd61/reports/3fb3959b-fca9-4bc7-a37e-26df61c2e4cd/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/330b6331f20f4e7f73a4dcf0386b151c12e14e3bd77efc9f00d5709f54eb08e8
Result
Gathering data
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-12-08T00:40:00Z UTC
Last seen:
2025-12-08T11:21:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/330b6331f20f4e7f73a4dcf0386b151c12e14e3bd77efc9f00d5709f54eb08e8/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1829039
Signature
Found direct / indirect Syscall (likely to bypass EDR)
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file has nameless sections
Query firmware table information (likely to detect VMs)
Tries to detect debuggers (CloseHandle check)
Tries to evade analysis by execution special instruction (VM detection)
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/330b6331f20f4e7f73a4dcf0386b151c12e14e3bd77efc9f00d5709f54eb08e8
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/a7dfe6ca862b215927cc0235a6fef76b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/330b6331f20f4e7f73a4dcf0386b151c12e14e3bd77efc9f00d5709f54eb08e8/
Verdict:
Malicious
Threat:
Trojan-Banker.Win32.ChePro
Link:
https://tip.neiki.dev/file/330b6331f20f4e7f73a4dcf0386b151c12e14e3bd77efc9f00d5709f54eb08e8
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gmfwgmpsb5hh645e3tydq2yvdqjoctr3257pzhya2vyj6vhlbdua._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/251208-vdj9waypbv/
Behaviour
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
330b6331f20f4e7f73a4dcf0386b151c12e14e3bd77efc9f00d5709f54eb08e8
MD5 hash:
a7dfe6ca862b215927cc0235a6fef76b
SHA1 hash:
502de6625e7523eca92c5eb00fed1b1778ed8c06
Link:
https://www.unpac.me/results/4acee93b-72c2-4d28-8a87-3720525b2595/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 330b6331f20f4e7f73a4dcf0386b151c12e14e3bd77efc9f00d5709f54eb08e8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3729047/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/43885/

Comments