MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 5adec34dbd4c68769ffa5abdb7c0424b5cdf56a4f925e8b87c53cf4a5294afe6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 16
| SHA256 hash: | 5adec34dbd4c68769ffa5abdb7c0424b5cdf56a4f925e8b87c53cf4a5294afe6 |
|---|---|
| SHA3-384 hash: | c2fcb4ef3522046ff55567d3f6a7fc127ba61e9443d72c08ea2e9c98f108a8b3562f846f6e3221c119b14e8aefe072f8 |
| SHA1 hash: | 67020f2f8e494bb2a56807e4a3354120b4077b8a |
| MD5 hash: | f52f583c314702bbfe3b7d804469351c |
| humanhash: | uncle-yankee-yellow-charlie |
| File name: | file |
| Download: | download sample |
| File size: | 2'955'948 bytes |
| First seen: | 2025-11-12 17:27:44 UTC |
| Last seen: | Never |
| File type: | |
| MIME type: | application/x-dosexec |
| imphash | f6baa5eaa8231d4fe8e922a2e6d240ea (61 x CoinMiner, 22 x DCRat, 15 x LummaStealer) |
| ssdeep | 49152:IgwRV8UhSoTsnfN9kA0K6zocCchjZcKCKPcYfhVT9Zns80Yoh7M17+PmOv4O3nu4:IgwRV8U6ffr6cCjdCwcyVbnxXoh7OSmw |
| Threatray | 14 similar samples on MalwareBazaar |
| TLSH | T195D5335377A900F4D6F316B0206653AA5D7F9FE12B2606D712883B0B5EF18C7923739A |
| TrID | 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 24.6% (.EXE) Win64 Executable (generic) (10522/11/4) 11.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 10.5% (.EXE) Win32 Executable (generic) (4504/4/1) 4.7% (.EXE) OS/2 Executable (generic) (2029/13) |
| Magika | pebin |
| Reporter | |
| Tags: | dropped-by-amadey exe fbf543 |
Intelligence
File Origin
# of uploads :
1
# of downloads :
119
Origin country :
USVendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
5adec34dbd4c68769ffa5abdb7c0424b5cdf56a4f925e8b87c53cf4a5294afe6.bin.exe
Verdict:
Malicious activity
Analysis date:
2025-11-12 17:28:08 UTC
Tags:
n/a
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Verdict:
Malicious
Score:
92.5%
Tags:
shell spawn sage
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a custom TCP request
Moving a file to the %temp% subdirectory
Creating a process from a recently created file
Creating a file in the Program Files subdirectories
Launching cmd.exe command interpreter
Creating a service
Launching a service
Сreating synchronization primitives
Creating a file
Moving a recently created file
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Enabling autorun for a service
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
adaptive-context fingerprint installer installer keylogger microsoft_visual_cc overlay overlay ransomware
Verdict:
Malicious
Labled as:
Win/grayware_confidence_60%
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-11-12T14:33:00Z UTC
Last seen:
2025-11-14T00:52:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Ransom.Win32.Generic HEUR:Trojan.PowerShell.Generic HEUR:HackTool.Win64.NoDefender.a HEUR:HackTool.PowerShell.InvokeObfuscation.gen Trojan.PowerShell.Kriptik.sba BSS:HackTool.Win32.Yzon.a Trojan.PowerShell.Cobalt.sb
Verdict:
Malicious
Score:
71%
Verdict:
Malware
File Type:
PE
Verdict:
Malware
YARA:
5 match(es)
Tags:
DeObfuscated Executable PE (Portable Executable) PE File Layout PowerShell SFX 7z Win 32 Exe x86
Verdict:
Malicious
Threat:
HackTool.PowerShell.Yzon
Threat name:
Win32.Ransomware.Pay2Key
Status:
Suspicious
First seen:
2025-11-12 17:28:09 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
12 of 23 (52.17%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
hacktool_defendernot
Similar samples:
+ 4 additional samples on MalwareBazaar
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Unpacked files
SH256 hash:
5adec34dbd4c68769ffa5abdb7c0424b5cdf56a4f925e8b87c53cf4a5294afe6
MD5 hash:
f52f583c314702bbfe3b7d804469351c
SHA1 hash:
67020f2f8e494bb2a56807e4a3354120b4077b8a
SH256 hash:
317f8866f1b5b832a70881662fe82ab2213e7f807f3ebad4f8f9f0092a2db1e1
MD5 hash:
3a7b536656264d2c98ea8fe1f232136e
SHA1 hash:
a4b6829550f91d88dcd13de393ab0e3530ed7639
SH256 hash:
b6301160d2cceb9df1bb2d0548d65c31ecc38b694fa5efe67899935f19870fce
MD5 hash:
46857dedd8ea45006ec3ebff24739f8b
SHA1 hash:
47bd7d9f2eb13d178327769b964043887258390e
SH256 hash:
f457b1cb1b146ab07117e34dc50881ef787946a0311467d82469fdaa3e54884c
MD5 hash:
52b7073101ce2f83c85ed698f1ee0445
SHA1 hash:
cd2f016c79de7d4bf20d1366cc9483b610b4ffc2
Malware family:
Mimic
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 5adec34dbd4c68769ffa5abdb7c0424b5cdf56a4f925e8b87c53cf4a5294afe6
(this sample)
Dropped by
Amadey
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.