MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 452a92a4ff9639259c0aae08fcb4fe30e93c8843a4cf301b9746e8e6b899bb74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AgentTesla


Vendor detections: 19


Intelligence 19 IOCs YARA 5 File information Comments

SHA256 hash: 452a92a4ff9639259c0aae08fcb4fe30e93c8843a4cf301b9746e8e6b899bb74
SHA3-384 hash: c10ab4d8f40ad403bb3b5e582862d8ce90ca04b44ccdf6dbee59482f82ed0ce39ed6527496c3b68256d268d63e28876d
SHA1 hash: 5c372345876f52e89d82daa10a778ea6674c7a61
MD5 hash: f07826cd8101059cbab00ca5244d70d7
humanhash: connecticut-queen-hot-delaware
File name:PI.exe
Download: download sample
Signature AgentTesla
File size:1'063'424 bytes
First seen:2026-07-06 09:07:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (49'101 x AgentTesla, 20'116 x Formbook, 12'356 x SnakeKeylogger)
ssdeep 12288:ikqNZvt1339JCzll10/MLR/3a5py716bCMGPOr+e4ggVqcxNagXMPIl3/EwJ6l:iT13NJC5HPxaXywIPOr+e4ggVqGXOIN
Threatray 1'743 similar samples on MalwareBazaar
TLSH T1E135BEEA7B79D582DC2D2B7454234E6716A4F88C412DFB0E6F87E7AA5E217783413083
TrID 73.9% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
6.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win64 Executable (generic) (6522/11/2)
4.5% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
dhash icon 30e0f4f0f8e8f030 (3 x AgentTesla)
Reporter adrian__luca
Tags:AgentTesla exe

Intelligence


File Origin
# of uploads :
1
# of downloads :
363
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
_452a92a4ff9639259c0aae08fcb4fe30e93c8843a4cf301b9746e8e6b899bb74.exe
Verdict:
Malicious activity
Analysis date:
2026-07-06 09:21:58 UTC
Tags:
netreactor stealer evasion ip-check

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
91.7%
Tags:
agenttesla virus micro
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
base64 obfuscated obfuscated packed vbnet
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-07-03T07:36:00Z UTC
Last seen:
2026-07-08T01:50:00Z UTC
Hits:
~100
Detections:
Trojan-PSW.MSIL.Agent.sb Trojan-PSW.MSIL.Agensla.g HEUR:Trojan-Spy.MSIL.Agent.sb HEUR:Trojan-PSW.MSIL.Agensla.gen Trojan.Win32.Agent.sb Trojan-Spy.Stealer.FTP.C&C Trojan.MSIL.Inject.b Trojan-PSW.Win32.Disco.sb Trojan-PSW.MSIL.Agensla.sb Trojan-PSW.MSIL.Agensla.d Trojan-PSW.Agensla.TCP.C&C PDM:Trojan.Win32.Generic Trojan.MSIL.Inject.sb Trojan-PSW.Win32.Stealer.sb
Gathering data
Threat name:
Win32.Trojan.AgentTesla
Status:
Malicious
First seen:
2026-07-03 12:56:19 UTC
File Type:
PE (.Net Exe)
Extracted files:
41
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Result
Malware family:
agenttesla
Score:
  10/10
Tags:
family:agenttesla adware collection discovery keylogger persistence ransomware spyware stealer trojan
Behaviour
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
outlook_office_path
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Enumerates connected drives
Looks up external IP address via web service
.NET Reactor proctector
Boot or Logon Autostart Execution: Active Setup
Family: AgentTesla
Unpacked files
SH256 hash:
452a92a4ff9639259c0aae08fcb4fe30e93c8843a4cf301b9746e8e6b899bb74
MD5 hash:
f07826cd8101059cbab00ca5244d70d7
SHA1 hash:
5c372345876f52e89d82daa10a778ea6674c7a61
SH256 hash:
a61833673c20df4fdf93c39091fb162a14a21f629096e0e69e54ad97430a0d15
MD5 hash:
011b230b55c6289054e28c639b135e3c
SHA1 hash:
51a29da09f17b7c084b937b6a25d2be5fec1a427
SH256 hash:
352ce702aafbbb7253872bfb6c55ab6d7bba6a4cc83cce427fb4c863331ef566
MD5 hash:
49958de928f9f15a55256e22329deea8
SHA1 hash:
55042bb541e4516b4a58a6c449abc8e9c0c6a69b
Detections:
win_agent_tesla_g2 triage_agenttesla_infostealer
SH256 hash:
03aa779297ddd61cd4257b708b7e3f7647a3390dc1e20543843ef65f00387aec
MD5 hash:
96cc846d0cc71d47a13130b75e526b10
SHA1 hash:
82c345b7bb4c6207b77f13f189ce6f2f21c83918
SH256 hash:
d23b2d9f7ced2d68963549e761d9e9c1429edaa8b9731166bf327e7027d46fca
MD5 hash:
e5a58448249eac04228becb34e1b9f10
SHA1 hash:
acdd173e7748014a5de72fef722b176ef1917b2e
SH256 hash:
a309017db41f600fad4bc20032d71acc33dddde5606caf23576d2cfa4a7740bf
MD5 hash:
35519d4da7ddcc4d53d06a043f8824ce
SHA1 hash:
d64aed63d381323d1e9d823495fc3a97c424613c
Malware family:
AgentTesla
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Author:malware-lu
Rule name:NETexecutableMicrosoft
Author:malware-lu
Rule name:pe_imphash
Rule name:Skystars_Malware_Imphash
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_CMD_Powershell_Usage
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 452a92a4ff9639259c0aae08fcb4fe30e93c8843a4cf301b9746e8e6b899bb74

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments