MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4be9f926d3e4110fde3d85ddf93785ca1477aac137ded1e49e4e7d337fb71252. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4be9f926d3e4110fde3d85ddf93785ca1477aac137ded1e49e4e7d337fb71252
SHA3-384 hash: 96a6c91cd8aadbc4c5814a62329e2126ef818dd0c42da6d332e8163cd37962edc0cfe8d8906bae800d2c2217840af0db
SHA1 hash: 9a8f840a144436140f1445ed6fb7b94c8a6e3e20
MD5 hash: 698ec3764da54f41ca7bf005114552a3
humanhash: glucose-edward-steak-black
File name:Google_Broswer_2026.01.26.msi
Download: download sample
File size:78'534'656 bytes
First seen:2026-01-27 07:49:29 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 1572864:77D8lopqPJhspfXsq0gD3QCETSryJ/7YHCRqc+0PcoaHbEI4V89Iuj8:73k44TafXsQECEGUpq9a69IC
TLSH T17B08332675878A31C62F1737C561FE1C09793FA6372B80E7F2A4BC6B4472EC2A475942
TrID 80.0% (.MSI) Microsoft Windows Installer (454500/1/170)
10.7% (.MST) Windows SDK Setup Transform script (61000/1/5)
7.8% (.MSP) Windows Installer Patch (44509/10/5)
1.4% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter zhuzhu0009
Tags:msi

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
SC SC
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/31a64ab9-fd66-4f07-8a78-8937e7039898/
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69786e296fa3eed1652f6f09
Tags:
shellcode virus blic
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm at base64 CAB cmd donut evasive expand expired-cert expired-cert explorer fingerprint fingerprint installer large-file lolbin lolbin miner packed packed wix
Link:
https://www.filescan.io/uploads/69786e5a12c4ad8c08577712/reports/b0296543-5f94-4f45-9cb6-c628bca998f9/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/4be9f926d3e4110fde3d85ddf93785ca1477aac137ded1e49e4e7d337fb71252
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/4be9f926d3e4110fde3d85ddf93785ca1477aac137ded1e49e4e7d337fb71252
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
File Type:
msi
First seen:
2026-01-27T04:06:00Z UTC
Last seen:
2026-01-28T12:37:00Z UTC
Hits:
~10
Detections:
Trojan.Win32.DLLhijack.sb Trojan.Win32.DLLhijack.adsm Trojan.Win32.AutoRun.gen Trojan.Win32.Shellcode.sb Trojan.Win32.Inject.sb Trojan.Win32.Agent.sb HEUR:Trojan.OLE2.Autorun.gen
Link:
https://opentip.kaspersky.com/4be9f926d3e4110fde3d85ddf93785ca1477aac137ded1e49e4e7d337fb71252/results?tab=lookup
Score:
50%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/4be9f926d3e4110fde3d85ddf93785ca1477aac137ded1e49e4e7d337fb71252
Gathering data
Verdict:
Malicious
Threat:
Trojan.Win32.Inject
Link:
https://tip.neiki.dev/file/4be9f926d3e4110fde3d85ddf93785ca1477aac137ded1e49e4e7d337fb71252
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-27 07:51:23 UTC
File Type:
Binary (Archive)
Extracted files:
5586
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jpu7sjwt4qiq7xr5qxo7sn4fzikhpkwbg7pndze6jz6tg75xcjja._file
Verdict:
malicious
Label(s):
donutloader
Create hunting rule
Similar samples:
error
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery persistence privilege_escalation
Link:
https://tria.ge/reports/260127-jn7blsgt2a/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Event Triggered Execution: Installer Packages
System Location Discovery: System Language Discovery
Enumerates connected drives
Loads dropped DLL
Malware family:
ValleyRAT
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/4be9f926d3e4/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Detect_MSI_LATAM_Banker_From_LatAm
Create hunting rule
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments