MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5175ae4c75a8e1d10decb0a787d31784a986cafe5e4a24d3aa0eb7e7748f916f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5175ae4c75a8e1d10decb0a787d31784a986cafe5e4a24d3aa0eb7e7748f916f
SHA3-384 hash: fe54c359a8b53341948332e2a2220b8c1958664fdfa6986c89ff3915a74d33dd5c519f1e9bf71413ab02df8e9e351dfa
SHA1 hash: 10cbede4ec4039523e7c64bb02874d6cc8550875
MD5 hash: 19155aba12e6874622c5691aaa6fe8fe
humanhash: comet-delaware-wisconsin-washington
File name:file
Download: download sample
File size:17'345'280 bytes
First seen:2026-03-14 22:38:26 UTC
Last seen:2026-03-14 23:19:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d9d4fa0f734aa85e027438ca479fbf7
ssdeep 393216:ZpAN4fZvO1qoo9t9rB6O+lwaD6Tqwr6dMxgBF8IHbOs+:PIms1sr9mlwjX/gBF88Ks+
TLSH T1F00733EDA6F13CA8CE92D571EA1A82F5F2652C080CB500177F463F851D3E867DDADA21
TrID 51.9% (.EXE) Win64 Executable (generic) (6522/11/2)
16.1% (.EXE) OS/2 Executable (generic) (2029/13)
15.9% (.EXE) Generic Win/DOS Executable (2002/3)
15.9% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543 signed

Code Signing Certificate

Organisation:IP Shusharin Matvei Anatolievich
Issuer:GlobalSign GCC R45 EV CodeSigning CA 2020
Algorithm:sha256WithRSAEncryption
Valid from:2026-03-12T14:28:18Z
Valid to:2027-03-13T14:28:18Z
Serial number: 4929de367c94eb3414b5797d
Thumbprint Algorithm:SHA256
Thumbprint: 756f1461bdadf7fed42d7b2c7f688eb44e9e9999b1c7472a68452f7ef0604a81
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
Bitsight
url: http://158.94.208.7/files/8749876778/sK5aAVe.exe

Intelligence

File Origin
# of uploads :
13
# of downloads :
167
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2026-03-14 22:40:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ca93e264-591a-4615-a32f-addc84ae67b9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/57485/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b5e39293b644ca466a1e8a
Tags:
downloader shellcode dropper
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm packed signed
Link:
https://www.filescan.io/uploads/69b5e38f2000fc76c3ddfa60/reports/33b3ceb8-cb3d-4731-8766-652618eae013/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/5175ae4c75a8e1d10decb0a787d31784a986cafe5e4a24d3aa0eb7e7748f916f
Result
Gathering data
Verdict:
Malicious
File Type:
exe x64
Link:
https://opentip.kaspersky.com/5175ae4c75a8e1d10decb0a787d31784a986cafe5e4a24d3aa0eb7e7748f916f/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/eab7c6c7-bdd1-4876-ac76-f0660fb7d4e0
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/5175ae4c75a8e1d10decb0a787d31784a986cafe5e4a24d3aa0eb7e7748f916f
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5175ae4c75a8e1d10decb0a787d31784a986cafe5e4a24d3aa0eb7e7748f916f/
Verdict:
Malicious
Threat:
DangerousObject.Multi
Link:
https://tip.neiki.dev/file/5175ae4c75a8e1d10decb0a787d31784a986cafe5e4a24d3aa0eb7e7748f916f
Threat name:
Win64.Malware.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-03-13 21:43:13 UTC
File Type:
PE+ (Exe)
Extracted files:
3
AV detection:
1 of 36 (2.78%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kf224tdvvdq5cdpmwctypuyxqsuynsx6lzfcju5kb236o5epsfxq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260314-2k1nrshs4k/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
5175ae4c75a8e1d10decb0a787d31784a986cafe5e4a24d3aa0eb7e7748f916f
MD5 hash:
19155aba12e6874622c5691aaa6fe8fe
SHA1 hash:
10cbede4ec4039523e7c64bb02874d6cc8550875
Link:
https://www.unpac.me/results/09d38709-4cf4-4666-a093-100abe07908f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5175ae4c75a8e1d10decb0a787d31784a986cafe5e4a24d3aa0eb7e7748f916f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5175ae4c75a8e1d10decb0a787d31784a986cafe5e4a24d3aa0eb7e7748f916f

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3796384/
Cape
Cape
https://www.capesandbox.com/analysis/57485/

Comments