MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35d622793e0db201e894fe8abd3f0cc78f1074d6328b1ba23ae6a99bddcb520c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	35d622793e0db201e894fe8abd3f0cc78f1074d6328b1ba23ae6a99bddcb520c
SHA3-384 hash:	8f41fd2bc6e8e788e89efbbf61d9608545c59c497c5a9aa94c2a90a0ea21152c1c00a57f072e09e1702280d8276af598
SHA1 hash:	23872683e5cdcdbf8fd044f5a47fe2f6ad6471fe
MD5 hash:	7b63ebffa2f8500c8bd6ec1dcc078656
humanhash:	east-failed-eleven-oranges
File name:	4qy30dsd.exe
Download:	download sample
File size:	607'752 bytes
First seen:	2025-12-10 19:40:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ea4e67a31ace1a72683a99b80cf37830 (74 x GuLoader, 71 x Formbook, 54 x Loki)
ssdeep	3072:LEre7GjyCaFvc2a/GFGtmDggggquWbPvZmggg7gfg8Zyac+VvE9hVPqB:LPXBMdGABhVCB
TLSH	T17AD41963F46892F6C7B86132F147E63F2A0BDE6166018541B3F13F9E3AB6A651710B43
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10522/11/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
dhash icon	1899d0e4d4e09919 (5 x AgentTesla)
Reporter	amznemu
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

4qy30dsd.exe

Verdict:

No threats detected

Analysis date:

2025-12-10 19:45:14 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/2317b695-857c-4e48-8210-a443c30857c7

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/44215/

Detection(s):

SecuriteInfo.com.Win64.MalwareX-gen.31458.12546.UNOFFICIAL

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6939cce3bde6a3e5970ff879

Tags:

n/a

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

adaptive-context anti-debug blackhole crypt installer installer installer-heuristic microsoft_visual_cc nsis xpack

Link:

https://www.filescan.io/uploads/6939ccb8cf690d27f3dba933/reports/efd061aa-9198-4ee6-bb28-fc3363c54858/overview

Verdict:

Malicious

Labled as:

Trojan.Agent.oa

Link:

https://www.hybrid-analysis.com/sample/35d622793e0db201e894fe8abd3f0cc78f1074d6328b1ba23ae6a99bddcb520c

Verdict:

Clean

File Type:

exe x32

Link:

https://opentip.kaspersky.com/35d622793e0db201e894fe8abd3f0cc78f1074d6328b1ba23ae6a99bddcb520c/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/a8e862ee-649b-4dc1-9938-771c4a26bff2

Score:

47%

Verdict:

Susipicious

File Type:

Link:

https://malprob.io/report/35d622793e0db201e894fe8abd3f0cc78f1074d6328b1ba23ae6a99bddcb520c

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/7b63ebffa2f8500c8bd6ec1dcc078656

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/35d622793e0db201e894fe8abd3f0cc78f1074d6328b1ba23ae6a99bddcb520c/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/35d622793e0db201e894fe8abd3f0cc78f1074d6328b1ba23ae6a99bddcb520c

Threat name:

Win32.Malware.Heuristic

Status:

Malicious

First seen:

2025-12-10 19:41:27 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

12 of 24 (50.00%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gxlce6j6bwzad2eu72fl2pymy6hra5gwgkfrxir242uzxxolkiga._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery installer

Link:

https://tria.ge/reports/251210-ydzlca1len/

Behaviour

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Verdict:

Suspicious

Tags:

loader guloader

YARA:

NSIS_GuLoader_July_2024

Link:

https://app.threat.zone/submission/a3d6868d-86ba-47bf-b785-9169dabf26ed

Unpacked files

SH256 hash:

35d622793e0db201e894fe8abd3f0cc78f1074d6328b1ba23ae6a99bddcb520c

MD5 hash:

7b63ebffa2f8500c8bd6ec1dcc078656

SHA1 hash:

23872683e5cdcdbf8fd044f5a47fe2f6ad6471fe

Link:

https://www.unpac.me/results/48e4942b-88c6-42e8-bd30-4348c829be18/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Ins_NSIS_Buer_Nov_2020_1 Create hunting rule
Author:	Arkbird_SOLG
Description:	Detect NSIS installer used for Buer loader

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/44215/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample