MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45415f110b7961eea726dd3b1c07ebed2bbc44d13e8d92d0d8bd1304ba145d73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments

SHA256 hash: 45415f110b7961eea726dd3b1c07ebed2bbc44d13e8d92d0d8bd1304ba145d73
SHA3-384 hash: e73d66c2147cd84a37aedb30ca7faf81b1e340c15ebdcba65c5cd2dd64454463036cc8d639ea8dd052409c05d27e5b0a
SHA1 hash: cc7b8f647406840c119aca58278b120534e8194e
MD5 hash: 595eb28f84979f035375a35efe92c259
humanhash: quiet-lion-whiskey-west
File name:Installer.msi
Download: download sample
File size:1'388'544 bytes
First seen:2026-07-05 18:58:00 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 24576:PET2+6lAvtemMo+yW5WIDg9coGOdz0iXN:Pw2BKbM8W5W9p77d
TLSH T1E055AE57BE9104A5D4660E71C5B3B364AE36BC0433A0889A1379F13CCEFB6D0A57A7D2
TrID 80.0% (.MSI) Microsoft Windows Installer (454500/1/170)
10.7% (.MST) Windows SDK Setup Transform script (61000/1/5)
7.8% (.MSP) Windows Installer Patch (44509/10/5)
1.4% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter aachum
Tags:i-odsports-com msi


Avatar
iamaachum
https://www.reddit.com/r/huion/comments/1pd229r/free_download_photoshop_2026_v27_trick/ => https://www.mediafire.com/file/ysjbwroo2div528/Adobe_Photoshop_2026_v27.0_%2528x64%2529.rar/file

C2: https://i-odsports.com/aycha/saver.php

Intelligence


File Origin
# of uploads :
1
# of downloads :
49
Origin country :
ES ES
Vendor Threat Intelligence
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
expand expired-cert installer lolbin rundll32 signed
Verdict:
Clean
File Type:
msi
First seen:
2026-01-06T09:08:00Z UTC
Last seen:
2026-07-01T23:24:00Z UTC
Hits:
~10
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
56 / 100
Signature
Joe Sandbox ML detected suspicious sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Gathering data
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery persistence privilege_escalation
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Event Triggered Execution: Installer Packages
System Location Discovery: System Language Discovery
Enumerates connected drives
Loads dropped DLL
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:NET
Author:malware-lu

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Microsoft Software Installer (MSI) msi 45415f110b7961eea726dd3b1c07ebed2bbc44d13e8d92d0d8bd1304ba145d73

(this sample)

Comments