MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f64d5c44db38abc103bea9cd463e4c79681fd874c7f21e4ff9d0533025260cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments

SHA256 hash: 5f64d5c44db38abc103bea9cd463e4c79681fd874c7f21e4ff9d0533025260cf
SHA3-384 hash: b76c5a94e60a8cdecd6ee61017d653b51f937eb3afb9992e50e4ea41ced3cbef58943d6f04ad14841897c7932fae7acb
SHA1 hash: 00e392b548cf803ff0623feee5ca302ec0c60983
MD5 hash: 2261b60a4cf9b940c080823e6f5ac1cc
humanhash: twelve-sixteen-nine-papa
File name:2261b60a4cf9b940c080823e6f5ac1cc.exe
Download: download sample
File size:38'053'376 bytes
First seen:2026-07-02 08:11:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d42595b695fc008ef2c56aabd8efd68e (606 x Vidar, 149 x RemusStealer, 102 x Stealc)
ssdeep 196608:D53tARYufBcljTdVdrYz0eD1I5PGJSpA0EJ4m9ce2VDDuu/qjy6:D53tAKlj5c7u9OgA0EJ4m9cJdCb
TLSH T18F873B47F8E11D94C4EA8574D169416BFA723C2D1B3C23DB16A0F7201F3A7E0AAB6B51
TrID 33.1% (.EXE) Win64 Executable (generic) (6522/11/2)
25.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.4% (.ICL) Windows Icons Library (generic) (2059/9)
10.3% (.EXE) OS/2 Executable (generic) (2029/13)
10.1% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter abuse_ch
Tags:exe

Intelligence


File Origin
# of uploads :
1
# of downloads :
147
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
e3bca9e2-e647-41ec-8257-684952b367d0
Verdict:
No threats detected
Analysis date:
2026-07-02 08:13:43 UTC
Tags:
ransomware

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
90.2%
Tags:
virus
Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Connection attempt
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm crypto golang obfuscated
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
60 / 100
Signature
Hides threads from debuggers
Installs new ROOT certificates
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Gathering data
Threat name:
Win64.Malware.Heuristic
Status:
Malicious
First seen:
2026-06-17 00:58:01 UTC
File Type:
PE+ (Exe)
AV detection:
11 of 36 (30.56%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
defense_evasion spyware trojan
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Modifies trusted root certificate store through registry
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments