MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61b0d52f5ee167f2a4ffd48fecc5b180da185ab6baca46d73404c91a89b19a0c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 6 File information Comments

SHA256 hash: 61b0d52f5ee167f2a4ffd48fecc5b180da185ab6baca46d73404c91a89b19a0c
SHA3-384 hash: d104eca535d12b33c7f38a4e00c403bd312f76634e822e409b6edfb2d1d8c4327b34ed4b2838f535d40ac9ff5ee8f750
SHA1 hash: c8f5c3e19c9ce20078f0e324049b86ab6939f0a4
MD5 hash: 0d93b8fbd3cbc240f2d28f518a4b6b3c
humanhash: alabama-blue-south-fourteen
File name:SecuriteInfo.com.W32.Agent.I.gen.Eldorado.23960.20699
Download: download sample
File size:318'915 bytes
First seen:2026-07-12 10:27:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 23 x Blackmoon)
ssdeep 6144:Yav/MCenFROjyKddpkyknuPwL9C2uVVL2AyUtjjd+LV/d+nq3BZ:nNenzInddKuPwLDuRyUxjdCxknq
TLSH T1F2642351D5886C07F94168B6186B4E609332F6FC661FE736181DCCAD7C6126BFC02A9A
Magika pebin
dhash icon 663ad34d7cbc642c
Reporter SecuriteInfoCom
Tags:exe

Intelligence


File Origin
# of uploads :
1
# of downloads :
167
Origin country :
FR FR
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
exe
Verdict:
No threats detected
Analysis date:
2026-07-12 10:31:03 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
99.1%
Tags:
imestartup gamethief virus encpk
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Creating a file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
installer-heuristic overlay packed packed winupack
Verdict:
Unknown
File Type:
exe x32
First seen:
2026-06-25T14:47:00Z UTC
Last seen:
2026-07-12T10:22:00Z UTC
Hits:
~10
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Behaviour
Suspicious use of SetWindowsHookEx
System Location Discovery: System Language Discovery
Unpacked files
SH256 hash:
61b0d52f5ee167f2a4ffd48fecc5b180da185ab6baca46d73404c91a89b19a0c
MD5 hash:
0d93b8fbd3cbc240f2d28f518a4b6b3c
SHA1 hash:
c8f5c3e19c9ce20078f0e324049b86ab6939f0a4
SH256 hash:
166b3ddd4ffa10e2f7b6dadf8bf6cfc438e331fb755782b95089f8b0d2ee2e05
MD5 hash:
daa876f27f867600fc051d9a7a33a404
SHA1 hash:
aae33ade4a535d0c8b0b1698340b7affa2972f15
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_PEs
Author:txc
Description:This rule detected suspicious PE files, based on high entropy and low amount of imported DLLs. This behaviour indicates packed files or files, that hide their true intention.
Rule name:TeslaCryptPackedMalware
Rule name:Upackv029Betav031BetaDwing
Author:malware-lu
Rule name:Upackv031betaDwing
Author:malware-lu
Rule name:VECT_Ransomware
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
Rule name:WinUpackv030betaByDwing
Author:malware-lu

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments