MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad
SHA3-384 hash: 2bd422d62cc643d7543b5ae321ea0bcadc6c1843b99376e9a28e9e1fd5fe8fb743d058f6b14a8898e120e27261ef9864
SHA1 hash: f7910d943a013eede24ac89d6388c1b98f8b3717
MD5 hash: 32f3c40b0ed1c5cf23430be7f9eb7b06
humanhash: uncle-lake-bacon-thirteen
File name:_3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad.dll
Download: download sample
File size:85'504 bytes
First seen:2026-02-03 02:44:20 UTC
Last seen:2026-02-03 03:34:34 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 6e0c507abd1e399c9f4a687429fd2bbf
ssdeep 1536:l37Q8zFxFa/kgno6Xkf4PtmfTitry3LCuBscOp2Z6UsWwycdb0VGl0zA6r/aP:ls8zFxhgno62utcitry3LCuqz2Qfb0Vy
TLSH T193835A01B5A1C175E9BE19354428DA754B3EB910DEE1DEAB7789067E4F302C2EE30D2B
TrID 32.2% (.EXE) Win64 Executable (generic) (10522/11/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4504/4/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter TheRadarGuy
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
109
Origin country :
CA CA
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/51378/
Detection(s):
SecuriteInfo.com.Win32.MalwareX-gen.11371658.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69815b302198a42a68054e3c
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad
Verdict:
Malicious
File Type:
dll x32
First seen:
2025-12-03T04:41:00Z UTC
Last seen:
2025-12-09T21:30:00Z UTC
Hits:
~10
Detections:
Trojan.Win32.Agentb.tnyv
Link:
https://opentip.kaspersky.com/3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/867ec774-61f0-4385-84b5-a1ce5356ed4a
Score:
34%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/32f3c40b0ed1c5cf23430be7f9eb7b06
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad/
Verdict:
Malicious
Threat:
Trojan.Win32.Agentb
Link:
https://tip.neiki.dev/file/3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad
Threat name:
Win32.Trojan.FatBeehive
Create hunting rule
Status:
Malicious
First seen:
2025-10-08 05:41:34 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
13 of 36 (36.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hpoeybrxlekth4oudgfhfizue3ab62n5fyk453supbtpmxrgw6wq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/260203-c8b8msgx5g/
Behaviour
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Unpacked files
SH256 hash:
3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad
MD5 hash:
32f3c40b0ed1c5cf23430be7f9eb7b06
SHA1 hash:
f7910d943a013eede24ac89d6388c1b98f8b3717
Link:
https://www.unpac.me/results/1933f0a9-1738-47cf-a7ce-e2d5422a0de7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/51378/

Comments