MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b2107d95c3261840a86ae3b07666326289e631cb04246a300699469766c3918. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 12

Intelligence 12 IOCs YARA 1 File information Comments

SHA256 hash:	3b2107d95c3261840a86ae3b07666326289e631cb04246a300699469766c3918
SHA3-384 hash:	0a6b1ef9068aa40d8890bba4b4657d2a3e40d3d253d14be35bbc1079e124df1699e656e3b840c97104d732864a33b6bf
SHA1 hash:	12eb55f2bdba06c4a488192aec6487346545e87c
MD5 hash:	c415344da156818b5fbc5e531a1bf80e
humanhash:	freddie-eleven-thirteen-pip
File name:	KMSpico 2024 18.6.10 Final [Windows And Office Activator].exe
Download:	download sample
File size:	25'310'053 bytes
First seen:	2025-12-23 19:36:52 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f4639a0b3116c2cfc71144b88a929cfd (98 x GuLoader, 53 x Formbook, 39 x VIPKeylogger)
ssdeep	786432:Dgg3U9h7VB6xd7V6dNaTL2qELZba5mfUs7D:Dgych7LS7VoUL2llaSD
TLSH	T1814733DBCB22A1A7D41047B1E36423AE279ED9180654F98183D4CB6EFE5534BCCB9F81
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10522/11/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	aachum
Tags:	exe OffLoader

iamaachum

https://downloadtorrentfile.com/hash/a55e02203073dfa9404ae90ddd3649f04572cf55?name=KMSpico%202024%2018.6.10%20Final%20%5bWindows%20And%20Office%20Activator%5d

OffLoader C2:
riddlecare.xyz
tripbike.info

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

NSIS

Details

NSIS

extracted archive contents

Link:

https://research.acce.ciphertechsolutions.com/results/27c2ff78-1eb4-4f43-8b0d-741c5460acd8/

Malware family:

n/a

ID:

File name:

_3b2107d95c3261840a86ae3b07666326289e631cb04246a300699469766c3918.exe

Verdict:

No threats detected

Analysis date:

2025-12-23 19:37:40 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e05e231a-12a0-4f46-be53-09972ff1517f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/45931/

Verdict:

Clean

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=694aef6f01c7b4a8fe552ed6

Tags:

n/a

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug blackhole installer installer installer-heuristic microsoft_visual_cc nsis overlay

Link:

https://www.filescan.io/uploads/694aef6be126b9ff438eda51/reports/36cb4beb-4c40-465a-b263-b3c0fb07a422/overview

Verdict:

Malicious

Labled as:

TR/Dropper.Generic

Link:

https://www.hybrid-analysis.com/sample/3b2107d95c3261840a86ae3b07666326289e631cb04246a300699469766c3918

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-12-23T16:43:00Z UTC

Last seen:

2025-12-23T17:08:00Z UTC

Hits:

~10

Detections:

Trojan-Downloader.OffLoader.HTTP.C&C PDM:Trojan.Win32.Generic HEUR:Trojan-Proxy.Win64.Microleaves.gen HEUR:Trojan-Downloader.Win32.OffLoader.gen Trojan.Win64.Agent.sb BSS:Exploit.Win32.Generic.nblk BSS:Exploit.Win32.Generic BSS:Trojan.Win32.Generic Trojan-PSW.Win32.Lumma.sb Trojan.Win64.Agent.smfffv HEUR:Trojan-Downloader.OLE2.Agent.gen Downloader.Agent.HTTP.C&C not-a-virus:HEUR:AdWare.Win32.AdUpdater.gen

Link:

https://opentip.kaspersky.com/3b2107d95c3261840a86ae3b07666326289e631cb04246a300699469766c3918/results?tab=lookup

Result

Threat name:

n/a

Detection:

malicious

Classification:

troj

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1838411

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Performs DNS queries to domains with low reputation

Behaviour

Behavior Graph:

Download SVG

Score:

89%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/3b2107d95c3261840a86ae3b07666326289e631cb04246a300699469766c3918

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

Executable NSIS Installer PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/c415344da156818b5fbc5e531a1bf80e

Gathering data

Verdict:

Malicious

Threat:

Trojan-PSW.Win32.Lumma

Link:

https://tip.neiki.dev/file/3b2107d95c3261840a86ae3b07666326289e631cb04246a300699469766c3918

Threat name:

Win32.Trojan.OffLoader

Status:

Malicious

First seen:

2025-12-23 19:37:19 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

15 of 36 (41.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hmqqpwk4gjqyicugvy5qoztdeyuj4yy4wbbeniyangkgs5tmhema._file

Gathering data

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/d728d92f-5928-4a3b-ad08-fe6fbf3a1c0d

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3b2107d95c3261840a86ae3b07666326289e631cb04246a300699469766c3918

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Detect_NSIS_Nullsoft_Installer Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects NSIS installers by .ndata section + NSIS header string

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 3b2107d95c3261840a86ae3b07666326289e631cb04246a300699469766c3918

(this sample)

Link

https://tria.ge/251223-x3zf7s1mf1/behavioral2

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/45931/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample