MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a97a8f2d3be52a3567941087f20097774b22275860992bc29c6e03ca9d46f2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.Techsnab


Vendor detections: 10


Intelligence 10 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a97a8f2d3be52a3567941087f20097774b22275860992bc29c6e03ca9d46f2e
SHA3-384 hash: 781ce5d427783ee3aec6f467070dbce97d872ba3e67aba74847014dbbe75fb1b858fde40b5195b256bf84a10991336e1
SHA1 hash: dd105c8aa98bf5f3b466b89d7f40665c7f96f8c1
MD5 hash: 253df2b709aa881a96499a42e6746311
humanhash: bulldog-five-december-avocado
File name:file
Download: download sample
Signature Adware.Techsnab
Create hunting rule
File size:10'370'802 bytes
First seen:2026-01-21 05:34:01 UTC
Last seen:2026-01-21 06:21:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5939410b96773d14b36f2ddd9c7141f3 (2 x Adware.Techsnab, 1 x LunaStealer)
ssdeep 196608:v2tAkZ6qScGDnZXRs6q7mFMxGKE1eos35Hg5uSXinsnoIXSnair4aw41:v2V09FFK7aeos3pg52nqoI8C41
TLSH T14DA6337036D5801BC8AB6C7EA0A8CF375916BD252762D2DFB2488075EAA11D0D17F8B7
TrID 56.8% (.EXE) InstallShield setup (43053/19/16)
13.8% (.EXE) Win64 Executable (generic) (10522/11/4)
8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.9% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter Bitsight
Tags:Adware.Techsnab dropped-by-amadey exe fbf543


Avatar
Bitsight
url: http://130.12.180.43/files/7717526653/hqAJhdS.exe

Intelligence

File Origin
# of uploads :
9
# of downloads :
149
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
PyInstaller
Details
PyInstaller
a compiled assembly and a Python version
Link:
https://research.acce.ciphertechsolutions.com/results/67a1fb6f-016a-4b24-9688-d325476183a4/
Malware family:
n/a
ID:
1
File name:
_4a97a8f2d3be52a3567941087f20097774b22275860992bc29c6e03ca9d46f2e.exe
Verdict:
Malicious activity
Analysis date:
2026-01-21 05:35:31 UTC
Tags:
pyinstaller python auto-startup arch-scr
Link:
https://app.any.run/tasks/c0f990f0-ee1b-4ef4-8809-1c355da53b1f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/49606/
Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6970655af3cf908ba506e4e7
Tags:
installer phishing extens sage
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
crypt expand expired-cert installer-heuristic lolbin microsoft_visual_cc overlay packed packed pyinstaller pyinstaller short-lived-cert
Link:
https://www.filescan.io/uploads/6970655355805a763fec6325/reports/213e48b1-1399-41a1-bc50-a6614ade3966/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/4a97a8f2d3be52a3567941087f20097774b22275860992bc29c6e03ca9d46f2e
Result
Gathering data
Verdict:
Clean
File Type:
exe x32
Link:
https://opentip.kaspersky.com/4a97a8f2d3be52a3567941087f20097774b22275860992bc29c6e03ca9d46f2e/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/80be50d8-1c1b-4ffc-baa0-2f6b8101e6d6
Score:
97%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/4a97a8f2d3be52a3567941087f20097774b22275860992bc29c6e03ca9d46f2e
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/253df2b709aa881a96499a42e6746311
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4a97a8f2d3be52a3567941087f20097774b22275860992bc29c6e03ca9d46f2e/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/4a97a8f2d3be52a3567941087f20097774b22275860992bc29c6e03ca9d46f2e
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jkl2r4wtxzjkgvtzieeh6iajo52leitvqyezfpbjy3qdzkoun4xa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery execution pyinstaller
Link:
https://tria.ge/reports/260121-f9jwnagy7g/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Enumerates processes with tasklist
Checks computer location settings
Drops startup file
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
4a97a8f2d3be52a3567941087f20097774b22275860992bc29c6e03ca9d46f2e
MD5 hash:
253df2b709aa881a96499a42e6746311
SHA1 hash:
dd105c8aa98bf5f3b466b89d7f40665c7f96f8c1
Link:
https://www.unpac.me/results/df2439b2-f878-41e2-bfc5-e51e809da03c/
SH256 hash:
59962ae75c4c8f2739bff66b6e4fe92d50f13aeb3ed38e218d4fa013919c206b
MD5 hash:
4b75e094206b91cf34454f46e36dd5d7
SHA1 hash:
a28d95efb9b79f467d3f3562662e7e8ffe9adefe
Link:
https://www.unpac.me/results/df2439b2-f878-41e2-bfc5-e51e809da03c/
SH256 hash:
64a65ca297a879839e436269d1f8a257b7411d667c0988a4fbcd56729543d632
MD5 hash:
d8f2f3239154652f8da2427bed77cd00
SHA1 hash:
10af07cfd716c55bb204a495f638d2ebc997bf4a
Link:
https://www.unpac.me/results/df2439b2-f878-41e2-bfc5-e51e809da03c/
SH256 hash:
8dd682b158496623237d0d2acdd24156b791d91cbf0705a013a52137a7b3ae22
MD5 hash:
a12f68a8210588c4ecea30b5c1a15731
SHA1 hash:
c0716e8646e13bbb8fa778eaa6b5995b3e1c9267
Link:
https://www.unpac.me/results/df2439b2-f878-41e2-bfc5-e51e809da03c/
SH256 hash:
b982741576a050860c3f3608c7b269dbd35ab296429192b8afa53f1f190069c0
MD5 hash:
74d2b5e0120a6faae57042a9894c4430
SHA1 hash:
592f115016a964b7eb42860b589ed988e9fff314
Link:
https://www.unpac.me/results/df2439b2-f878-41e2-bfc5-e51e809da03c/
SH256 hash:
bf33857f46e56ea7930c1eea25c5f7175a6aaa3df36bf8301a785e6ca726a0b9
MD5 hash:
c33386a6e67be415a24d9c431ffd42ac
SHA1 hash:
f2f23860916471bdc332b3bd3e88deef64d4432b
Link:
https://www.unpac.me/results/df2439b2-f878-41e2-bfc5-e51e809da03c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4a97a8f2d3be52a3567941087f20097774b22275860992bc29c6e03ca9d46f2e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:dependsonpythonailib
Create hunting rule
Author:Tim Brown
Description:Hunts for dependencies on Python AI libraries
Rule name:Detect_PyInstaller
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects PyInstaller compiled executables across platforms
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller. This rule by itself does NOT necessarily mean the detected file is malicious.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Adware.Techsnab

Executable exe 4a97a8f2d3be52a3567941087f20097774b22275860992bc29c6e03ca9d46f2e

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3761120/
Cape
Cape
https://www.capesandbox.com/analysis/49606/

Comments