MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 420272ca013384b3b207692122d137e7ba58fc45f4d09741faebd55a1d1db5b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 420272ca013384b3b207692122d137e7ba58fc45f4d09741faebd55a1d1db5b4
SHA3-384 hash: 9b1377b933d61045f98d3d036d328c7b4efaea64f0140ce0d514b56d66bc1ba0a2c4d046f56ad7459e6d475d41071999
SHA1 hash: 66079486ba0d84aaa0cb1426f76b4663539a9ada
MD5 hash: e1a76322a88c59164b793bb0eb981fc2
humanhash: yellow-thirteen-oven-november
File name:file
Download: download sample
File size:13'292'400 bytes
First seen:2025-09-21 04:02:33 UTC
Last seen:2025-09-22 04:02:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 477d18571c33a943fe034e6a2030d196
ssdeep 393216:dDLYk7a7rG49MTTeY890/3meXABEI+eJL:dHYk7a7rGp33m6qJh
TLSH T16BD612DA64D111ECC892C970E38D57FDF18974490EB9682F7FC619016B32C9AC8E6E36
TrID 48.7% (.EXE) Win64 Executable (generic) (10522/11/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe signed

Code Signing Certificate

Organisation:X PROGRAMM LTD
Issuer:GlobalSign GCC R45 EV CodeSigning CA 2020
Algorithm:sha256WithRSAEncryption
Valid from:2025-08-15T14:05:01Z
Valid to:2028-08-15T14:05:01Z
Serial number: 78ac5947ab494cbc9844608c
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 0be646e647a1dd50ff587e50d6597e1fd955dc9f9edeae26c820c118239b87b7
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
Bitsight
url: http://178.16.54.200/files/7639673951/lWwIInC.exe

Intelligence

File Origin
# of uploads :
5
# of downloads :
99
Origin country :
US US
Vendor Threat Intelligence
Malware family:
amadey
Create hunting rule
ID:
1
File name:
random.exe
Verdict:
Malicious activity
Analysis date:
2025-09-20 20:24:45 UTC
Tags:
stealc stealer auto-drop amadey vidar botnet unlocker-eject tool arch-exec themida auto-reg rdp loader evasion arch-doc auto-startup python miner auto coinminer
Link:
https://app.any.run/tasks/e9ae8a2a-a6a3-4637-b0c6-0fe38d6441db

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28482/
Detection(s):
SecuriteInfo.com.Win64.MalwareX-gen.56455274.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68cf7907b9aaf2ff3403b561
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
microsoft_visual_cc obfuscated obfuscated packed packed packer_detected signed threat vmprotect
Link:
https://www.filescan.io/uploads/68cf790b254431b688d747dd/reports/5c8e80c2-b981-4e63-a92b-d6e45f2a207d/overview
Verdict:
Suspicious
Labled as:
Malware_52.3
Link:
https://www.hybrid-analysis.com/sample/420272ca013384b3b207692122d137e7ba58fc45f4d09741faebd55a1d1db5b4
Verdict:
Clean
File Type:
exe x64
First seen:
2025-09-19T09:05:00Z UTC
Last seen:
2025-09-19T09:05:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/420272ca013384b3b207692122d137e7ba58fc45f4d09741faebd55a1d1db5b4/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b6edafab-0c7e-4880-94e5-4e724f2bdd93
Score:
97%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/420272ca013384b3b207692122d137e7ba58fc45f4d09741faebd55a1d1db5b4
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/e1a76322a88c59164b793bb0eb981fc2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/420272ca013384b3b207692122d137e7ba58fc45f4d09741faebd55a1d1db5b4/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-09-19 15:28:06 UTC
File Type:
PE+ (Exe)
Extracted files:
3
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iibhfsqbgoclhmqhneqsfujx465fr7cf6tijoqp25pkvuhi5ww2a._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/250921-emkn1a11fw/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/cca977fe-da4c-4d2a-a8fc-3c0ddab1903c
Unpacked files
SH256 hash:
420272ca013384b3b207692122d137e7ba58fc45f4d09741faebd55a1d1db5b4
MD5 hash:
e1a76322a88c59164b793bb0eb981fc2
SHA1 hash:
66079486ba0d84aaa0cb1426f76b4663539a9ada
Link:
https://www.unpac.me/results/9771148c-d05a-416f-9485-6391af1528bd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/420272ca013384b3b207692122d137e7ba58fc45f4d09741faebd55a1d1db5b4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 420272ca013384b3b207692122d137e7ba58fc45f4d09741faebd55a1d1db5b4

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3628233/
  
URLhaus
https://urlhaus.abuse.ch/url/3628234/
Cape
Cape
https://www.capesandbox.com/analysis/28482/

Comments