MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5170053acce4fe85e58ad8311bf54d54926e72489d9a7d36ec2caa2c07faea2c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA 8 File information Comments

SHA256 hash:	5170053acce4fe85e58ad8311bf54d54926e72489d9a7d36ec2caa2c07faea2c
SHA3-384 hash:	7659a2c8f9638efb80ef7308423dc9a3610065c06d3572b098cb15480588d5e9b12b5d958325046e81847d2ddc5e67ad
SHA1 hash:	94d64eb09883c817b422f680bbc57d3ea0f7f09d
MD5 hash:	933c67a74d1b47c2679233fc7975fc68
humanhash:	fourteen-kilo-mike-louisiana
File name:	5170053acce4fe85e58ad8311bf54d54926e72489d9a7d36ec2caa2c07faea2c
Download:	download sample
File size:	8'721'920 bytes
First seen:	2026-05-15 06:43:08 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	dddd95789c6d117404c7c3c56ab141f3
ssdeep	196608:ShoVhS9olKTHVxsnyqUQhr6IHK6KONQW0sw:ShWESlKTHVxLq1hr6GpNQww
TLSH	T1C596E0229142C8F6CC62147E0926FE5C967B71212AEE9D577B9CFD1C4F381B0B93861E
TrID	68.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9) 10.7% (.EXE) Win64 Executable (generic) (6522/11/2) 7.4% (.EXE) Win32 Executable (generic) (4504/4/1) 3.4% (.EXE) Win16/32 Executable Delphi generic (2072/23) 3.3% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
dhash icon	74e4d4d4ecf4d4d4 (23 x GuLoader, 21 x LummaStealer, 20 x AgentTesla)
Reporter	JAMESWT_WT
Tags:	exe Gansu-Shishida-Information-Technology-Co-Ltd signed

Code Signing Certificate

Organisation:	Gansu Shishida Information Technology Co., Ltd.
Issuer:	Sectigo Public Code Signing CA EV R36
Algorithm:	sha256WithRSAEncryption
Valid from:	2026-04-27T00:00:00Z
Valid to:	2027-04-27T23:59:59Z
Serial number:	578b8a96c9a5126336695edf73fc3f51
Intelligence:	16 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	215a6648981ae894ac4c2c0875a52df4c9091be0052274ced0b4f0dd7502063a
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

107

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

exe

Verdict:

No threats detected

Analysis date:

2026-05-15 06:48:09 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/8a307f56-8c13-4734-8815-e430bde6685b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/65994/

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a06c08f46d6967b3d906acf

Tags:

n/a

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

adaptive-context anti-debug borland_delphi fingerprint keylogger packed reconnaissance signed

Link:

https://www.filescan.io/uploads/6a06c08cdf14f1cb2ad6ecb5/reports/2db44ab7-d59e-4ec1-81ac-b37705cfeda4/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/5170053acce4fe85e58ad8311bf54d54926e72489d9a7d36ec2caa2c07faea2c

Verdict:

Malicious

File Type:

exe x32

First seen:

2026-05-14T19:12:00Z UTC

Last seen:

2026-05-16T19:32:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan.Win32.Agent.gen Trojan.Win32.Agent.sb

Link:

https://opentip.kaspersky.com/5170053acce4fe85e58ad8311bf54d54926e72489d9a7d36ec2caa2c07faea2c/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/fad7fc7e-d0a8-4877-9bea-2c1f9d6ac4fb

Score:

15%

Verdict:

Benign

File Type:

Link:

https://malprob.io/report/5170053acce4fe85e58ad8311bf54d54926e72489d9a7d36ec2caa2c07faea2c

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/933c67a74d1b47c2679233fc7975fc68

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5170053acce4fe85e58ad8311bf54d54926e72489d9a7d36ec2caa2c07faea2c/

Verdict:

Malicious

Threat:

Trojan.Win32.Agent

Link:

https://tip.neiki.dev/file/5170053acce4fe85e58ad8311bf54d54926e72489d9a7d36ec2caa2c07faea2c

Threat name:

Win32.Trojan.Delf

Status:

Suspicious

First seen:

2026-05-14 21:36:55 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

7 of 24 (29.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kfyakowm4t7ilzmk3ayrx5knksjg44sitwnh2nxmfsvcyb725iwa._file

Gathering data

Unpacked files

SH256 hash:

5170053acce4fe85e58ad8311bf54d54926e72489d9a7d36ec2caa2c07faea2c

MD5 hash:

933c67a74d1b47c2679233fc7975fc68

SHA1 hash:

94d64eb09883c817b422f680bbc57d3ea0f7f09d

Link:

https://www.unpac.me/results/d295da5c-1434-4af3-bac7-cb092b02ad40/

SH256 hash:

2dbdce24607b8447e28a73e7722bd7d39c5b59fba7bed61c67655d5edf943b7f

MD5 hash:

c5a0748413f790781b55342992cab9b9

SHA1 hash:

5fc0e51a0a7876e0b987306860a0bd92ef7f7c84

Link:

https://www.unpac.me/results/d295da5c-1434-4af3-bac7-cb092b02ad40/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/5170053acce4fe85e58ad8311bf54d54926e72489d9a7d36ec2caa2c07faea2c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BobSoftMiniDelphiBoBBobSoft Create hunting rule
Author:	malware-lu

Rule name:	Borland Create hunting rule
Author:	malware-lu

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	shellcode Create hunting rule
Author:	nex
Description:	Matched shellcode byte patterns

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/65994/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample