MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5140c7701c1f7dddfc0e53071661cebd40d576a02bca960be3199c22a0c60739. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5140c7701c1f7dddfc0e53071661cebd40d576a02bca960be3199c22a0c60739
SHA3-384 hash: fb88cea815f66949fdbd134f38781ef0daa30b4f0c942b20fddf67ff73ddd7de9b1ec26606d7f46bd67298cfea2b1bbe
SHA1 hash: 679a886b8f8c1cab141d43c7a0a03341b1078c76
MD5 hash: b3da4e24b4f466611478e488e49b7d3f
humanhash: angel-ohio-enemy-burger
File name:CrashRep.exe
Download: download sample
File size:2'345'472 bytes
First seen:2025-12-26 01:27:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 15e25e773d4ff8e7bd5353cc79dd70e4
ssdeep 49152:bo0ZS4gjKYylUDW+1xHGSx9ImWHE0fyc48N1tiG:k0ZS4guYiY1xmSx9IfE0fy
TLSH T16AB523CAACAD49B5C043CF70085376F6224F779ACEE5180C1AC9DCC67E32A974156B6B
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Ling
Tags:exe sabsik Trojan:Win32/Sabsik.EN.A!ml


Avatar
CNGaoLing
Trojan:Win32/Sabsik.EN.A!ml

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
CrashRep.zip
Verdict:
No threats detected
Analysis date:
2025-12-25 13:36:32 UTC
Tags:
arch-exec
Link:
https://app.any.run/tasks/ba4d9ec7-34bb-40c9-8739-b17001ed2299

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/46124/
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694dc78d038f10550b55cbe3
Tags:
vmprotect virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated packed packed unsafe vmprotect
Link:
https://www.filescan.io/uploads/694de4ace8abb702f8066178/reports/af2c1bbf-bbba-4677-a3c9-2658e9cab1e5/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/5140c7701c1f7dddfc0e53071661cebd40d576a02bca960be3199c22a0c60739
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-12-25T10:32:00Z UTC
Last seen:
2025-12-27T06:38:00Z UTC
Hits:
~100
Detections:
Trojan.Win64.Agentb.lfwx
Link:
https://opentip.kaspersky.com/5140c7701c1f7dddfc0e53071661cebd40d576a02bca960be3199c22a0c60739/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ab178053-45a2-4d5c-b984-7453d2a999be
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/5140c7701c1f7dddfc0e53071661cebd40d576a02bca960be3199c22a0c60739
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/b3da4e24b4f466611478e488e49b7d3f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5140c7701c1f7dddfc0e53071661cebd40d576a02bca960be3199c22a0c60739/
Verdict:
Malicious
Threat:
Trojan.Win64.Agentb
Link:
https://tip.neiki.dev/file/5140c7701c1f7dddfc0e53071661cebd40d576a02bca960be3199c22a0c60739
Threat name:
Win64.Packed.VMProtect
Create hunting rule
Status:
Suspicious
First seen:
2025-12-25 23:23:59 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
14 of 24 (58.33%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kfamo4a4d56537aokmdrmyooxvank5vafpfjmc7ddgocfigga44q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251226-bvrwhawrfn/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/24d45555-0452-4759-91e0-74e8d5c1cc66
Unpacked files
SH256 hash:
5140c7701c1f7dddfc0e53071661cebd40d576a02bca960be3199c22a0c60739
MD5 hash:
b3da4e24b4f466611478e488e49b7d3f
SHA1 hash:
679a886b8f8c1cab141d43c7a0a03341b1078c76
Link:
https://www.unpac.me/results/90c295f3-6ff2-4bb9-b3dd-0cdf99f03b03/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.74
Link:
https://yomi.yoroi.company/submissions/5140c7701c1f7dddfc0e53071661cebd40d576a02bca960be3199c22a0c60739

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5140c7701c1f7dddfc0e53071661cebd40d576a02bca960be3199c22a0c60739

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/46124/

Comments