MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b03b45e74aef322b612edc9957cd3f90ae84e3e18e917fec62bfecfb82dcaa1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	3b03b45e74aef322b612edc9957cd3f90ae84e3e18e917fec62bfecfb82dcaa1
SHA3-384 hash:	ef012e2027f0aa62c10ed22d3819889eeb9f5e67eb3fc5c11652427c9eef4705e4076b4df8081491e908a85ea14031d5
SHA1 hash:	91c5720a25c3d636870d0b5ae36a37f8a4c895f4
MD5 hash:	b283112f1c1a38261011650a96c38185
humanhash:	tango-fifteen-mike-carpet
File name:	dank.tool-[installer].exe
Download:	download sample
File size:	92'540'968 bytes
First seen:	2025-06-12 13:00:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	40ab50289f7ef5fae60801f88d4541fc (59 x ValleyRAT, 49 x Gh0stRAT, 41 x OffLoader)
ssdeep	1572864:ErehwIyhhepY+vEDX8O/7SiQ0vUcaGUA5Vq/NjFvNXNPtsZd2ogCS2rg+y0F:EShUy3vEJ7SMlaGUA5VmvNXNid2lCdgM
TLSH	T15E183332ABD7E27AE02D27330673761898B76641B423DE91D7D084ECCF614A41FAF586
TrID	62.3% (.EXE) Inno Setup installer (107240/4/30) 24.1% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9) 6.1% (.EXE) Win64 Executable (generic) (10522/11/4) 2.6% (.EXE) Win32 Executable (generic) (4504/4/1) 1.2% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Magika	pebin
dhash icon	040055aad25c0050
Reporter	burger
Tags:	exe signed

Code Signing Certificate

Organisation:	https://github.com/SirDank
Issuer:	https://github.com/SirDank
Algorithm:	sha256WithRSAEncryption
Valid from:	2024-02-14T18:05:11Z
Valid to:	2025-02-14T18:25:11Z
Serial number:	35c47eb4db92c6bf414ec8c8cb192c11
Thumbprint Algorithm:	SHA256
Thumbprint:	1d7ddcb64391206ac83c1d4b0fd7305e599f877524f5fd8fd6208adfeae52c60
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

763

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

dank.tool-installer.exe

Verdict:

No threats detected

Analysis date:

2025-06-12 12:51:57 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/cb478f3e-0dfe-4241-bbf4-a07d45aa5e09

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=684acd6f07b5e8c1cfe6789e

Tags:

ransomware extens xtreme

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Сreating synchronization primitives

Searching for synchronization primitives

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

adaptive-context embarcadero_delphi expired-cert fingerprint installer overlay packed signed

Link:

https://www.filescan.io/uploads/684acfa5171e01f9593e5d60/reports/6788e73d-1b0c-4f9b-b9ff-2fe74f2fd173/overview

Verdict:

Malicious

Link:

https://www.hybrid-analysis.com/sample/3b03b45e74aef322b612edc9957cd3f90ae84e3e18e917fec62bfecfb82dcaa1

Result

Threat name:

n/a

Detection:

clean

Classification:

n/a

Score:

16 / 100

Link:

https://www.joesandbox.com/analysis/1713269

Signature

AI detected suspicious PE digital signature

Behaviour

Behavior Graph:

n/a

Score:

Verdict:

Benign

File Type:

Link:

https://malprob.io/report/3b03b45e74aef322b612edc9957cd3f90ae84e3e18e917fec62bfecfb82dcaa1

Gathering data

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hmb3ixtuv3zsfnqs5xezk7gt7efoqtr6ddurp7wgfp7m7obnzkqq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/250612-p85leavm14/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Executes dropped EXE

Loads dropped DLL

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/5cac6edf-c3ac-43e1-94c3-3fb1dbe2d609

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample